Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware


  • This topic is locked This topic is locked
37 replies to this topic

#1 18.5

18.5

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 23 February 2015 - 10:00 AM

Would really appreciate anyone who could help me with my computer. It appears to have some kind of malware on it. I am getting unwanted ads and can't access downloads where they are sent to default download paths. Some items added to desktop are not appearing either.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 28 February 2015 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568039 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:00 AM

Posted 01 March 2015 - 08:33 PM

Greetings 18.5 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Rkill log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 18.5

18.5
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 02 March 2015 - 03:46 AM

Hi Gary

 

Thanks for your response.Before we begin I have follow some of  steps, in the bot response before you have had a chance to respond. Namely I have downloaded FRST. In the instructions for the same, one of the later step, asked for the program to be removed, after it had been ran. I have ran the program as instructed and have a log. I can post a copy of same if you think it will be a useful addition at this point. Should I remove this program before proceeding.

 

Thanks

 

Jeremy



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:00 AM

Posted 02 March 2015 - 10:22 AM

Hi Jeremy,

If you were able to successfully run FRST and have FRST.txt and Addition.txt please copy and paste that information in your reply. There is no need to run Rkill.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 18.5

18.5
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 03 March 2015 - 09:43 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01

Ran by Jeremy (administrator) on JEREMY-PC on 28-02-2015 18:38:54

Running from C:\Windows\SysWOW64\config\systemprofile\Downloads

Loaded Profiles: Jeremy (Available profiles: Jeremy)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

() C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe

() C:\Program Files (x86)\Broadband to Go\Broadband to Go\LoggerServer.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe

(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe

() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TorchMedia Inc.) C:\Users\Jeremy\AppData\Local\Torch\Update\TorchCrashHandler.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Windows\SysWOW64\config\systemprofile\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2012-04-27] (Alcor Micro Corp.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-17] (Synaptics Incorporated)

HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-04-17] (Synaptics)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-06] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-06] (Lenovo(beijing) Limited)

HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-06] (Lenovo)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)

HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)

HKLM-x32\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-06] (Lenovo)

HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)

HKLM-x32\...\Run: [MFARestart] => "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-21] (RealNetworks, Inc.)

HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-06] (Google Inc.)

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Run: [SugarSync] => C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11241824 2014-01-24] (SugarSync, Inc.)

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Run: [uTorrent] => C:\Windows\SysWOW64\config\systemprofile\Downloads\uTorrent (5).exe [1742416 2015-02-23] (BitTorrent Inc.)

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Run: [Spotify] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Spotify\Spotify.exe [6553144 2015-01-12] (Spotify Ltd)

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Run: [Spotify Web Helper] => C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2015-01-12] (Spotify Ltd)

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\MountPoints2: {213753fa-fea1-11e2-8bfb-3c970e0e1599} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\MountPoints2: {48af7051-c725-11e1-bf10-806e6f6e6963} - H:\Setup\rsrc\Autorun.exe

HKU\S-1-5-18\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-06] (Google Inc.)

HKU\S-1-5-18\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION

HKU\S-1-5-18\...\MountPoints2: {213753fa-fea1-11e2-8bfb-3c970e0e1599} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-18\...\MountPoints2: {48af7051-c725-11e1-bf10-806e6f6e6963} - H:\Setup\rsrc\Autorun.exe

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk

ShortcutTarget: Update Agent.lnk -> C:\Program Files (x86)\Broadband to Go\Broadband to Go\AutoUpdateSrv.exe (No File)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [S-1-5-21-196541456-3721787801-3454904004-1000] => Internet Explorer proxy is enabled.

ProxyServer: [S-1-5-21-196541456-3721787801-3454904004-1000] => 127.0.0.1:8118

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}

HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}

URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=n12521-394&apn_uid=8616228275304749&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {6A07AF93-AA8B-43AB-B380-BCA8B88CFACD} URL =

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=n12521-394&apn_uid=8616228275304749&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} URL =

SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}

SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}

SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> {6A07AF93-AA8B-43AB-B380-BCA8B88CFACD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN42441416631403270&UM=2

SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enIE497IE497

SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=n12521-394&apn_uid=8616228275304749&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}

BHO: Complitly -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Users\Jeremy\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)

BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Complitly -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Users\Jeremy\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\.DEFAULT -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File

Toolbar: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5

Tcpip\..\Interfaces\{0591EB19-FD27-4C0C-9289-721FE2D888FA}: [NameServer] 212.129.64.220 212.129.64.221

Tcpip\..\Interfaces\{6FABA535-5684-4173-8F28-04776224E231}: [NameServer] 212.129.64.220 212.129.64.221

Tcpip\..\Interfaces\{89FC917E-DC4C-47FF-A292-F9D94DF0B217}: [NameServer] 212.129.64.220 212.129.64.221

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\2dcd6e0fb051f26f9938d7639b4a9e7f [2015-02-23]

FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks

FF Extension: Smiley Bar for Facebook - C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012-10-27]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-21]

FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKU\.DEFAULT\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

 

Chrome:

=======

CHR HKU\S-1-5-21-196541456-3721787801-3454904004-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Windows\system32\config\systemprofile\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Jeremy\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx [2013-06-12]

CHR HKLM-x32\...\Chrome\Extension: [amhlacfinnaffmhfohbpecabbjfhkdji] - C:\Users\Jeremy\AppData\Local\CRE\amhlacfinnaffmhfohbpecabbjfhkdji.crx [2012-09-20]

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx [2012-10-11]

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jeremy\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14]

CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Jeremy\AppData\Roaming\StatusWinks\statuswinks.crx [2012-10-11]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Jeremy\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-07-16]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Windows\system32\config\systemprofile\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [ocdhchaiidkibciecalpjjoaeajfcfge] - C:\ProgramData\SaveAs\ocdhchaiidkibciecalpjjoaeajfcfge.crx [Not Found]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-10-28] (Atheros Commnucations) [File not signed]

R2 BecHelperService; C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe [1850768 2011-07-08] ()

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)

R2 HPSLPSVC; C:\Users\Jeremy\AppData\Local\Temp\7zS0B21\hpslpsvc64.dll [1039360 2012-08-27] (Hewlett-Packard Co.) [File not signed]

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

S2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-02-23] (AV Security Software) [File not signed]

S3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)

R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)

R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)

S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)

S2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2009-06-15] (National Instruments Corporation)

R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)

S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2009-06-23] (Macrovision Corporation) [File not signed]

R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [740968 2009-06-23] (National Instruments Corporation)

S3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [98304 2009-06-03] (OPC Foundation) [File not signed]

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-02-23] (The Privoxy team - www.privoxy.org) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)

S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)

R2 TorchCrashHandler; C:\Users\Jeremy\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205088 2013-07-10] (TorchMedia Inc.) [File not signed] <==== ATTENTION

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros) [File not signed]

S2 ffdshow manager; C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [X]

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

S2 SafetyNutManager; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-11] (Lenovo)

S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)

R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc1.cfg [36224 2014-04-27] (SafetyNut Inc)

R0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [27256 2013-09-14] (Symantec Corporation)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)

R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-04-17] (Synaptics Incorporated)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3532160 2011-10-11] (Sonix Technology Co., Ltd.)

