Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

a.targetingadvertiser mal/adware [Solved]


  • This topic is locked This topic is locked

#1
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
I am helping a family member fix their computer. It is running extremely slowly. Internet connection is good, no programs open and the CPU is running at 90-100%. When clicking on links in Google Chrome, extra tabs open leading to a site called a.targetingadvertiser.com announcing they have received a premium offer from scorpion saver.

It is not known how the infection was acquired.

OTL.txt and Extras.txt Log attached

OTL logfile created on: 11/27/2013 11:18:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.83 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.62% Memory free
7.65 Gb Paging File | 4.64 Gb Available in Paging File | 60.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.87 Gb Total Space | 353.35 Gb Free Space | 78.20% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.31 Gb Free Space | 69.94% Space Free | Partition Type: FAT
Drive Q: | 13.67 Gb Total Space | 3.40 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: FAMILY-THINK | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 23:17:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.exe
PRC - [2013/11/21 18:40:21 | 002,334,384 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/11/21 18:40:21 | 001,643,696 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
PRC - [2013/11/21 18:40:21 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe
PRC - [2013/10/31 09:37:58 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Family\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2013/10/16 10:18:44 | 003,688,448 | ---- | M] (Adpeak, Inc.) -- C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe
PRC - [2012/03/16 19:36:10 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012/02/24 13:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2012/02/22 03:21:19 | 000,070,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
PRC - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
PRC - [2012/02/09 21:13:08 | 000,279,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 18:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/12/19 21:16:42 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/21 18:40:21 | 002,334,384 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/11/21 18:40:21 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\log4cplusU.dll
MOD - [2013/11/21 18:40:21 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\SiteSafety.dll
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/13 04:30:13 | 008,013,664 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013/11/13 04:30:12 | 000,145,688 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/11/02 07:34:39 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/11/02 07:34:11 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/11/02 07:34:10 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
MOD - [2013/11/02 07:34:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
MOD - [2013/11/02 06:53:09 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll
MOD - [2013/11/02 06:53:08 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/11/02 06:53:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/02 06:52:33 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/02 06:52:28 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/02 06:52:16 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/11/02 06:52:08 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/02 06:52:04 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/11/02 06:52:03 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/02 06:51:29 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/10/31 09:38:30 | 000,030,488 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\srut.dll
MOD - [2013/10/31 09:38:26 | 000,019,736 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\srsbs.dll
MOD - [2013/10/31 09:38:22 | 000,247,576 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\srns.dll
MOD - [2013/10/31 09:38:22 | 000,013,592 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\srpdm.dll
MOD - [2013/10/31 09:38:20 | 000,056,088 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\srau.dll
MOD - [2013/10/31 09:38:18 | 000,055,064 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\spbl.dll
MOD - [2013/10/31 09:38:18 | 000,047,896 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\sppsm.dll
MOD - [2013/10/31 09:38:12 | 000,024,856 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/10/31 09:38:10 | 000,052,504 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/10/31 09:38:08 | 000,111,384 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/10/31 09:38:08 | 000,016,664 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/10/31 09:38:04 | 000,149,784 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/10/31 09:38:04 | 000,056,600 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/10/31 09:38:02 | 000,034,072 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/10/31 09:38:00 | 001,980,184 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/10/31 09:38:00 | 000,081,176 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/10/31 09:38:00 | 000,013,592 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/10/31 09:37:58 | 000,727,320 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/10/31 09:37:56 | 000,012,568 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\siem.dll
MOD - [2013/10/31 09:37:54 | 000,013,592 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\sgml.dll
MOD - [2013/10/31 09:37:10 | 000,047,384 | ---- | M] () -- C:\Users\Family\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2010/11/20 22:24:01 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:01:54 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/31 15:12:20 | 000,511,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/10/16 10:18:44 | 003,688,448 | ---- | M] (Adpeak, Inc.) [Auto | Running] -- C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe -- (AdpeakProxy)
SRV:64bit: - [2013/09/25 16:40:50 | 001,674,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe -- (LBAEvent)
SRV:64bit: - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/12/08 18:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/21 18:40:21 | 001,643,696 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe -- (vToolbarUpdater17.1.3)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/11/01 08:16:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/03/22 00:34:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/16 19:36:10 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/02/22 03:20:18 | 000,165,176 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/21 18:40:21 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/01 12:09:22 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/19 03:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/19 23:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/01 18:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/14 16:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2011/12/13 13:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/12/13 13:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/12/08 18:18:38 | 000,009,600 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LBAI.sys -- (LBAI)
DRV:64bit: - [2011/12/08 15:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/08 15:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/05 15:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/09 12:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/10/31 20:01:35 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131107.003\ex64.sys -- (NAVEX15)
DRV - [2013/10/31 20:01:35 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/10/31 20:01:35 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/31 20:01:35 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20131107.003\eng64.sys -- (NAVENG)
DRV - [2013/10/31 15:51:50 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20131107.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 22:20:58 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENP_enUS560
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2013-11-20 18:40:12&v=17.1.3.3&pid=safeguard&sg=60&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF [2013/10/31 20:46:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/11/27 22:55:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.3.3 [2013/11/21 18:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/10/31 22:56:50 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.16_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.3.3_0\
CHR - Extension: No name found = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Input Device Main Program] C:\Program Files\Lenovo\Lenovo Ultraslim Plus Wireless Keyboard & Mouse\Pelico.exe (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.EXE ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AIM for Windows] C:\Users\Family\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Family\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=71fc9c70750f47d39295b95e6f9481a0-9c02c891504833e5dc217909a6d01daf133d3757 /CMPID=1113a File not found
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Family\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C07E91B1-59C7-4EBD-99AE-F9F2AE4A0DF1}: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/14 21:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011/12/14 21:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 08:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/11/21 21:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PasswordBox
[2013/11/20 18:40:17 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AVG SafeGuard toolbar
[2013/11/20 18:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/11/20 18:40:10 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/11/20 18:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/11/20 18:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/11/20 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/11/14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
[2013/11/14 04:34:57 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysWow64\AdpeakProxy.dll
[2013/11/14 04:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ScorpionSaver Services
[2013/11/14 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/11/13 04:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/13 04:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/11/13 04:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/11/13 04:31:52 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/13 04:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/13 04:31:48 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Systweak
[2013/11/13 04:31:45 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\SysNative\roboot64.exe
[2013/11/13 04:31:21 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Programs
[2013/11/13 04:30:06 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Smartbar
[2013/11/05 21:55:48 | 000,150,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgdiska.sys
[2013/11/04 21:52:42 | 000,240,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgidsdrivera.sys
[2013/11/02 07:52:51 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys
[2013/11/02 07:52:51 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys
[2013/11/02 07:52:51 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys
[2013/11/02 07:52:51 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys
[2013/11/02 07:52:51 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys
[2013/11/02 07:52:51 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys
[2013/11/02 07:52:51 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys
[2013/11/02 07:52:40 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1309010.00E
[2013/11/02 04:12:14 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2013/11/02 04:12:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2013/11/02 02:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/11/02 02:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/11/02 02:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/11/01 10:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013/11/01 09:59:37 | 000,000,000 | ---D | C] -- C:\Brother
[2013/11/01 09:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browny02
[2013/11/01 09:59:28 | 000,217,088 | ---- | C] (brother) -- C:\windows\SysWow64\NSSearch.dll
[2013/11/01 09:59:28 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\windows\SysWow64\BrDctF2.dll
[2013/11/01 09:59:28 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\windows\SysWow64\BrDctF2L.dll
[2013/11/01 09:59:28 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\windows\SysWow64\BrDctF2S.dll
[2013/11/01 09:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013/11/01 09:59:26 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BroSNMP.dll
[2013/11/01 09:57:52 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\InstallShield
[2013/11/01 09:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2013/11/01 08:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/01 08:16:47 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013/11/01 08:16:23 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Adobe
[2013/11/01 08:03:28 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\AVG2014
[2013/11/01 08:02:39 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\TuneUp Software