S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()

R1 {b8a90375-3b37-4954-86de-f96c458c4ce2}Gw64; C:\Windows\System32\drivers\{b8a90375-3b37-4954-86de-f96c458c4ce2}Gw64.sys [61120 2014-04-24] (StdLib)

S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]

U3 BcmSqlStartupSvc; No ImagePath

U2 CLKMSVC10_3A60B698; No ImagePath

U2 CLKMSVC10_C3B3B687; No ImagePath

U2 DriverService; No ImagePath

U2 iATAgentService; No ImagePath

U2 idealife Update Service; No ImagePath

U3 IGRS; No ImagePath

U2 IviRegMgr; No ImagePath

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

U2 nvUpdatusService; No ImagePath

U2 Oasis2Service; No ImagePath

U2 PCCarerService; No ImagePath

U2 ReadyComm.DirectRouter; No ImagePath

U2 RichVideo; No ImagePath

U2 RtLedService; No ImagePath

U2 SeaPort; No ImagePath

U2 SoftwareService; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-28 08:15 - 2015-02-28 18:24 - 00003426 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task

2015-02-25 19:15 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2015-02-25 19:15 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2015-02-25 19:15 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2015-02-25 19:15 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

2015-02-25 13:00 - 2015-01-08 23:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls

2015-02-25 13:00 - 2015-01-08 23:43 - 00419936 _____ () C:\Windows\system32\locale.nls

2015-02-23 16:12 - 2015-02-27 16:12 - 00003282 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task

2015-02-23 16:11 - 2015-02-23 16:12 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web

2015-02-23 16:11 - 2015-02-23 16:11 - 00239104 _____ (AV Security Software) C:\Windows\mlwps.exe

2015-02-23 16:11 - 2015-02-23 16:11 - 00003202 _____ () C:\Windows\System32\Tasks\mcleaner

2015-02-23 11:23 - 2015-02-23 11:23 - 00000000 ____D () C:\Users\TEMP\AppData\Local\{A0C113C6-3188-49FB-96A5-E0E989A97ECE}

2015-02-23 11:18 - 2015-02-23 11:18 - 00000000 ____D () C:\Users\TEMP\AppData\Local\{72B301E9-1FDF-4609-9D90-5DB9290424F1}

2015-02-20 15:21 - 2015-02-23 16:12 - 00021984 _____ () C:\Users\Jeremy\Companies.xlsx

2015-02-17 15:55 - 2015-02-17 15:55 - 00277691 _____ () C:\Users\Jeremy\Downloads\download.htm

2015-02-15 21:13 - 2015-02-15 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker

2015-02-12 09:12 - 2015-01-23 04:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-02-12 09:12 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-12 09:12 - 2015-01-23 03:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-02-12 09:12 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-02-11 11:09 - 2015-02-04 03:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-02-11 11:09 - 2015-02-04 03:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-02-11 11:09 - 2015-02-04 03:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-02-11 11:09 - 2015-02-04 03:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-02-11 11:09 - 2015-02-04 03:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-02-11 11:09 - 2015-02-04 03:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-02-11 11:09 - 2015-02-04 03:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-02-11 11:09 - 2015-01-27 23:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2015-02-11 11:08 - 2015-01-14 05:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-11 11:08 - 2015-01-14 05:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-02-11 11:08 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-11 11:08 - 2015-01-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-11 11:08 - 2015-01-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-02-11 11:08 - 2015-01-12 02:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-11 11:08 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-11 11:08 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-11 11:08 - 2015-01-12 02:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-02-11 11:08 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-11 11:08 - 2015-01-12 02:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-11 11:08 - 2015-01-12 02:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-11 11:08 - 2015-01-12 02:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-11 11:08 - 2015-01-12 02:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-11 11:08 - 2015-01-12 02:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-02-11 11:08 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-02-11 11:08 - 2015-01-12 02:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-11 11:08 - 2015-01-12 02:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-02-11 11:08 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-11 11:08 - 2015-01-12 02:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-11 11:08 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-02-11 11:08 - 2015-01-12 02:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-02-11 11:08 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-11 11:08 - 2015-01-12 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-02-11 11:08 - 2015-01-12 02:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-02-11 11:08 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-11 11:08 - 2015-01-12 02:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-11 11:08 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-02-11 11:08 - 2015-01-12 02:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-02-11 11:08 - 2015-01-12 01:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-02-11 11:08 - 2015-01-12 01:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-02-11 11:08 - 2015-01-12 01:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-02-11 11:08 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-11 11:08 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-11 11:08 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-11 11:08 - 2015-01-12 01:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-02-11 11:08 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-02-11 11:08 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-11 11:08 - 2015-01-12 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-02-11 11:08 - 2015-01-12 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-02-11 11:08 - 2015-01-12 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-02-11 11:08 - 2015-01-12 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-02-11 11:08 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-11 11:08 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-02-11 11:08 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-02-11 11:08 - 2015-01-12 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-02-11 11:08 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-02-11 11:08 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-11 11:08 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-11 11:08 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-02-11 11:08 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-02-11 11:08 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-02-11 11:08 - 2015-01-10 06:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-02-11 11:08 - 2015-01-10 06:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-02-11 11:08 - 2015-01-10 06:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-02-11 11:08 - 2015-01-10 06:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-02-11 11:08 - 2015-01-10 06:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-02-11 11:08 - 2015-01-10 06:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-02-11 11:08 - 2015-01-10 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-02-11 11:08 - 2015-01-10 06:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-02-11 11:08 - 2015-01-10 06:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-02-11 11:08 - 2015-01-10 06:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-02-11 11:08 - 2015-01-10 06:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-02-11 11:08 - 2015-01-10 06:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-02-11 11:08 - 2015-01-10 06:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-02-11 11:08 - 2015-01-10 06:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-02-11 11:06 - 2015-01-15 08:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-02-11 11:06 - 2015-01-15 08:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-11 11:06 - 2015-01-15 08:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-02-11 11:06 - 2015-01-15 08:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-02-11 11:06 - 2015-01-15 08:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-02-11 11:06 - 2015-01-15 08:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-02-11 11:06 - 2015-01-15 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-02-11 11:06 - 2015-01-15 08:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-02-11 11:06 - 2015-01-15 08:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-02-11 11:06 - 2015-01-15 08:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-02-11 11:06 - 2015-01-15 08:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-02-11 11:06 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-02-11 11:06 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-02-11 11:06 - 2015-01-15 07:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-02-11 11:06 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-02-11 11:06 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-02-11 11:06 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-02-11 11:06 - 2015-01-15 04:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-02-11 11:06 - 2015-01-14 06:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-11 11:06 - 2015-01-14 06:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-02-11 11:06 - 2015-01-14 06:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-02-11 11:06 - 2015-01-14 06:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-02-11 11:06 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-11 11:06 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-11 11:06 - 2015-01-14 05:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-02-11 11:06 - 2015-01-13 03:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-11 11:06 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-11 11:06 - 2014-12-12 05:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-02-11 11:06 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-02-11 11:06 - 2014-12-08 03:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-11 11:06 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2015-02-11 11:06 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-11 11:06 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2015-02-11 11:06 - 2014-10-04 02:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-02-11 11:06 - 2014-10-04 01:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2015-02-11 11:06 - 2014-10-04 01:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2015-02-11 11:05 - 2015-01-09 02:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-06 16:41 - 2015-02-06 21:09 - 00026271 _____ () C:\Users\Jeremy\Avant2.xlsx

2015-02-06 14:43 - 2015-02-06 16:35 - 00015520 _____ () C:\Users\Jeremy\Avant.xlsx

2015-02-06 13:03 - 2015-02-06 13:03 - 00003296 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update

2015-02-06 12:52 - 2015-02-06 12:52 - 00619421 _____ () C:\Users\Jeremy\Documents\Photos - Google+.html

2015-02-06 12:52 - 2015-02-06 12:52 - 00000000 ____D () C:\Users\Jeremy\Documents\Photos - Google+_files

2015-02-05 13:30 - 2015-02-05 13:41 - 00014811 _____ () C:\Users\Jeremy\Payment plan.xlsx

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-28 18:38 - 2013-09-17 12:58 - 00000000 ____D () C:\FRST

2015-02-28 18:37 - 2012-07-06 04:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-28 18:24 - 2014-11-20 11:09 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-196541456-3721787801-3454904004-1000

2015-02-28 18:24 - 2014-11-18 19:01 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-196541456-3721787801-3454904004-1000

2015-02-28 18:24 - 2013-09-04 11:11 - 00000000 ____D () C:\Users\TEMP\AppData\Local\HTC MediaHub

2015-02-28 18:24 - 2013-06-08 12:46 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2015-02-28 18:24 - 2013-06-03 20:23 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2015-02-28 18:24 - 2013-01-25 21:43 - 00000000 ____D () C:\Temp

2015-02-28 18:24 - 2012-08-15 03:40 - 06967278 _____ () C:\FaceProv.log

2015-02-28 18:24 - 2012-07-06 04:57 - 01700282 _____ () C:\Windows\system32\fastboot.set

2015-02-28 18:24 - 2012-07-06 04:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-28 18:24 - 2012-07-06 04:42 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2015-02-28 18:11 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-28 18:11 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-28 18:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing

2015-02-28 18:04 - 2013-07-16 11:34 - 00000000 ____D () C:\ProgramData\TorchCrashHandler

2015-02-28 18:04 - 2013-01-31 16:35 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2015-02-28 18:04 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-28 18:04 - 2009-07-14 04:51 - 00191038 _____ () C:\Windows\setupact.log

2015-02-28 09:23 - 2012-07-06 04:29 - 01360873 _____ () C:\Windows\WindowsUpdate.log

2015-02-27 15:15 - 2012-07-06 04:42 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2015-02-27 11:24 - 2013-11-09 12:05 - 00032340 _____ () C:\Users\Jeremy\Spread sheet.xlsx

2015-02-27 07:52 - 2012-07-06 04:55 - 00000000 ____D () C:\ProgramData\VeriFace

2015-02-24 21:12 - 2014-06-09 00:09 - 00003832 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1375186840

2015-02-24 21:12 - 2012-09-02 21:45 - 00000000 ____D () C:\Program Files (x86)\Opera

2015-02-24 06:37 - 2012-07-06 04:55 - 00000000 ____D () C:\Program Files (x86)\Google

2015-02-23 16:12 - 2013-09-04 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-19 13:11 - 2013-03-07 23:38 - 00207360 ___SH () C:\Users\Jeremy\Thumbs.db

2015-02-18 01:43 - 2014-06-30 21:47 - 00000000 ____D () C:\ProgramData\SafetyNut

2015-02-16 15:07 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache

2015-02-15 21:13 - 2013-07-15 18:42 - 00001537 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk

2015-02-15 21:13 - 2009-07-14 05:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-02-11 21:05 - 2009-07-14 04:45 - 00332280 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-11 21:03 - 2014-12-11 13:31 - 00000000 ____D () C:\Windows\system32\appraiser

2015-02-11 21:03 - 2014-05-07 05:56 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-11 12:20 - 2012-09-02 15:17 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-11 12:18 - 2013-08-15 16:25 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-11 12:11 - 2012-09-19 07:16 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-02-06 21:14 - 2014-01-08 07:23 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\SoftGrid Client

2015-02-06 13:03 - 2015-01-21 19:26 - 00003488 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update

2015-02-06 10:32 - 2012-07-06 04:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-06 10:32 - 2012-07-06 04:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-05 19:17 - 2014-01-09 17:10 - 00000000 ____D () C:\Users\Default\AppData\Local\HTC MediaHub

2015-02-05 19:17 - 2014-01-09 17:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\HTC MediaHub

2015-02-05 19:13 - 2009-07-14 05:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

 

Some content of TEMP:

====================

C:\Users\Jeremy\AppData\Local\Temp\avguidx.dll

C:\Users\Jeremy\AppData\Local\Temp\CommonInstaller.exe

C:\Users\Jeremy\AppData\Local\Temp\DataCard_Setup64.exe

C:\Users\Jeremy\AppData\Local\Temp\htmlayout.dll

C:\Users\Jeremy\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe

C:\Users\Jeremy\AppData\Local\Temp\install_reader11_en_mssa_aih.exe

C:\Users\Jeremy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Jeremy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Jeremy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Jeremy\AppData\Local\Temp\lowproc.exe

C:\Users\Jeremy\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Jeremy\AppData\Local\Temp\oi_{1F1053DD-7AAC-4341-B912-507594073F76}.exe

C:\Users\Jeremy\AppData\Local\Temp\ose00000.exe

C:\Users\Jeremy\AppData\Local\Temp\ResetDevice.exe

C:\Users\Jeremy\AppData\Local\Temp\SIInvoker.exe

C:\Users\Jeremy\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Jeremy\AppData\Local\Temp\stubhelper.dll