[2013/11/01 08:02:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/11/01 08:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/11/01 08:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/11/01 07:57:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/11/01 07:57:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\MFAData
[2013/11/01 07:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/11/01 07:57:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2014
[2013/10/31 23:00:18 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgldx64.sys
[2013/10/31 22:59:26 | 000,000,000 | ---D | C] -- C:\windows\util
[2013/10/31 22:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/10/31 22:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SymSilent
[2013/10/31 22:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2013/10/31 22:56:08 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/10/31 22:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/10/31 22:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/10/31 22:55:52 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2013/10/31 22:55:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/10/31 22:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/10/31 22:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/10/31 22:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/10/31 22:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/10/31 22:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo Registration
[2013/10/31 22:55:19 | 000,000,000 | ---D | C] -- C:\windows\en
[2013/10/31 22:55:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/10/31 22:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/10/31 22:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/10/31 22:54:32 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/10/31 22:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/10/31 22:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/10/31 22:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2013/10/31 22:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/10/31 22:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/10/31 22:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/31 22:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/10/31 22:49:46 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgloga.sys
[2013/10/31 22:49:02 | 000,000,000 | ---D | C] -- C:\swshare
[2013/10/31 22:48:59 | 000,070,416 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\windows\SysNative\drivers\Fastboot.sys
[2013/10/31 22:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2013/10/31 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition
[2013/10/31 22:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2013/10/31 22:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2013/10/31 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2013/10/31 22:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013/10/31 22:46:16 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Macromed
[2013/10/31 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/10/31 22:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2013/10/31 22:45:32 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2013/10/31 22:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/10/31 22:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/10/31 22:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/10/31 22:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2013/10/31 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lenovo
[2013/10/31 22:44:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
[2013/10/31 22:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2013/10/31 22:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/10/31 22:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Ultraslim Plus Wireless Keyboard & Mouse
[2013/10/31 22:29:20 | 000,024,064 | ---- | C] (Primax Electronics Ltd.) -- C:\windows\SysNative\drivers\LEMo6022.SYS
[2013/10/31 22:29:20 | 000,018,432 | ---- | C] (Primax Electronics Ltd.) -- C:\windows\SysNative\drivers\LEub6022.SYS
[2013/10/31 22:29:20 | 000,017,408 | ---- | C] (Primax Electronics Ltd.) -- C:\windows\SysNative\drivers\LECs6022.sys
[2013/10/31 22:29:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013/10/31 22:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/10/31 22:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/10/31 22:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/10/31 22:28:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/10/31 22:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2013/10/31 22:28:26 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/10/31 22:26:57 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/10/31 22:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/10/31 22:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/10/31 22:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/10/31 22:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/10/31 22:26:40 | 000,000,000 | ---D | C] -- C:\Intel
[2013/10/31 22:25:54 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\RTCOM
[2013/10/31 22:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/10/31 22:15:47 | 000,000,000 | ---D | C] -- C:\windows\IE90-ENU
[2013/10/31 22:15:42 | 000,648,808 | ---- | C] (Realtek ) -- C:\windows\SysNative\drivers\Rt64win7.sys
[2013/10/31 22:15:39 | 000,052,736 | ---- | C] (Khronos Group) -- C:\windows\SysNative\OpenCL.dll
[2013/10/31 22:15:39 | 000,051,200 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\OpenCL.dll
[2013/10/31 22:15:31 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\WavesGUILib.dll
[2013/10/31 22:15:31 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSX64.dll
[2013/10/31 22:15:31 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSH64.dll
[2013/10/31 22:15:31 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSHP64.dll
[2013/10/31 22:15:31 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSWOW64.dll
[2013/10/31 22:15:30 | 005,996,376 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioRealtek.dll
[2013/10/31 22:15:30 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEP64A.dll
[2013/10/31 22:15:30 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioEQ.dll
[2013/10/31 22:15:30 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioRealtek264.dll
[2013/10/31 22:15:30 | 000,955,736 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPOShell64.dll
[2013/10/31 22:15:30 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\windows\SysNative\KAAPORT64.dll
[2013/10/31 22:15:30 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EED64A.dll
[2013/10/31 22:15:30 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEP64A.dll
[2013/10/31 22:15:30 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO30.dll
[2013/10/31 22:15:30 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxVolumeSDAPO.dll
[2013/10/31 22:15:30 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO20.dll
[2013/10/31 22:15:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DHT64.dll
[2013/10/31 22:15:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DAA64.dll
[2013/10/31 22:15:30 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFNHK64.dll
[2013/10/31 22:15:30 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEED64A.dll
[2013/10/31 22:15:30 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEL64A.dll
[2013/10/31 22:15:30 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEA64A.dll
[2013/10/31 22:15:30 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEL64A.dll
[2013/10/31 22:15:30 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFCOM64.dll
[2013/10/31 22:15:30 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFAPO64.dll
[2013/10/31 22:15:30 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEG64A.dll
[2013/10/31 22:15:30 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEG64A.dll
[2013/10/31 22:15:30 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\windows\SysWow64\SFCOM.dll
[2013/10/31 22:15:29 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\windows\SysNative\FMAPO64.dll
[2013/10/31 22:15:29 | 001,756,264 | ---- | C] (DTS) -- C:\windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/10/31 22:15:29 | 001,568,360 | ---- | C] (DTS) -- C:\windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/10/31 22:15:29 | 001,486,952 | ---- | C] (DTS) -- C:\windows\SysNative\DTSBoostDLL64.dll
[2013/10/31 22:15:29 | 000,728,680 | ---- | C] (DTS) -- C:\windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/10/31 22:15:29 | 000,712,296 | ---- | C] (DTS) -- C:\windows\SysNative\DTSSymmetryDLL64.dll
[2013/10/31 22:15:29 | 000,693,352 | ---- | C] (DTS) -- C:\windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/10/31 22:15:29 | 000,527,872 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PLFX64.dll
[2013/10/31 22:15:29 | 000,515,584 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PGFX64.dll
[2013/10/31 22:15:29 | 000,491,112 | ---- | C] (DTS) -- C:\windows\SysNative\DTSNeoPCDLL64.dll
[2013/10/31 22:15:29 | 000,439,808 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PREC64.dll
[2013/10/31 22:15:29 | 000,432,744 | ---- | C] (DTS) -- C:\windows\SysNative\DTSLimiterDLL64.dll
[2013/10/31 22:15:29 | 000,428,648 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/10/31 22:15:29 | 000,242,792 | ---- | C] (DTS) -- C:\windows\SysNative\DTSLFXAPO64.dll
[2013/10/31 22:15:29 | 000,242,792 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGFXAPO64.dll
[2013/10/31 22:15:29 | 000,241,768 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGFXAPONS64.dll
[2013/10/31 22:15:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/10/31 22:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2013/10/31 20:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/10/31 20:34:02 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\LSC
[2013/10/31 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Leadertech
[2013/10/31 20:33:32 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/31 20:33:32 | 000,000,000 | R--D | C] -- C:\Users\Family\Searches
[2013/10/31 20:33:32 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/31 20:33:32 | 000,000,000 | -H-D | C] -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/31 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Identities
[2013/10/31 20:33:19 | 000,000,000 | R--D | C] -- C:\Users\Family\Contacts
[2013/10/31 20:33:14 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\VirtualStore
[2013/10/31 20:33:07 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Google
[2013/10/31 20:30:24 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Roaming\Microsoft
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Videos
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Saved Games
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Pictures
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Music
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Links
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Favorites
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Downloads
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Documents
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\Desktop
[2013/10/31 20:30:24 | 000,000,000 | R--D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\AppData\Local\Temporary Internet Files
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Templates
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Start Menu
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\SendTo
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Recent
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\PrintHood
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\NetHood
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Documents\My Videos
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Documents\My Pictures
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Documents\My Music
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\My Documents
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Local Settings
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\AppData\Local\History
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Cookies
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\Application Data
[2013/10/31 20:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Family\AppData\Local\Application Data
[2013/10/31 20:30:24 | 000,000,000 | -H-D | C] -- C:\Users\Family\AppData
[2013/10/31 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Temp
[2013/10/31 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Microsoft
[2013/10/31 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Media Center Programs
[2013/10/31 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Macromedia
[2013/10/31 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
[2013/10/31 20:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2013/10/31 20:02:59 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AOL
[2013/10/31 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\LSC
[2013/10/31 19:44:34 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Skype
[2013/10/31 19:44:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/10/31 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/10/31 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/10/31 19:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/10/31 19:40:16 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Adobe
[2013/10/31 19:39:48 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Google
[2013/10/31 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\VeriSign
[2013/10/31 19:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2013/10/31 19:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2013/10/31 19:34:55 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Intel Corporation

========== Files - Modified Within 30 Days ==========

[2013/11/27 23:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/27 23:02:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/27 23:02:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/27 23:01:00 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 23:01:00 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 22:59:41 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/27 22:59:41 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/27 22:59:41 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/27 22:53:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/27 22:53:22 | 3082,674,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/26 08:54:35 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/26 04:04:47 | 001,820,169 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013/11/26 03:01:57 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/21 18:40:21 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/11/19 20:14:45 | 629,694,464 | -HS- | M] () -- C:\windows\lenovo_fastboot.img
[2013/11/13 05:02:54 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/06 15:42:12 | 000,005,360 | ---- | M] () -- C:\windows\SysWow64\AdpeakProxy.ini
[2013/11/06 15:42:12 | 000,005,360 | ---- | M] () -- C:\windows\SysNative\AdpeakProxy.ini
[2013/11/06 15:32:48 | 000,002,312 | ---- | M] () -- C:\windows\SysWow64\AdpeakProxyOff.ini
[2013/11/06 15:32:48 | 000,002,312 | ---- | M] () -- C:\windows\SysNative\AdpeakProxyOff.ini
[2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgdiska.sys
[2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgidsdrivera.sys
[2013/11/02 06:49:47 | 000,293,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/01 12:09:22 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/11/01 12:09:22 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/11/01 12:09:22 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/11/01 10:00:18 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2013/10/31 23:27:21 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2013/10/31 23:27:21 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgldx64.sys
[2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgloga.sys
[2013/10/31 22:49:35 | 000,131,072 | ---- | M] () -- C:\windows\ocsetup_install_OEMHelpCustomization.etl
[2013/10/31 22:29:48 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2013/10/31 22:29:41 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2013/10/31 22:15:42 | 000,000,014 | ---- | M] () -- C:\SYSLEVEL.IBM
[2013/10/31 20:30:48 | 000,000,042 | ---- | M] () -- C:\windows\SysWow64\drivers\17AA_Lenovo_ThinkCentre_M72e_3264_CTO.MRK
[2013/10/31 20:30:33 | 000,000,000 | ---- | M] () -- C:\windows\firstboot.dat
[2013/10/31 20:03:02 | 000,001,091 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2013/10/31 20:03:02 | 000,001,089 | ---- | M] () -- C:\Users\Family\Desktop\AIM.lnk
[2013/10/31 19:48:37 | 000,000,113 | ---- | M] () -- C:\Users\Family\Desktop\Facebook.url
[2013/10/31 19:44:28 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/10/31 19:39:37 | 000,001,448 | ---- | M] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/11/26 03:01:57 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/13 05:02:54 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/13 04:36:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/06 15:42:12 | 000,005,360 | ---- | C] () -- C:\windows\SysWow64\AdpeakProxy.ini
[2013/11/06 15:42:12 | 000,005,360 | ---- | C] () -- C:\windows\SysNative\AdpeakProxy.ini
[2013/11/06 15:32:48 | 000,002,312 | ---- | C] () -- C:\windows\SysWow64\AdpeakProxyOff.ini
[2013/11/06 15:32:48 | 000,002,312 | ---- | C] () -- C:\windows\SysNative\AdpeakProxyOff.ini
[2013/11/03 02:17:49 | 001,820,169 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013/11/02 07:52:51 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symds64.cat
[2013/11/02 07:52:51 | 000,007,458 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symnet64.cat
[2013/11/02 07:52:51 | 000,007,450 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\iron.cat
[2013/11/02 07:52:51 | 000,007,446 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.cat
[2013/11/02 07:52:51 | 000,007,438 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symefa64.cat
[2013/11/02 07:52:51 | 000,007,406 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.cat
[2013/11/02 07:52:51 | 000,007,402 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.cat
[2013/11/02 07:52:51 | 000,003,435 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symefa.inf
[2013/11/02 07:52:51 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symds.inf
[2013/11/02 07:52:51 | 000,001,441 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symnet.inf
[2013/11/02 07:52:51 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.inf
[2013/11/02 07:52:51 | 000,001,419 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.inf
[2013/11/02 07:52:51 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.inf
[2013/11/02 07:52:51 | 000,000,772 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\iron.inf
[2013/11/02 07:52:40 | 000,008,942 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\symvtcer.dat
[2013/11/02 07:52:40 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini
[2013/11/02 02:17:27 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/01 10:00:18 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2013/11/01 08:16:51 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/01 08:02:39 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/01 02:34:27 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/10/31 22:59:08 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013/10/31 22:57:05 | 000,002,476 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
[2013/10/31 22:57:05 | 000,002,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Device Experience.lnk
[2013/10/31 22:56:50 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIP Access.lnk
[2013/10/31 22:56:08 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/10/31 22:56:08 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/10/31 22:55:04 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013/10/31 22:54:59 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013/10/31 22:54:50 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/10/31 22:54:47 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/10/31 22:51:47 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/31 22:51:46 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/31 22:49:18 | 000,131,072 | ---- | C] () -- C:\windows\ocsetup_install_OEMHelpCustomization.etl
[2013/10/31 22:49:01 | 629,694,464 | -HS- | C] () -- C:\windows\lenovo_fastboot.img
[2013/10/31 22:29:48 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2013/10/31 22:29:41 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2013/10/31 22:29:20 | 000,024,774 | ---- | C] () -- C:\windows\ms98.cab
[2013/10/31 22:29:20 | 000,011,972 | ---- | C] () -- C:\windows\Phidkbd.inf
[2013/10/31 22:29:20 | 000,008,634 | ---- | C] () -- C:\windows\x64.cat
[2013/10/31 22:29:03 | 000,015,128 | ---- | C] () -- C:\windows\SysNative\drivers\IntelMEFWVer.dll
[2013/10/31 22:28:29 | 000,000,042 | ---- | C] () -- C:\windows\SysWow64\drivers\17AA_Lenovo_ThinkCentre_M72e_3264_CTO.MRK
[2013/10/31 22:19:56 | 3082,674,176 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/31 22:15:42 | 000,000,014 | ---- | C] () -- C:\SYSLEVEL.IBM
[2013/10/31 22:15:39 | 001,981,696 | ---- | C] () -- C:\windows\SysNative\iglhxa64.cpa
[2013/10/31 22:15:39 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2013/10/31 22:15:39 | 000,755,188 | ---- | C] () -- C:\windows\SysNative\igkrng700.bin
[2013/10/31 22:15:39 | 000,059,425 | ---- | C] () -- C:\windows\SysNative\iglhxo64.vp
[2013/10/31 22:15:39 | 000,059,398 | ---- | C] () -- C:\windows\SysNative\iglhxg64.vp
[2013/10/31 22:15:39 | 000,059,230 | ---- | C] () -- C:\windows\SysNative\iglhxc64.vp
[2013/10/31 22:15:39 | 000,059,104 | ---- | C] () -- C:\windows\SysNative\iglhxc64_dev.vp
[2013/10/31 22:15:39 | 000,058,796 | ---- | C] () -- C:\windows\SysNative\iglhxg64_dev.vp
[2013/10/31 22:15:39 | 000,058,109 | ---- | C] () -- C:\windows\SysNative\iglhxo64_dev.vp
[2013/10/31 22:15:39 | 000,018,660 | ---- | C] () -- C:\windows\SysNative\iglhxs64.vp
[2013/10/31 22:15:39 | 000,001,074 | ---- | C] () -- C:\windows\SysNative\iglhxa64.vp
[2013/10/31 22:15:37 | 000,009,216 | ---- | C] ( ) -- C:\windows\SysNative\IGFXDEVLib.dll
[2013/10/31 22:15:36 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2013/10/31 22:15:36 | 000,561,508 | ---- | C] () -- C:\windows\SysNative\igfcg700m.bin
[2013/10/31 22:15:36 | 000,079,360 | ---- | C] () -- C:\windows\SysNative\igdde64.dll
[2013/10/31 22:15:36 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/10/31 22:15:35 | 017,226,240 | ---- | C] () -- C:\windows\SysNative\ig7icd64.dll
[2013/10/31 22:15:35 | 013,024,256 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2013/10/31 22:15:35 | 000,094,208 | ---- | C] () -- C:\windows\SysNative\IccLibDll_x64.dll
[2013/10/31 22:15:34 | 000,221,877 | ---- | C] () -- C:\windows\SysNative\Gfxres.th-TH.resources
[2013/10/31 22:15:34 | 000,208,522 | ---- | C] () -- C:\windows\SysNative\Gfxres.el-GR.resources
[2013/10/31 22:15:34 | 000,192,378 | ---- | C] () -- C:\windows\SysNative\Gfxres.ru-RU.resources
[2013/10/31 22:15:34 | 000,164,821 | ---- | C] () -- C:\windows\SysNative\Gfxres.ar-SA.resources
[2013/10/31 22:15:34 | 000,162,150 | ---- | C] () -- C:\windows\SysNative\Gfxres.ja-JP.resources
[2013/10/31 22:15:34 | 000,157,713 | ---- | C] () -- C:\windows\SysNative\Gfxres.he-IL.resources
[2013/10/31 22:15:34 | 000,148,461 | ---- | C] () -- C:\windows\SysNative\Gfxres.it-IT.resources
[2013/10/31 22:15:34 | 000,147,116 | ---- | C] () -- C:\windows\SysNative\Gfxres.ko-KR.resources
[2013/10/31 22:15:34 | 000,146,125 | ---- | C] () -- C:\windows\SysNative\Gfxres.es-ES.resources
[2013/10/31 22:15:34 | 000,146,008 | ---- | C] () -- C:\windows\SysNative\Gfxres.de-DE.resources
[2013/10/31 22:15:34 | 000,144,790 | ---- | C] () -- C:\windows\SysNative\Gfxres.ro-RO.resources
[2013/10/31 22:15:34 | 000,144,267 | ---- | C] () -- C:\windows\SysNative\Gfxres.fr-FR.resources
[2013/10/31 22:15:34 | 000,143,564 | ---- | C] () -- C:\windows\SysNative\Gfxres.tr-TR.resources
[2013/10/31 22:15:34 | 000,143,112 | ---- | C] () -- C:\windows\SysNative\Gfxres.pt-BR.resources
[2013/10/31 22:15:34 | 000,142,797 | ---- | C] () -- C:\windows\SysNative\Gfxres.nl-NL.resources
[2013/10/31 22:15:34 | 000,142,606 | ---- | C] () -- C:\windows\SysNative\Gfxres.hu-HU.resources
[2013/10/31 22:15:34 | 000,142,079 | ---- | C] () -- C:\windows\SysNative\Gfxres.pt-PT.resources
[2013/10/31 22:15:34 | 000,141,854 | ---- | C] () -- C:\windows\SysNative\Gfxres.sv-SE.resources
[2013/10/31 22:15:34 | 000,141,421 | ---- | C] () -- C:\windows\SysNative\Gfxres.pl-PL.resources