C:\Users\Jeremy\AppData\Local\Temp\tbedrs.dll

C:\Users\Jeremy\AppData\Local\Temp\tmp3iRqdJaX32.dll

C:\Users\Jeremy\AppData\Local\Temp\tmp7GMP1zUcdC.dll

C:\Users\Jeremy\AppData\Local\Temp\tmpfkGBJ7b0hB.dll

C:\Users\Jeremy\AppData\Local\Temp\tmpFUMEI1OyaG.dll

C:\Users\Jeremy\AppData\Local\Temp\tmpkobMGkAiB9.dll

C:\Users\Jeremy\AppData\Local\Temp\tmpOKYRcSQMcy.dll

C:\Users\Jeremy\AppData\Local\Temp\tmpRV2v957zpZ.dll

C:\Users\Jeremy\AppData\Local\Temp\tmpuyf2R5nobm.dll

C:\Users\Jeremy\AppData\Local\Temp\tmpycDWm9e1fx.dll

C:\Users\Jeremy\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\Jeremy\AppData\Local\Temp\uninst1.exe

C:\Users\Jeremy\AppData\Local\Temp\utt1676.tmp.exe

C:\Users\Jeremy\AppData\Local\Temp\utt1944.tmp.exe

C:\Users\TEMP\AppData\Local\Temp\Runner.exe

C:\Users\TEMP\AppData\Local\Temp\SkypeSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-23 18:50

 

==================== End Of Log ============================



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:00 AM

Posted 03 March 2015 - 12:47 PM

Thank you for the information. Please rerun FRST and make sure to place a check mark in Addition.txt. Copy and paste only the Addition.txt report in your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 18.5

18.5
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 03 March 2015 - 12:58 PM