[2013/10/31 22:15:34 | 000,141,297 | ---- | C] () -- C:\windows\SysNative\Gfxres.cs-CZ.resources
[2013/10/31 22:15:34 | 000,140,949 | ---- | C] () -- C:\windows\SysNative\Gfxres.fi-FI.resources
[2013/10/31 22:15:34 | 000,140,548 | ---- | C] () -- C:\windows\SysNative\Gfxres.sk-SK.resources
[2013/10/31 22:15:34 | 000,139,901 | ---- | C] () -- C:\windows\SysNative\Gfxres.hr-HR.resources
[2013/10/31 22:15:34 | 000,136,850 | ---- | C] () -- C:\windows\SysNative\Gfxres.sl-SI.resources
[2013/10/31 22:15:34 | 000,136,778 | ---- | C] () -- C:\windows\SysNative\Gfxres.nb-NO.resources
[2013/10/31 22:15:34 | 000,136,261 | ---- | C] () -- C:\windows\SysNative\Gfxres.da-DK.resources
[2013/10/31 22:15:34 | 000,131,674 | ---- | C] () -- C:\windows\SysNative\Gfxres.en-US.resources
[2013/10/31 22:15:34 | 000,125,306 | ---- | C] () -- C:\windows\SysNative\Gfxres.zh-TW.resources
[2013/10/31 22:15:34 | 000,123,778 | ---- | C] () -- C:\windows\SysNative\Gfxres.zh-CN.resources
[2013/10/31 22:15:34 | 000,000,264 | ---- | C] () -- C:\windows\SysNative\GfxUI.exe.config
[2013/10/31 22:15:30 | 000,206,088 | ---- | C] () -- C:\windows\SysNative\drivers\RTAIODAT.DAT
[2013/10/31 22:15:23 | 000,001,271 | ---- | C] () -- C:\windows\MFGCLEAN.CMD
[2013/10/31 20:33:36 | 000,001,424 | ---- | C] () -- C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/31 20:30:33 | 000,000,000 | ---- | C] () -- C:\windows\firstboot.dat
[2013/10/31 20:30:24 | 000,000,290 | ---- | C] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/31 20:30:24 | 000,000,272 | ---- | C] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/31 20:03:02 | 000,001,091 | ---- | C] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2013/10/31 20:03:02 | 000,001,089 | ---- | C] () -- C:\Users\Family\Desktop\AIM.lnk
[2013/10/31 19:48:05 | 000,000,113 | ---- | C] () -- C:\Users\Family\Desktop\Facebook.url
[2013/10/31 19:44:28 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/10/31 19:39:37 | 000,001,448 | ---- | C] () -- C:\Users\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/12/08 18:14:58 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/01 08:03:28 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\AVG2014
[2013/10/31 20:33:56 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2013/11/14 03:20:18 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\LSC
[2013/11/13 04:38:37 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Systweak
[2013/11/01 08:02:39 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 11/27/2013 11:18:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.83 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 39.62% Memory free
7.65 Gb Paging File | 4.64 Gb Available in Paging File | 60.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.87 Gb Total Space | 353.35 Gb Free Space | 78.20% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.31 Gb Free Space | 69.94% Space Free | Partition Type: FAT
Drive Q: | 13.67 Gb Total Space | 3.40 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: FAMILY-THINK | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005C9948-85BE-4720-AF00-BAF8947B0E20}" = lport=445 | protocol=6 | dir=in | app=system |
"{24F78252-5585-46EC-9573-E5512C6A38A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA31A06-89DB-4E5C-A00D-AA0BA9518215}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EBBFF48-3FCC-4CA7-B837-46FA10C61275}" = lport=138 | protocol=17 | dir=in | app=system |
"{424BEC65-E769-47F1-86A1-88EA957E69B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46A5CE45-DAE6-440E-92A7-F935035BE8C3}" = rport=445 | protocol=6 | dir=out | app=system |
"{48A8FFB2-E5A1-4A48-8C2E-F80ACFA2348A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5567969E-55A8-4B66-A167-850D7684250B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5982CC39-DD0F-4724-956F-C9D28DA1E830}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6107FF0F-5664-4147-8FAD-52F0FF39D0BC}" = rport=137 | protocol=17 | dir=out | app=system |
"{6AD22764-3752-4A40-9992-2ED0E9305ED1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E4B7737-9530-4C07-9D6D-23CC2CD931AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80C8A802-6DB4-45C9-B7BF-5E5301ED9419}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88676BFB-F099-4652-80D0-2BE253DE3DF8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F08F201-7BE1-4AC0-B675-DBA3F4EE478B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{928AC811-7195-400F-A1F9-C696BA8C35BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{A3ACFDCA-5F26-43D0-B085-3DD5C3EDF348}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A663D571-0D98-4B1F-81B8-6DDFF9FE189D}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBF9D1C5-108E-4431-AB2F-5793209ED2A1}" = lport=137 | protocol=17 | dir=in | app=system |
"{C037260E-019E-4235-A2D6-ED543D0A391B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D46C211A-F8FC-412E-B130-518859C1583E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E1A68ABD-8EA3-4706-A83F-B3565544476E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC6BE4AA-DC35-451E-8175-EFB77AA0770D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F15B7E23-7DA7-40FE-8F17-99EF933F156B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F2330E18-A656-47AD-A3DB-20B91D098DC9}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0900F2CA-914D-4EBB-95DF-CA86D4655A06}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{1B36BD87-F4F8-4A5F-97A8-6C630FFB2046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22884A09-26F4-4C76-B9F4-283FBE4341DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25ADD382-8B44-4A91-9157-5DDF45EE202E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{290AA402-306E-490A-AAA8-E415A9DEDD87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B2A9DCC-F858-4DAD-8AEF-D8B6D92D8CF4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2BE4C4D0-96AD-4FEA-A483-54C6A88DA500}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C3907C3-C9C8-4C7B-865C-5A874888B4E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41A7EE81-3BC0-42A6-B202-5ACB856CCB43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41D65E09-08DC-4EED-AC85-974962E9887E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43887764-3ADE-476E-8491-C5E2091E19C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{4B8E1E02-BA98-4DAE-B481-9BF3C2F2D9A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EE04F02-4346-4DEB-AE74-FC6E070CB906}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6AA32853-D656-4611-B40F-2BE125257C0C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{6B2E466E-FD57-475A-9E15-715B8EBC103C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70715FCD-7D7C-4B80-A776-27D700212A5C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8635ECCF-A909-42A2-94F8-F5511FEE1092}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{87D40F64-A5E2-4A79-92A9-682CBB49E198}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F309819-7596-4401-BB95-8B81C376D12F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{979C76B5-EB34-45E1-974F-3B3D9AB68A55}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{9ED56409-D737-4ABB-AF32-9701B6FCB312}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A96307B1-C6F1-428B-AB9E-4250C1C03CC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD1A6FC4-6894-4088-A496-D0D3356BE99D}" = protocol=6 | dir=out | app=system |
"{ADE814F2-85FF-4F08-864E-AD0286372EF6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{AE113007-6223-4C1D-A552-1B1739287E33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC362CBF-A911-4EE8-9DE4-3CF34600CD5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2D01596-2E65-4143-B66B-DD9556A8FB16}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CDD2BF61-4D7C-4EEF-9DF4-835E0F02758B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2ADF1F1-9B7A-45CD-A459-A2E45D055D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{F1A3CFFA-B72A-49BA-ABA9-D63A84AFE619}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F9A7BE8E-76CC-491C-86B1-797E669B9296}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"TCP Query User{6BD988A6-E944-4FF6-B416-99EC7D7E286F}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"UDP Query User{5D5DC3F8-FA80-4D77-B20A-C82ACDE02F05}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{1D005A51-8EA5-42F8-B37B-FD30FEEF0D04}" = AVG 2014
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E810AB6-F34E-49A3-A93F-9E503660F718}" = ScorpionSaver Services
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C6254514-DD94-45E5-87C0-B9CB90A34C89}" = View Management Utility
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}" = Lenovo Solution Center
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows Driver Package - Intel USB (12/21/2010 9.2.0.1021)
"171901D8B4D5484C362A709BF264A50F065A14FB" = Windows Driver Package - Intel hdc (09/10/2010 9.2.0.1011)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows Driver Package - Intel System (11/20/2010 9.2.0.1016)
"5DE3700033F94FCFD8726BE46A6727E460254CD5" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543)
"69A53671180AECD99453E40E613B8E7237D26CDB" = Windows Driver Package - Intel (NETwNs64) net (02/20/2012 15.1.0.18)
"6AF882A8E50505CE490495746E271C3F586F9110" = Windows Driver Package - Intel Corporation (igfx) Display (03/19/2012 8.15.10.2696)
"8384654D490AA4CB537BE669DA59242CA3D85FF0" = Windows Driver Package - Intel® Corporation (IntcDAud) MEDIA (12/06/2011 6.14.00.3090)
"93D0B653D730EB57C01C763D1BE4E63ABC9204F0" = Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011)
"AVG" = AVG 2014
"D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
"Lenovo Ultraslim Plus Wireless Keyboard & Mouse" = Lenovo Ultraslim Plus Wireless Keyboard & Mouse
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel® Identity Protection Technology 1.2.22.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C5C91B7B-38A6-40B7-84D6-E44885E44B13}" = LBAI
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkVantage Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}" = QuickShare
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Fastboot" = RapidBoot HDD Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}" = View Management Utility
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"NIS" = Norton Internet Security
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2013 1:30:49 AM | Computer Name = Family-THINK | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Lenovo\lenovo
solution center\App\diag\flex_comm_sample.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2013 10:25:14 PM | Computer Name = Family-THINK | Source = Application Hang | ID = 1002
Description = The program PhotoScreensaver.scr version 6.1.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1bdc Start
Time: 01cede771dd29791 Termination Time: 10 Application Path: C:\windows\system32\PhotoScreensaver.scr