Okay I have ran this again, this time checking addition.txt

Results Below


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Jeremy at 2015-03-03 17:51:21
Running from C:\Windows\SysWOW64\config\systemprofile\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\uTorrent) (Version: 3.4.2.38758 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Word to Pdf Converter Free 5.0 (HKLM-x32\...\Advanced Word to Pdf Converter Free_is1) (Version:  - Officeconvert Software, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.7.42.71192 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.7.42.71192 - Alcor Micro Corp.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.103 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Bomber Mario (HKLM-x32\...\Bomber Mario_is1) (Version: 1.0 - Media Contact LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadband to Go (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 1.0.0 - Broadband to Go)
Browser Tab Search by Ask for Internet Explorer (HKLM-x32\...\Browser Tab Search by Ask_IE) (Version: 3.0.0.0.242 - IAC Search and Media) <==== ATTENTION
Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version:  - )
Complitly (HKLM-x32\...\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1) (Version:  - Complitly) <==== ATTENTION
Convert DOC to PDF For Word 3.50 (HKLM-x32\...\Convert DOC to PDF For Word_is1) (Version:  - 8848Soft, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
ffdshow manager (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - )
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free PS Convert driver 8.15 (HKLM-x32\...\Free PS Convert driver_is1) (Version:  - )
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.3276 - Bandoo Media Inc) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\{CDF13D74-E6AA-4006-818A-B360D6A3573C}) (Version: 1.0.1 - Wistron Corp.)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.56007.2 - Sonix)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft MSDN 2005 Express Edition - ENU (HKLM-x32\...\Microsoft MSDN 2005 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Basic 2005 Express Edition - ENU (HKLM-x32\...\Microsoft Visual Basic 2005 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747) (HKLM-x32\...\KB926747.T2_17ToU291_17) (Version: 1 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu (HKLM\...\{B6901D72-1BF0-30FB-B9BC-B6DC1266E0F4}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI Assistant Framework (x32 Version: 6.5.191.0 - National Instruments) Hidden
NI Assistant Framework 64-bit (Version: 6.5.62.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW 2009 Support (x32 Version: 6.5.112.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2009 (x32 Version: 6.5.121.0 - National Instruments) Hidden
NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden
NI DataSocket 4.7.0 (64-bit) (Version: 4.7.39.0 - National Instruments) Hidden
NI DataSocket 4.7.0 (x32 Version: 4.7.82.0 - National Instruments) Hidden
NI Distributed System Manager 2009 (x32 Version: 9.0.146.0 - National Instruments) Hidden
NI EULA Depot (x32 Version: 2.70.346 - National Instruments) Hidden
NI Example Finder 9.0 (x32 Version: 9.0.136.0 - National Instruments) Hidden
NI Help Assistant (64bit) (Version: 1.0.10 - National Instruments) Hidden
NI Help Assistant (x32 Version: 1.0.10 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 9.0 32 (x32 Version: 1.0.49.0 - National Instruments) Hidden
NI LabVIEW 2009 (x32 Version: 9.0.258.0 - National Instruments) Hidden
NI LabVIEW 2009 Applibs (x32 Version: 9.0.261.0 - National Instruments) Hidden
NI LabVIEW 2009 CINtools (x32 Version: 9.0.260.0 - National Instruments) Hidden
NI LabVIEW 2009 Deployment Framework (x32 Version: 9.0.5.0 - National Instruments) Hidden
NI LabVIEW 2009 Examples (x32 Version: 9.0.260.0 - National Instruments) Hidden
NI LabVIEW 2009 gMath (x32 Version: 9.0.255.0 - National Instruments) Hidden
NI LabVIEW 2009 Help (x32 Version: 9.0.255.0 - National Instruments) Hidden
NI LabVIEW 2009 Help File (x32 Version: 9.0.261.0 - National Instruments) Hidden
NI LabVIEW 2009 Instr.lib (x32 Version: 9.0.260.0 - National Instruments) Hidden
NI LabVIEW 2009 License (x32 Version: 9.0.253.0 - National Instruments) Hidden
NI LabVIEW 2009 Manuals (x32 Version: 9.0.254.0 - National Instruments) Hidden
NI LabVIEW 2009 MeasAppChm File (x32 Version: 9.0.259.0 - National Instruments) Hidden
NI LabVIEW 2009 Menus (x32 Version: 9.0.260.0 - National Instruments) Hidden
NI LabVIEW 2009 Project (x32 Version: 9.0.260.0 - National Instruments) Hidden
NI LabVIEW 2009 Web Server (x32 Version: 9.0.180.0 - National Instruments) Hidden
NI LabVIEW Broker (64 bit) (Version: 6.7.21.0 - National Instruments) Hidden
NI LabVIEW Broker (x32 Version: 6.7.21.0 - National Instruments) Hidden
NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden
NI LabVIEW Compare Utility 9.0.0 (x32 Version: 9.0.108.0 - National Instruments) Hidden
NI LabVIEW Deployable License 2009 (x32 Version: 9.0.253.0 - National Instruments) Hidden
NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden
NI LabVIEW Merge Utility 9.0.0 (x32 Version: 9.0.148.0 - National Instruments) Hidden
NI LabVIEW Real-Time Error Dialog (x32 Version: 8.5.294.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.2.74.0 - National Instruments) Hidden
NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.221.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.266.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.22.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Web Services (x32 Version: 9.0.197.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0 - National Instruments) Hidden
NI LabVIEW Web Services Runtime (x32 Version: 9.0.176.0 - National Instruments) Hidden
NI LabWindows/CVI 9.0 Run-Time Engine (x32 Version: 9.0.0355 - National Instruments) Hidden
NI LabWindows/CVI Code Generator (x32 Version: 9.0.1376 - National Instruments) Hidden
NI LabWindows/CVI DLL Builder for LabVIEW (x32 Version: 9.0.1376 - National Instruments) Hidden
NI License Manager (x32 Version: 3.4.25 - National Instruments) Hidden
NI Logos 5.1 (x32 Version: 5.1.118.0 - National Instruments) Hidden
NI Logos LabVIEW 2009 Support (x32 Version: 9.0.253.0 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.1.66.0 - National Instruments) Hidden
NI Logos64 5.1 (Version: 5.1.71.0 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.1.63.0 - National Instruments) Hidden
NI LVBrokerAux 8.2.1 (x32 Version: 8.2.303.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.28.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) Hidden
NI MAX LabVIEW Support 4.6.0 (x32 Version: 4.60.49153 - National Instruments) Hidden
NI MAX Remote Configuration Installer 4.6 (x32 Version: 4.60.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (Version: 4.60.49153 - National Instruments) Hidden
NI MDF Support (x32 Version: 2.70.346 - National Instruments) Hidden
NI Measurement & Automation Explorer 4.6.0 (x32 Version: 4.60.49153 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
NI MXS 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden
NI MXS 4.6.0 for 64 Bit Windows (Version: 4.60.49152 - National Instruments) Hidden
NI MXS 4.6.0f0 for LabVIEW Real-Time (x32 Version: 4.60.49152 - National Instruments) Hidden
NI OPC Support (x32 Version: 9.0.35.0 - National Instruments) Hidden
NI Portable Configuration 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden
NI Portable Configuration Help for 64 Bit Windows 4.6.0 (Version: 4.60.49152 - National Instruments) Hidden
NI Registration Wizard (x32 Version: 1.2.71 - National Instruments) Hidden
NI Remote Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden
NI Software Provider for MAX 4.6.0 (x32 Version: 4.60.49152 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 9.0.11.0 - National Instruments) Hidden
NI SSL Support (x32 Version: 9.0.5.0 - National Instruments) Hidden
NI System API RT (x32 Version: 1.0.45.0 - National Instruments) Hidden
NI System API Windows 32-bit (x32 Version: 1.0.48.0 - National Instruments) Hidden
NI System API Windows 64-bit (Version: 1.0.41.0 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 9.0.128.0 - National Instruments) Hidden
NI System State Publisher (x32 Version: 9.0.150.0 - National Instruments) Hidden
NI TDM Excel Add-In 2.1 (x32 Version: 2.1.37.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 9.0.128.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 9.0.146.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 2.70.346 - National Instruments) Hidden
NI USI 1.7.0 (x32 Version: 1.7.03805 - National Instruments) Hidden
NI USI 1.7.0 64-Bit (Version: 1.7.03805 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.3.26.0 - National Instruments) Hidden
NI Variable Engine 2.3.0 (x32 Version: 2.3.59.0 - National Instruments) Hidden
NI Variable Engine LabVIEW 2009 Support (x32 Version: 9.0.253.0 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.01.5 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.01.5 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.100 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.100 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.1 (x32 Version: 1.10.46.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.1 64-bit (Version: 1.10.47.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.1 (x32 Version: 2.7.123.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.1 64-bit (Version: 2.7.128.0 - National Instruments) Hidden
NI-DAQmx - LabVIEW shared documentation (x32 Version: 1.50.49152 - National Instruments) Hidden
NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.5.0 (Version: 1.50.49152 - National Instruments) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.4.3 - Reimage) <==== ATTENTION
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.00.0000 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-196541456-3721787801-3454904004-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.3.5500.0 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.97.122348 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.5.3 - Synaptics Incorporated)
TextPad 6 (HKLM-x32\...\{3F04067F-0DA5-4F48-9A89-6FCFD2A9E040}) (Version: 6.2.2 - Helios)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
uTorrentControl_v2 Toolbar (HKLM-x32\...\uTorrentControl_v2 Toolbar) (Version: 6.9.0.16 - uTorrentControl_v2) <==== ATTENTION
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WeatherBug Alert (HKLM-x32\...\{7426428E-71D4-452C-BA13-B14E5EB52859}) (Version: 1.3.0.1 - AWS Convergence Technologies)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (03/11/2013 10.0.0.234) (HKLM\...\9F26BE7C257739D7488254A1B5CBFE820E44E902) (Version: 03/11/2013 10.0.0.234 - Qualcomm Atheros Communications Inc.)
Windows Driver Package - Qualcomm Atheros Communications Inc. Net  (03/11/2013 10.0.0.234) (HKLM\...\99C882A44FD971DC797FE21420A3099DECE89966) (Version: 03/11/2013 10.0.0.234 - Qualcomm Atheros Communications Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-02-2015 19:00:26 Windows Backup
17-02-2015 11:12:55 Windows Update
17-02-2015 11:27:22 Windows Defender Checkpoint
22-02-2015 20:00:52 Windows Backup
24-02-2015 07:45:29 Windows Update
25-02-2015 13:00:13 Windows Update
26-02-2015 13:00:14 Windows Update
01-03-2015 19:00:16 Windows Backup
03-03-2015 07:58:15 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C0895DB-2E9F-4E1F-AB1E-6037AC443F87} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {147DF704-6A9D-4209-8F15-4199A31BA7DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {15EE93FF-8C83-4412-960D-C41E7CA1081C} - System32\Tasks\Today Alarm => C:\Users\Jeremy\Music\Placebo - Greatest Hits 2009\CD1\11 - Placebo - Pure Morning.mp3 [2012-08-31] ()
Task: {1676D78A-9056-4DB5-AEFF-1BDCE50FCE6C} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {17E392CC-AE83-4F56-81F0-DB4B5C250A19} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3111D669-138F-4B8A-9240-7DCFE2C616AB} - System32\Tasks\Opera scheduled Autoupdate 1375186840 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {315A53E0-B43A-4126-95E2-ADA3E90A2D92} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BB9726A3-1582-4273-8060-F07D0CA65002}.exe
Task: {3D43CC68-9A72-4EA5-9DCC-B99BD9D321A1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {43EF1AB2-B7F9-40F0-87F4-C1CC193A98E9} - System32\Tasks\mcleaner => %APPDATA%.exe <==== ATTENTION
Task: {47468941-D3CD-4D21-9DF0-7BF2DAC8CD62} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {4C22F196-1F48-44D8-AF2F-BC837A5726B5} - System32\Tasks\{13688232-DEFB-483A-B767-DFE33D0589F0} => pcalua.exe -a C:\Users\Jeremy\Downloads\freecommandLinetools.exe -d C:\Users\Jeremy\Downloads
Task: {4D2FA619-3E36-4FB1-B99E-633F293B6EE4} - System32\Tasks\{F0DE517C-568B-424F-BF17-635AAF9413A2} => pcalua.exe -a "C:\Users\Jeremy\Downloads\freecommandLinetools (1).exe" -d C:\Users\Jeremy\Downloads
Task: {502A21E5-331A-49EA-A968-C8E916A0E51F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {54F19B1C-CF87-40E1-9CC8-DB5077CF6FC2} - System32\Tasks\{7410F68E-2C92-4691-AD72-79F31023ED56} => pcalua.exe -a C:\Users\Jeremy\AppData\Local\Temp\7zS67EB\hppiw.exe -d C:\Users\Jeremy\AppData\Local\Temp\7zS67EB
Task: {56D60765-96A2-4AD8-BE2F-60DE160F5C66} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {5CFF27DB-A837-4B41-91CD-073B1F0527C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {687A120E-2015-4A2B-8431-B513534570F2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-196541456-3721787801-3454904004-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {8A56546D-FC56-4B99-B25E-17EFAAA7C255} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{62527B77-66D5-4767-90F4-DEC6D080D889}.exe
Task: {8F8F2D9F-77A7-4059-95BC-3DF490A77417} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {96092248-540B-4B87-BE21-E413A00F5178} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-196541456-3721787801-3454904004-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A1351A5E-6E41-431B-95FE-4D0E61D6CCB0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {AEAA091D-DC64-43E9-81E3-D61B533A8967} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B282F32A-E87D-45D3-9664-595B6CE5F662} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {BFB018BE-4DD6-4E66-B7FB-E755050C9ABD} - System32\Tasks\OFFICE2010ACT => C:\Windows\system32\OFFICEICON.vbs [2012-02-23] ()
Task: {C4A3917B-A87D-4248-A264-75BDCFB68938} - System32\Tasks\Time for Chores alarm => C:\Users\Jeremy\Music\Placebo - Greatest Hits 2009\CD1\07 - Placebo - Special K.mp3 [2012-09-17] ()
Task: {C9530A8F-D2B6-4458-BF6B-14A01B37C4D2} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {D298C2E0-D9AE-4F35-910B-D340A997A0B9} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {E41F1A76-CA09-48F4-A64F-D8AE20A8BF8E} - System32\Tasks\{820585AC-F94F-4BD1-B310-CE406E51D16A} => pcalua.exe -a C:\Users\Jeremy\Downloads\freecommandLinetools(1).exe -d C:\Users\Jeremy\Downloads
Task: {E5501761-2422-4454-AE46-8BA42548B727} - System32\Tasks\Alarm => C:\Users\Jeremy\Music\Placebo - Greatest Hits 2009\CD1\01 - Placebo - For What It's Worth.mp3 [2012-08-31] ()
Task: {EB4A601C-2982-4DCB-B09F-9BC60E71C66F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {EDEE48AF-4422-4BF4-99DA-D7E65DE526F9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F2EBBAD0-0ADD-4F1D-81A3-4B929E6B28B7} - System32\Tasks\{A9AEA6DA-AF07-493E-9C01-9F8D64D5E53B} => pcalua.exe -a C:\Users\Jeremy\AppData\Local\Temp\7zS0B21\hppiw.exe -d C:\Users\Jeremy\AppData\Local\Temp\7zS0B21
Task: {FE2AE88C-DD38-468E-ADF5-8709E8D32D5F} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-23] (Jelbrus) <==== ATTENTION
Task: {FEDE598C-0EC3-49F6-A343-1A50DF0D008A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{62527B77-66D5-4767-90F4-DEC6D080D889}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BB9726A3-1582-4273-8060-F07D0CA65002}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-12-10 23:52 - 2005-03-12 09:07 - 00087040 _____ () C:\Windows\System32\pdfmonnt.dll
2013-01-31 16:17 - 2011-07-08 10:07 - 01850768 _____ () C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe
2013-01-31 16:17 - 2011-07-08 09:56 - 00294400 _____ () C:\Program Files (x86)\Broadband to Go\Broadband to Go\LoggerServer.exe
2012-07-06 04:42 - 2011-12-16 04:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-03-06 01:21 - 2013-03-06 01:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-01-14 10:07 - 2015-01-14 10:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2012-07-06 04:55 - 2012-07-06 04:55 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2014-03-21 14:07 - 2014-03-21 14:07 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2011-12-14 23:18 - 2011-12-14 23:18 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49083405.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63882543.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49083405.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63882543.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 89.101.160.4 - 89.101.160.5
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\Windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SugarSync => "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-196541456-3721787801-3454904004-500 - Administrator - Disabled)
Guest (S-1-5-21-196541456-3721787801-3454904004-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-196541456-3721787801-3454904004-1002 - Limited - Enabled)
Jeremy (S-1-5-21-196541456-3721787801-3454904004-1000 - Administrator - Enabled) => C:\Users\TEMP
 