Report
Id: 559f2b1e-4a78-11e3-92c7-681729706853

Error - 11/11/2013 1:30:07 AM | Computer Name = Family-THINK | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lenovo\Lenovo
Solution Center\App\diag\flex_comm_sample.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2013 1:30:48 AM | Computer Name = Family-THINK | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Lenovo\lenovo
solution center\App\diag\flex_comm_sample.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2013 10:05:48 AM | Computer Name = Family-THINK | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 30.0.1599.101 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 19d0 Start
Time: 01cededfa5678bd2 Termination Time: 31 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report
Id: 58196f5a-4ada-11e3-92c7-681729706853

Error - 11/11/2013 2:00:19 PM | Computer Name = Family-THINK | Source = Application Hang | ID = 1002
Description = The program PhotoScreensaver.scr version 6.1.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c2c Start
Time: 01cedef139a81073 Termination Time: 36 Application Path: C:\windows\system32\PhotoScreensaver.scr

Report
Id: 1dfb89db-4afb-11e3-92c7-681729706853

Error - 11/11/2013 7:14:12 PM | Computer Name = Family-THINK | Source = Application Hang | ID = 1002
Description = The program PhotoScreensaver.scr version 6.1.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1e20 Start
Time: 01cedf11f0d0d926 Termination Time: 36 Application Path: C:\windows\system32\PhotoScreensaver.scr

Report
Id: f764b500-4b26-11e3-92c7-681729706853

Error - 11/11/2013 10:47:53 PM | Computer Name = Family-THINK | Source = Application Hang | ID = 1002
Description = The program PhotoScreensaver.scr version 6.1.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 26f8 Start
Time: 01cedf3f08b353fe Termination Time: 20 Application Path: C:\windows\system32\PhotoScreensaver.scr

Report
Id: d17ef139-4b44-11e3-92c7-681729706853

Error - 11/12/2013 1:30:08 AM | Computer Name = Family-THINK | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lenovo\Lenovo
Solution Center\App\diag\flex_comm_sample.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/12/2013 1:30:45 AM | Computer Name = Family-THINK | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Lenovo\lenovo
solution center\App\diag\flex_comm_sample.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 11/14/2013 5:37:32 AM | Computer Name = Family-THINK | Source = DCOM | ID = 10016
Description =

Error - 11/14/2013 10:17:25 PM | Computer Name = Family-THINK | Source = DCOM | ID = 10010
Description =

Error - 11/14/2013 10:19:24 PM | Computer Name = Family-THINK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/14/2013 10:20:01 PM | Computer Name = Family-THINK | Source = DCOM | ID = 10016
Description =

Error - 11/14/2013 10:22:14 PM | Computer Name = Family-THINK | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 11/17/2013 7:54:14 AM | Computer Name = Family-THINK | Source = bowser | ID = 8003
Description =

Error - 11/17/2013 3:59:40 PM | Computer Name = Family-THINK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/17/2013 4:00:27 PM | Computer Name = Family-THINK | Source = DCOM | ID = 10016
Description =

Error - 11/17/2013 4:02:44 PM | Computer Name = Family-THINK | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 11/18/2013 3:09:45 AM | Computer Name = Family-THINK | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

Similar Topics: a.targetingadvertiser mal/adware [Solved]     x


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 2,046 posts
Hi! My name is zep516 and Welcome to geekstogo
I'll do the best I can to resolve your computer issue
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


First

You have 2 Anti Virus programs running.

  • AVG 2014
  • Norton Internet Security

The real-time protection of two antivirus programs may conflict with each other and cause the following:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.


Please let me know which one you want to keep, then I'll provide a removal tool for the other and we will remove it, this ensures complete removal.