==================== Faulty Device Manager Devices =============
 
Name: Atheros AR3011 Bluetooth 3.0
Description: Atheros AR3011 Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2015 09:46:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/03/2015 07:58:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-196541456-3721787801-3454904004-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {01f4179c-90f6-4686-8de4-80c52c5bf117}
 
Error: (03/03/2015 07:53:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 07:52:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Jeremy-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (03/03/2015 07:52:21 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (290:192:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.
 
Error: (03/03/2015 07:52:20 AM) (Source: NI Variable Engine) (EventID: 0) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\National Instruments\Shared\Tagger\ni_tagger_plugin_mxs.dll: Failure to load plugin: Unexpected Error: Unable to get the Interface from the plug-in.
 
Error: (03/03/2015 07:52:20 AM) (Source: NI Variable Engine) (EventID: 0) (User: NT AUTHORITY)
Description: Unable to load the MXS configuration plugIn: Failed to get MAX Configuration interface: 0x8007007e
 
Error: (03/02/2015 00:06:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/02/2015 00:05:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Jeremy-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (03/02/2015 00:05:48 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (290:192:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.
 
 
System errors:
=============
Error: (03/03/2015 09:21:54 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (03/03/2015 07:54:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (03/03/2015 07:52:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AVGIDSHA
 
Error: (03/03/2015 07:52:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SafetyNut Manager service failed to start due to the following error: 
%%2
 
Error: (03/03/2015 07:52:21 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.
 
Error: (03/03/2015 07:52:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The NI Configuration Manager service terminated with service-specific error %%-1.
 