Once that is done we can start removing some of the add-ware / Malware specifically (scorpion saver) that I see in your log reports.

Thanks
Joe :)
  • 0

#3
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
Hello, this the family member :). I would like to keep AVG and remove Norton. Thank you so much!
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 2,046 posts
Hi ncrunch32,

Download and run the Norton Removal Tool from https://support.nort..._en_us?src=nrt'>Here This will remove all of Norton.

Next


Lets remove / uninstall those programs listed below. To do that:
==> Click > Start > Control Panel > Programs & Features. Finding in the list:
  • ScorpionSaver Services
  • ScorpionSaver
Uninstall each of those.

Next

We need to do a fix to delete some files using OTL

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Family\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
    [2013/11/14 04:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ScorpionSaver Services
    2013/11/14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
    [2013/11/14 04:34:57 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysWow64\AdpeakProxy.dll
    [2013/11/13 04:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
    [2013/11/13 04:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
    [2013/11/13 04:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
    [2013/11/13 04:31:48 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Systweak
    [2013/11/13 04:31:45 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\SysNative\roboot64.exe
    [2013/11/13 04:31:21 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Programs
    [2013/11/13 04:30:06 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Smartbar
    [2013/11/06 15:42:12 | 000,005,360 | ---- | M] () -- C:\windows\SysWow64\AdpeakProxy.ini
    [2013/11/06 15:42:12 | 000,005,360 | ---- | M] () -- C:\windows\SysNative\AdpeakProxy.ini
    [2013/11/06 15:32:48 | 000,002,312 | ---- | M] () -- C:\windows\SysWow64\AdpeakProxyOff.ini
    [2013/11/06 15:32:48 | 000,002,312 | ---- | M] () -- C:\windows\SysNative\AdpeakProxyOff.ini
    [2013/11/06 15:42:12 | 000,005,360 | ---- | C] () -- C:\windows\SysWow64\AdpeakProxy.ini
    [2013/11/06 15:42:12 | 000,005,360 | ---- | C] () -- C:\windows\SysNative\AdpeakProxy.ini
    [2013/11/06 15:32:48 | 000,002,312 | ---- | C] () -- C:\windows\SysWow64\AdpeakProxyOff.ini
    [2013/11/06 15:32:48 | 000,002,312 | ---- | C] () -- C:\windows\SysNative\AdpeakProxyOff.ini
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open (AdwCleaner[S0].txt) after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

Posted Image Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next

Download Security Check by screen317 from http://screen317.spy...curityCheck.exe or http://screen317.cha...curityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the following logs in your next reply:

  • C:\_OTL\Moved Files
  • OTL.txt
  • JRT.txt
  • AdwCleaner[S0].txt
  • checkup.txt

Tell me how the computer is now
Thanks
Joe :)
  • 0

#5
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
Thank you for the instructions! Given that it is Thanksgiving weekend I have had lots of people here who were frustrated with my kitchen computer (which we use to drive the TV). My son went ahead and uninstalled all programs that we did not recognize. We began by uninstalling both Norton and AVG. That didn't fix the problem.

We then uninstalled any programs we didn't recognize like scorpion, evernote, etc. Once we did that everything was good. I intend to read your note more carefully and execute the commands/ execs you sent. I really appreciate your help with this!

Joe
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 2,046 posts
Hi ncrunch32

That's fine, But

We began by uninstalling both Norton and AVG. That didn't fix the problem.


You left yourself without an Anti Virus program
I would not be surfing around the Internet until we "address" that issue. So,

I would temporarily install Microsoft Security Essentials from http://windows.micro...tials-download'>Here.

Then follow the already given instructions in post # 4 and post the log reports asked for. When you get time.

Thanks
Joe

Edited by zep516, 01 December 2013 - 10:47 AM.

  • 0

#7
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
Hello, I ran the exec's you described and attached the log files. My system is running great now. Thanks!

The only issue I had was that the "Security Check" program came back with "UNSUPPORTED OPERATING SYSTEM! ABORTED!".

Joe

Attached Files


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 2,046 posts
Very well !

You did get the Anti Virus installed?

I'll look over the logs and post additional instruction Tomorrow.
What we usually finish with is an online scan and then we remove our tools.

So stay with me until that is accomplished...

Thanks
Joe :)

Posting log reports

Moved files.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
File C:\Program Files (x86)\ScorpionSaver\IECore.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper not found.
File C:\Users\Family\AppData\Local\Smartbar\Application\QuickShare.exe not found.
Folder C:\Program Files\ScorpionSaver Services\ not found.
C:\Windows\SysWOW64\AdpeakProxy.dll moved successfully.
Folder C:\Program Files (x86)\ScorpionSaver\ not found.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Users\Family\AppData\Roaming\Systweak folder moved successfully.
C:\Windows\SysNative\roboot64.exe moved successfully.
C:\Users\Family\AppData\Local\Programs\Common folder moved successfully.
C:\Users\Family\AppData\Local\Programs folder moved successfully.
Folder C:\Users\Family\AppData\Local\Smartbar\ not found.
File C:\windows\SysWow64\AdpeakProxy.ini not found.
File C:\windows\SysNative\AdpeakProxy.ini not found.
File C:\windows\SysWow64\AdpeakProxyOff.ini not found.
File C:\windows\SysNative\AdpeakProxyOff.ini not found.
File C:\windows\SysWow64\AdpeakProxy.ini not found.
File C:\windows\SysNative\AdpeakProxy.ini not found.
File C:\windows\SysWow64\AdpeakProxyOff.ini not found.
File C:\windows\SysNative\AdpeakProxyOff.ini not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Family\Downloads\cmd.bat deleted successfully.
C:\Users\Family\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Family
->Temp folder emptied: 282534085 bytes
->Temporary Internet Files folder emptied: 399701216 bytes
->Google Chrome cache emptied: 542274643 bytes
->Flash cache emptied: 59607 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 336557599 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43276267 bytes
RecycleBin emptied: 220120255 bytes

Total Files Cleaned = 1,740.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12012013_171858

Files\Folders moved on Reboot...
C:\Users\Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