Error: (03/03/2015 07:52:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ffdshow manager service failed to start due to the following error: 
%%2
 
Error: (03/02/2015 00:08:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (03/02/2015 00:05:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AVGIDSHA
 
Error: (03/02/2015 00:05:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SafetyNut Manager service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (08/12/2014 09:11:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 124384 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2014 09:47:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/03/2013 02:45:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 5991.41 MB
Available physical RAM: 3242.73 MB
Total Pagefile: 11981.01 MB
Available Pagefile: 8990.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:627.56 GB) (Free:399.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:0 GB) NTFS
Drive h: (DOOM3_1) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 45F7DF76)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=627.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)
 
==================== End Of Log ============================


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:00 AM

Posted 03 March 2015 - 01:20 PM

Thank you. We have quite a bit to deal with in these first steps. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Browser Tab Search by Ask for Internet Explorer
Complitly
iLivid
Reimage Repair
uTorrentControl_v2 Toolbar

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShortcutTarget: Update Agent.lnk -> C:\Program Files (x86)\Broadband to Go\Broadband to Go\AutoUpdateSrv.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ProxyEnable: [S-1-5-21-196541456-3721787801-3454904004-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-196541456-3721787801-3454904004-1000] => 127.0.0.1:8118
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=n12521-394&apn_uid=8616228275304749&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A07AF93-AA8B-43AB-B380-BCA8B88CFACD} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=n12521-394&apn_uid=8616228275304749&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=OB_[[PubID]]_CH&co=IE&userid=ad36eb50-d50b-d47b-4509-cf54c6cc616e&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> {6A07AF93-AA8B-43AB-B380-BCA8B88CFACD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN42441416631403270&UM=2
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Toolbar: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Toolbar: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
R2 TorchCrashHandler; C:\Users\Jeremy\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205088 2013-07-10] (TorchMedia Inc.) [File not signed] <==== ATTENTION
S2 ffdshow manager; C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SafetyNutManager; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe [X]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
C:\Users\Jeremy\AppData\Local\Temp\avguidx.dll
C:\Users\Jeremy\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Jeremy\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Jeremy\AppData\Local\Temp\htmlayout.dll
C:\Users\Jeremy\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Jeremy\AppData\Local\Temp\install_reader11_en_mssa_aih.exe
C:\Users\Jeremy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Jeremy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jeremy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Jeremy\AppData\Local\Temp\lowproc.exe
C:\Users\Jeremy\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Jeremy\AppData\Local\Temp\oi_{1F1053DD-7AAC-4341-B912-507594073F76}.exe
C:\Users\Jeremy\AppData\Local\Temp\ose00000.exe
C:\Users\Jeremy\AppData\Local\Temp\ResetDevice.exe
C:\Users\Jeremy\AppData\Local\Temp\SIInvoker.exe
C:\Users\Jeremy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jeremy\AppData\Local\Temp\stubhelper.dll
C:\Users\Jeremy\AppData\Local\Temp\tbedrs.dll
C:\Users\Jeremy\AppData\Local\Temp\tmp3iRqdJaX32.dll
C:\Users\Jeremy\AppData\Local\Temp\tmp7GMP1zUcdC.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpfkGBJ7b0hB.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpFUMEI1OyaG.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpkobMGkAiB9.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpOKYRcSQMcy.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpRV2v957zpZ.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpuyf2R5nobm.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpycDWm9e1fx.dll
C:\Users\Jeremy\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Jeremy\AppData\Local\Temp\uninst1.exe
C:\Users\Jeremy\AppData\Local\Temp\utt1676.tmp.exe
C:\Users\Jeremy\AppData\Local\Temp\utt1944.tmp.exe
C:\Users\TEMP\AppData\Local\Temp\Runner.exe
C:\Users\TEMP\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jeremy\AppData\Local\Torch
2015-02-28 18:04 - 2013-07-16 11:34 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
Task: {1676D78A-9056-4DB5-AEFF-1BDCE50FCE6C} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
C:\Program Files (x86)\Advanced System Protector
Task: {43EF1AB2-B7F9-40F0-87F4-C1CC193A98E9} - System32\Tasks\mcleaner => %APPDATA%.exe <==== ATTENTION
Task: {47468941-D3CD-4D21-9DF0-7BF2DAC8CD62} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
Task: {A1351A5E-6E41-431B-95FE-4D0E61D6CCB0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
C:\Program Files\Reimage
Task: {C9530A8F-D2B6-4458-BF6B-14A01B37C4D2} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
C:\Windows\system32\config\systemprofile\AppData\Local\Conduit
Task: {FE2AE88C-DD38-468E-ADF5-8709E8D32D5F} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-23] (Jelbrus) <==== ATTENTION
C:\Program Files (x86)\Jelbrus Secure Web
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{62527B77-66D5-4767-90F4-DEC6D080D889}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BB9726A3-1582-4273-8060-F07D0CA65002}.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall properly?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 18.5

18.5
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 03 March 2015 - 03:58 PM

Hi I have copied and pasted this into wordpad but 

it is not copying all the text

Below is what is showing in notepad

To combat this I have first copied it into msword and then copied it from there to notepad, I assume this is an appropriate. Pending your okay, I will proceed, with the rest of the steps you have suggested.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:00 AM

Posted 03 March 2015 - 04:34 PM

Attach the reports to your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 18.5

18.5
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 04 March 2015 - 03:21 AM

I have not been able to specify the download path of FRST, in the first instance. It is not actually on my desktop. It has ran from it download location, immediately after downloading. It however remains hidden when I make a request to show it in it's directory. Otherwise I would have cut and pasted it to the desktop. I await your advice.

Download path I am guessing is default but I provided it for below in any case.

C:/Windows/System 32/Config/SystemProfile/Downloads



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:00 AM

Posted 04 March 2015 - 09:54 AM

Would you be able to download FRST onto a USB device using a different computer then copy/paste the program onto the desktop of the computer we are working on?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 18.5

18.5
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 06 March 2015 - 08:11 AM

Hi thanks for your patience. I have managed to borrow a laptop, to make the download. FRST fix has been has been ran log posted below. I suspect in the interim period between the initial step undertaken and this most recent step, that Reimage repair has re-installed itself on my computer. Just needed to know whether we need to begin the process again or can continue as before

 

Log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Jeremy at 2015-03-06 13:02:15 Run:1
Running from C:\Windows\System32\config\systemprofile\Desktop
Loaded Profiles: Jeremy (Available profiles: Jeremy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShortcutTarget: Update Agent.lnk -> C:\Program Files (x86)\Broadband to Go\Broadband to Go\AutoUpdateSrv.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ProxyEnable: [S-1-5-21-196541456-3721787801-3454904004-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-196541456-3721787801-3454904004-1000] => 127.0.0.1:8118
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> DefaultScope {6A07AF93-AA8B-43AB-B380-BCA8B88CFACD} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> {6A07AF93-AA8B-43AB-B380-BCA8B88CFACD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN42441416631403270&UM=2
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKU\.DEFAULT -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Toolbar: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Toolbar: HKU\S-1-5-21-196541456-3721787801-3454904004-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
R2 TorchCrashHandler; C:\Users\Jeremy\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205088 2013-07-10] (TorchMedia Inc.) [File not signed] <==== ATTENTION
S2 ffdshow manager; C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SafetyNutManager; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe [X]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
C:\Users\Jeremy\AppData\Local\Temp\avguidx.dll
C:\Users\Jeremy\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Jeremy\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Jeremy\AppData\Local\Temp\htmlayout.dll
C:\Users\Jeremy\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Jeremy\AppData\Local\Temp\install_reader11_en_mssa_aih.exe
C:\Users\Jeremy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Jeremy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jeremy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Jeremy\AppData\Local\Temp\lowproc.exe
C:\Users\Jeremy\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Jeremy\AppData\Local\Temp\oi_{1F1053DD-7AAC-4341-B912-507594073F76}.exe
C:\Users\Jeremy\AppData\Local\Temp\ose00000.exe
C:\Users\Jeremy\AppData\Local\Temp\ResetDevice.exe
C:\Users\Jeremy\AppData\Local\Temp\SIInvoker.exe
C:\Users\Jeremy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jeremy\AppData\Local\Temp\stubhelper.dll
C:\Users\Jeremy\AppData\Local\Temp\tbedrs.dll
C:\Users\Jeremy\AppData\Local\Temp\tmp3iRqdJaX32.dll
C:\Users\Jeremy\AppData\Local\Temp\tmp7GMP1zUcdC.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpfkGBJ7b0hB.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpFUMEI1OyaG.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpkobMGkAiB9.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpOKYRcSQMcy.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpRV2v957zpZ.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpuyf2R5nobm.dll
C:\Users\Jeremy\AppData\Local\Temp\tmpycDWm9e1fx.dll
C:\Users\Jeremy\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Jeremy\AppData\Local\Temp\uninst1.exe
C:\Users\Jeremy\AppData\Local\Temp\utt1676.tmp.exe
C:\Users\Jeremy\AppData\Local\Temp\utt1944.tmp.exe
C:\Users\TEMP\AppData\Local\Temp\Runner.exe
C:\Users\TEMP\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jeremy\AppData\Local\Torch
2015-02-28 18:04 - 2013-07-16 11:34 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
Task: {1676D78A-9056-4DB5-AEFF-1BDCE50FCE6C} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
C:\Program Files (x86)\Advanced System Protector
Task: {43EF1AB2-B7F9-40F0-87F4-C1CC193A98E9} - System32\Tasks\mcleaner => %APPDATA%.exe <==== ATTENTION
Task: {47468941-D3CD-4D21-9DF0-7BF2DAC8CD62} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
Task: {A1351A5E-6E41-431B-95FE-4D0E61D6CCB0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
C:\Program Files\Reimage
Task: {C9530A8F-D2B6-4458-BF6B-14A01B37C4D2} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
C:\Windows\system32\config\systemprofile\AppData\Local\Conduit
Task: {FE2AE88C-DD38-468E-ADF5-8709E8D32D5F} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-23] (Jelbrus) <==== ATTENTION
C:\Program Files (x86)\Jelbrus Secure Web
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{62527B77-66D5-4767-90F4-DEC6D080D889}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BB9726A3-1582-4273-8060-F07D0CA65002}.exe <==== ATTENTION
 
*****************
 
C:\Program Files (x86)\Broadband to Go\Broadband to Go\AutoUpdateSrv.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key not found. 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} => Key not found. 
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-196541456-3721787801-3454904004-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 
"HKU\S-1-5-21-196541456-3721787801-3454904004-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A07AF93-AA8B-43AB-B380-BCA8B88CFACD}" => Key deleted successfully.
HKCR\CLSID\{6A07AF93-AA8B-43AB-B380-BCA8B88CFACD} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found. 
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value not found.
HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => value deleted successfully.
HKCR\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Key not found. 
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => value deleted successfully.
HKCR\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Key not found. 
HKU\S-1-5-21-196541456-3721787801-3454904004-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
TorchCrashHandler => Service stopped successfully.
TorchCrashHandler => Service deleted successfully.
ffdshow manager => Service deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
SafetyNutManager => Service deleted successfully.
AVGIDSHA => Service deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
nvUpdatusService => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
C:\Users\Jeremy\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\CommonInstaller.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\DataCard_Setup64.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\install_reader11_en_mssa_aih.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\oi_{1F1053DD-7AAC-4341-B912-507594073F76}.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\ResetDevice.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\SIInvoker.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmp3iRqdJaX32.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmp7GMP1zUcdC.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmpfkGBJ7b0hB.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmpFUMEI1OyaG.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmpkobMGkAiB9.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmpOKYRcSQMcy.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmpRV2v957zpZ.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmpuyf2R5nobm.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\tmpycDWm9e1fx.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\ToolbarInstaller.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\utt1676.tmp.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\utt1944.tmp.exe => Moved successfully.
C:\Users\TEMP\AppData\Local\Temp\Runner.exe => Moved successfully.
C:\Users\TEMP\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Torch => Moved successfully.
C:\ProgramData\TorchCrashHandler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1676D78A-9056-4DB5-AEFF-1BDCE50FCE6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1676D78A-9056-4DB5-AEFF-1BDCE50FCE6C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector_startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key deleted successfully.
"C:\Program Files (x86)\Advanced System Protector" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43EF1AB2-B7F9-40F0-87F4-C1CC193A98E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43EF1AB2-B7F9-40F0-87F4-C1CC193A98E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\mcleaner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mcleaner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47468941-D3CD-4D21-9DF0-7BF2DAC8CD62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47468941-D3CD-4D21-9DF0-7BF2DAC8CD62}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update" => Key deleted successfully.
"C:\Program Files (x86)\YourFileDownloader" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1351A5E-6E41-431B-95FE-4D0E61D6CCB0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1351A5E-6E41-431B-95FE-4D0E61D6CCB0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Reimage Reminder => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => Key deleted successfully.
C:\Program Files\Reimage => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9530A8F-D2B6-4458-BF6B-14A01B37C4D2} => Key not found. 
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
"C:\Windows\system32\config\systemprofile\AppData\Local\Conduit" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE2AE88C-DD38-468E-ADF5-8709E8D32D5F} => Key not found. 
C:\Windows\System32\Tasks\Jelbrus Secure Web Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully.
 
"C:\Program Files (x86)\Jelbrus Secure Web" directory move:
 
Could not move "C:\Program Files (x86)\Jelbrus Secure Web" directory. => Scheduled to move on reboot.
 
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:00 AM

Posted 06 March 2015 - 12:38 PM

Aside from Reimage how is your computer running. Please do this. I am giving you 2 sets of instruction in case you can't get it to run on your computer.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Reimage Repair
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • From a clean computer downloadl Revo Uninstaller Free Portable and save it to your USB device
  • Please Unzip the folder onto the USB device
  • Remove the USB device and insert it into the infected computer
  • Press press Ctrl+Shift+Esc at the same time to launch Task Manager
  • Select File, then New Task (Run...)
  • Click the Browse button
  • Click My Computer then locate and click on your USB device
  • Click the down arrow on Files of type: and select All Files
  • Double click on the revouninstaller-portable folder
  • Double click on the Revouninstaller icon
  • Click Run
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Reimage Repair
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish
  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Reimage uninstall?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users