quick scan

OTL logfile created on: 12/1/2013 5:28:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.83 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 53.79% Memory free
7.65 Gb Paging File | 5.63 Gb Available in Paging File | 73.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.87 Gb Total Space | 352.27 Gb Free Space | 77.96% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.31 Gb Free Space | 69.94% Space Free | Partition Type: FAT
Drive Q: | 13.67 Gb Total Space | 3.40 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: FAMILY-THINK | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 23:17:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.exe
PRC - [2013/11/21 18:40:21 | 002,334,384 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/11/21 18:40:21 | 001,643,696 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
PRC - [2013/11/21 18:40:21 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/09 16:39:10 | 001,074,216 | ---- | M] (AOL Inc.) -- C:\Users\Family\AppData\Local\AOL\AIM\aim.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe
PRC - [2012/03/16 19:36:10 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012/02/24 13:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2012/02/22 03:21:19 | 000,070,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
PRC - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
PRC - [2012/02/09 21:13:08 | 000,279,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 18:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/12/19 21:16:42 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/21 18:40:21 | 002,334,384 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/11/21 18:40:21 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\log4cplusU.dll
MOD - [2013/11/21 18:40:21 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\SiteSafety.dll
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/02 07:34:10 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
MOD - [2013/11/02 07:34:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
MOD - [2013/11/02 06:53:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/02 06:52:33 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/02 06:52:28 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/02 06:52:16 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/11/02 06:52:08 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/02 06:52:04 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/11/02 06:52:03 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/02 06:51:29 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/10/08 12:35:25 | 016,233,864 | ---- | M] () -- C:\Users\Family\AppData\Local\AOL\AIM\NPSWF32.dll
MOD - [2013/09/09 16:39:08 | 023,782,440 | ---- | M] () -- C:\Users\Family\AppData\Local\AOL\AIM\libcef.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD -- (Level Quality Watcher)
SRV:64bit: - [2013/11/26 03:01:54 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/25 16:40:50 | 001,674,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe -- (LBAEvent)
SRV:64bit: - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/12/08 18:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/21 18:40:21 | 001,643,696 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe -- (vToolbarUpdater17.1.3)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/01 08:16:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/22 00:34:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/16 19:36:10 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/02/22 03:20:18 | 000,165,176 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 03:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/19 23:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/01 18:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/14 16:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2011/12/13 13:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/12/13 13:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/12/08 18:18:38 | 000,009,600 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LBAI.sys -- (LBAI)
DRV:64bit: - [2011/12/08 15:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/08 15:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/05 15:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/09 12:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/05/29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENP_enUS560
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/10/31 22:56:50 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: LastPass = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.16_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: LastPass Vault = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: Google Wallet = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Input Device Main Program] C:\Program Files\Lenovo\Lenovo Ultraslim Plus Wireless Keyboard & Mouse\Pelico.exe (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.EXE ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AIM for Windows] C:\Users\Family\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Family\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=71fc9c70750f47d39295b95e6f9481a0-9c02c891504833e5dc217909a6d01daf133d3757 /CMPID=1113a File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C07E91B1-59C7-4EBD-99AE-F9F2AE4A0DF1}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/14 21:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011/12/14 21:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/01 17:18:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/01 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/12/01 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/29 19:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/11/29 18:49:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AVG Secure Search
[2013/11/29 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2014
[2013/11/20 18:40:17 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AVG SafeGuard toolbar
[2013/11/20 18:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2013/11/20 18:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/11/20 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/11/14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
[2013/11/14 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/11/13 04:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/13 04:31:52 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/02 04:12:14 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2013/11/02 04:12:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2013/11/02 02:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/11/02 02:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/11/02 02:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2013/12/01 17:29:51 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/01 17:29:51 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/01 17:22:25 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/01 17:22:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/01 17:22:07 | 3082,674,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/01 17:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/01 17:02:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/01 16:07:52 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/11/29 18:53:12 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/29 18:53:12 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/29 18:53:12 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/26 08:54:35 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/26 03:01:57 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 20:14:45 | 629,694,464 | -HS- | M] () -- C:\windows\lenovo_fastboot.img
[2013/11/13 05:02:54 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/02 06:49:47 | 000,293,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/12/01 16:07:52 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/12/01 16:07:44 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/26 03:01:57 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/13 05:02:54 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/13 04:36:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/02 02:17:27 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/10/31 22:15:39 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2013/10/31 22:15:36 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2013/10/31 22:15:36 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/10/31 22:15:35 | 013,024,256 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2013/10/31 20:30:33 | 000,000,000 | ---- | C] () -- C:\windows\firstboot.dat
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/12/08 18:14:58 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/31 20:33:56 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2013/11/14 03:20:18 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\LSC
[2013/11/01 08:02:39 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

adw .txt

# AdwCleaner v3.014 - Report created 01/12/2013 at 17:37:03
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Family - FAMILY-THINK
# Running from : C:\Users\Family\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Family\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Family\AppData\Local\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4794 octets] - [01/12/2013 17:34:23]
AdwCleaner[S0].txt - [4712 octets] - [01/12/2013 17:37:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4772 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Family on Sun 12/01/2013 at 17:47:30.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/01/2013 at 17:51:14.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by zep516, 01 December 2013 - 05:52 PM.

  • 0

#9
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
Yes, I installed microsoft security essentials.
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 2,046 posts
OK...

Hi ncrunch32,

RE: Anti Virus
I see you do have Micrsoft Security Esstianals running :)

As usual there are a lot of left over AVG Files / Folders. So First,

Lets run the AVG UNINSTALL TOOL FROM HERE
Save the file to the desktop and run the tool.
This will remove all of AVG left over files for you.
After running the AVG removal tool a log-file will be created/on the desktop,no need to review this unless a problem encountered during the process.

Then

We have some left over items to address

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD -- (Level Quality Watcher)
    SRV - [2013/11/21 18:40:21 | 001,643,696 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe -- (vToolbarUpdater17.1.3)
    SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Family\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=71fc9c70750f47d39295b95e6f9481a0-9c02c891504833e5dc217909a6d01daf133d3757 /CMPID=1113a File not found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
    [2013/11/29 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2014
    [2013/11/20 18:40:17 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AVG SafeGuard toolbar
    [2013/11/20 18:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
    [2013/11/20 18:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2013/11/20 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2013/11/14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
    
    :Commands
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

In your next reply:
Post the log that is found in
  • C:\_OTL\Moved Files
  • OTL.Txt log from quick scan

Thanks
Joe :)

Edited by zep516, 03 December 2013 - 04:25 PM.

  • 0

#11
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
Done! Files are attached.

Attached Files


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 2,046 posts
Thanks,

I'm posting the logs to the forum. I'll review and be back with you.

How is the computer running?

Posting Logs

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
File C:\Program Files (x86)\ScorpionSaver\IECore.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper not found.
File C:\Users\Family\AppData\Local\Smartbar\Application\QuickShare.exe not found.
Folder C:\Program Files\ScorpionSaver Services\ not found.
C:\Windows\SysWOW64\AdpeakProxy.dll moved successfully.
Folder C:\Program Files (x86)\ScorpionSaver\ not found.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Users\Family\AppData\Roaming\Systweak folder moved successfully.
C:\Windows\SysNative\roboot64.exe moved successfully.
C:\Users\Family\AppData\Local\Programs\Common folder moved successfully.
C:\Users\Family\AppData\Local\Programs folder moved successfully.
Folder C:\Users\Family\AppData\Local\Smartbar\ not found.
File C:\windows\SysWow64\AdpeakProxy.ini not found.
File C:\windows\SysNative\AdpeakProxy.ini not found.
File C:\windows\SysWow64\AdpeakProxyOff.ini not found.
File C:\windows\SysNative\AdpeakProxyOff.ini not found.
File C:\windows\SysWow64\AdpeakProxy.ini not found.
File C:\windows\SysNative\AdpeakProxy.ini not found.
File C:\windows\SysWow64\AdpeakProxyOff.ini not found.
File C:\windows\SysNative\AdpeakProxyOff.ini not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Family\Downloads\cmd.bat deleted successfully.
C:\Users\Family\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Family
->Temp folder emptied: 282534085 bytes
->Temporary Internet Files folder emptied: 399701216 bytes
->Google Chrome cache emptied: 542274643 bytes
->Flash cache emptied: 59607 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 336557599 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43276267 bytes
RecycleBin emptied: 220120255 bytes

Total Files Cleaned = 1,740.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12012013_171858

Files\Folders moved on Reboot...
C:\Users\Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL

OTL logfile created on: 12/3/2013 5:01:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Family\Desktop\System Cleanup Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.83 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 48.09% Memory free
7.65 Gb Paging File | 5.50 Gb Available in Paging File | 71.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.87 Gb Total Space | 350.57 Gb Free Space | 77.58% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.31 Gb Free Space | 69.94% Space Free | Partition Type: FAT
Drive Q: | 13.67 Gb Total Space | 3.40 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: FAMILY-THINK | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 23:17:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\System Cleanup Programs\OTL.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/09 16:39:10 | 001,074,216 | ---- | M] (AOL Inc.) -- C:\Users\Family\AppData\Local\AOL\AIM\aim.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe
PRC - [2012/03/16 19:36:10 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012/02/24 13:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2012/02/22 03:21:19 | 000,070,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
PRC - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
PRC - [2012/02/09 21:13:08 | 000,279,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 18:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/12/19 21:16:42 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/11/02 07:34:10 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
MOD - [2013/11/02 07:34:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
MOD - [2013/11/02 06:53:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/02 06:52:33 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/02 06:52:28 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/02 06:52:16 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/11/02 06:52:08 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/02 06:52:04 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/11/02 06:52:03 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/02 06:51:29 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/10/08 12:35:25 | 016,233,864 | ---- | M] () -- C:\Users\Family\AppData\Local\AOL\AIM\NPSWF32.dll
MOD - [2013/09/09 16:39:08 | 023,782,440 | ---- | M] () -- C:\Users\Family\AppData\Local\AOL\AIM\libcef.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:01:54 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/25 16:40:50 | 001,674,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe -- (LBAEvent)
SRV:64bit: - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/12/08 18:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/01 08:16:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/22 00:34:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/16 19:36:10 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/02/22 03:20:18 | 000,165,176 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 03:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/19 23:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/01 18:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/14 16:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2011/12/13 13:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/12/13 13:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/12/08 18:18:38 | 000,009,600 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LBAI.sys -- (LBAI)
DRV:64bit: - [2011/12/08 15:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/08 15:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/05 15:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/09 12:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/05/29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENP_enUS560
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/10/31 22:56:50 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: LastPass = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.16_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: LastPass Vault = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: Google Wallet = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Input Device Main Program] C:\Program Files\Lenovo\Lenovo Ultraslim Plus Wireless Keyboard & Mouse\Pelico.exe (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.EXE ()
O4 - HKCU..\Run: [AIM for Windows] C:\Users\Family\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Family\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=71fc9c70750f47d39295b95e6f9481a0-9c02c891504833e5dc217909a6d01daf133d3757 /CMPID=1113a File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C07E91B1-59C7-4EBD-99AE-F9F2AE4A0DF1}: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/14 21:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011/12/14 21:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/01 18:32:59 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\System Cleanup Programs
[2013/12/01 17:47:29 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/01 17:34:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/01 17:18:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/01 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/12/01 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
[2013/11/14 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/11/13 04:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/13 04:31:52 | 000,000,000 | ---D | C] -- C:\temp

========== Files - Modified Within 30 Days ==========

[2013/12/03 17:02:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/03 16:56:26 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 16:56:26 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 16:49:15 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/03 16:49:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/03 16:49:03 | 3082,674,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 16:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/03 10:16:54 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/03 10:16:54 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/03 10:16:54 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/01 18:45:35 | 000,002,128 | ---- | M] () -- C:\Users\Family\Desktop\Microsoft Security Essentials.lnk
[2013/12/01 16:07:52 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/11/26 03:01:57 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 20:14:45 | 629,694,464 | -HS- | M] () -- C:\windows\lenovo_fastboot.img
[2013/11/13 05:02:54 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/12/01 18:45:35 | 000,002,128 | ---- | C] () -- C:\Users\Family\Desktop\Microsoft Security Essentials.lnk
[2013/12/01 16:07:52 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/12/01 16:07:44 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/26 03:01:57 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/13 05:02:54 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/13 04:36:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/31 22:15:39 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2013/10/31 22:15:36 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2013/10/31 22:15:36 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/10/31 22:15:35 | 013,024,256 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2013/10/31 20:30:33 | 000,000,000 | ---- | C] () -- C:\windows\firstboot.dat
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/12/08 18:14:58 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/31 20:33:56 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2013/11/14 03:20:18 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\LSC
[2013/11/01 08:02:39 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< :COMMANDS >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,010,940 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2013/10/31 22:51:46 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/10/31 22:51:47 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 08:16:51 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< >

< :OTL >

< SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD -- (Level Quality Watcher) >

< SRV - [2013/11/21 18:40:21 | 001,643,696 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe -- (vToolbarUpdater17.1.3) >
Invalid Switch: 21 18:40:21 | 001,643,696 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe -- (vToolbarUpdater17.1.3)

< SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) >
Invalid Switch: 11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)

< SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd) >
Invalid Switch: 24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)

< FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found >
Invalid Switch: FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found

< O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. >

< O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. >

< O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Family\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=71fc9c70750f47d39295b95e6f9481a0-9c02c891504833e5dc217909a6d01daf133d3757 /CMPID=1113a File not found >
Invalid Switch: CMPID=1113a File not found

< O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search) >

< [2013/11/29 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2014 >
Invalid Switch: 29 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Avg2014

< [2013/11/20 18:40:17 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AVG SafeGuard toolbar >
Invalid Switch: 20 18:40:17 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\AVG SafeGuard toolbar

< [2013/11/20 18:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar >
Invalid Switch: 20 18:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar

< [2013/11/20 18:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search >
Invalid Switch: 20 18:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

< [2013/11/20 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar >
Invalid Switch: 20 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar

< [2013/11/14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll >
Invalid Switch: 14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll

< >

< :Commands >

< [emptytemp] >

< End of report >

Thanks
Joe :)
  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 2,046 posts
Hi ncrunch32,

No need to attach log reports, unless asked. Just copy & paste them into the reply box.

A few more items to fix

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Family\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=71fc9c70750f47d39295b95e6f9481a0-9c02c891504833e5dc217909a6d01daf133d3757 /CMPID=1113a File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    [2013/11/14 04:35:03 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
    
    
    :Commands
    [RESETHOSTS] 
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

In your next reply:
  • Post the log that is found in C:\_OTL\Moved Files
  • Open OTL again and click the Quick Scan button.

  • 0

#14
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
Hello, sorry it has taken so long to run these. My computer is running great now! The only thing is that, after running this OTL exec, the text on my screen is "splotchy". Some characters appear to be lighter than others. I have been experimenting with resolution but haven't found one that works yet. I have attached a screen shot of some text in the file names "capture".

Joe



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1113a deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Windows\SysNative\AdpeakProxy64.dll moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Family
->Temp folder emptied: 3182276 bytes
->Temporary Internet Files folder emptied: 86076512 bytes
->Google Chrome cache emptied: 456455131 bytes
->Flash cache emptied: 1440 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 966562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 634 bytes

Total Files Cleaned = 521.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12102013_115136

Files\Folders moved on Reboot...
C:\Users\Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2OIQU3H\0[1].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2OIQU3H\frame[3].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2OIQU3H\frame[4].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N2OIQU3H\rs=AItRSTNeEDFVNOo8wcSh_ZOK7b3YvvAp-A[1].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48N58CX5\chat_message_52df20dbc4522c398abba5d0b6377131[1].dat moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48N58CX5\gplus_notifications_gadget[1].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48N58CX5\hangout_ring_f13d5bf9c59a18f0580b7bbeb303c1bb[1].dat moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48N58CX5\recentposts[1].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NBUIDPQ\0[3].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NBUIDPQ\frame[1].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NBUIDPQ\hovercard[1].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NBUIDPQ\index[2].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NBUIDPQ\openhand[1].cur moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NBUIDPQ\postmessageRelay[2].htm moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




OTL logfile created on: 12/10/2013 12:11:59 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Family\Desktop\System Cleanup Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.83 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.52% Memory free
7.65 Gb Paging File | 5.78 Gb Available in Paging File | 75.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.87 Gb Total Space | 351.18 Gb Free Space | 77.72% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.31 Gb Free Space | 69.94% Space Free | Partition Type: FAT
Drive Q: | 13.67 Gb Total Space | 3.40 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: FAMILY-THINK | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/27 23:17:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\System Cleanup Programs\OTL.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/09 16:39:10 | 001,074,216 | ---- | M] (AOL Inc.) -- C:\Users\Family\AppData\Local\AOL\AIM\aim.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe
PRC - [2012/02/24 13:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2012/02/22 03:21:19 | 000,070,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
PRC - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
PRC - [2012/02/09 21:13:08 | 000,279,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 18:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/12/19 21:16:42 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 21:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/02 07:34:10 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
MOD - [2013/11/02 07:34:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
MOD - [2013/11/02 06:53:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/02 06:52:33 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/02 06:52:28 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/02 06:52:16 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/11/02 06:52:08 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/02 06:52:04 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/11/02 06:52:03 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/02 06:51:29 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/10/08 12:35:25 | 016,233,864 | ---- | M] () -- C:\Users\Family\AppData\Local\AOL\AIM\NPSWF32.dll
MOD - [2013/09/09 16:39:08 | 023,782,440 | ---- | M] () -- C:\Users\Family\AppData\Local\AOL\AIM\libcef.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:01:54 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/25 16:40:50 | 001,674,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/23 21:03:08 | 000,015,520 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe -- (LBAEvent)
SRV:64bit: - [2012/02/09 21:13:06 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/02/09 21:12:54 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/12/08 18:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/01 08:16:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/17 16:30:48 | 000,022,888 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/22 00:34:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/22 03:20:18 | 000,165,176 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/02/22 03:20:02 | 000,070,968 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/02/01 18:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2011/12/19 21:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/12/19 21:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/12/19 21:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/12/15 23:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/15 23:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/05 10:19:24 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/09/28 18:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 03:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/19 23:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/01 18:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/14 16:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2011/12/13 13:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/12/13 13:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/12/08 18:18:38 | 000,009,600 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LBAI.sys -- (LBAI)
DRV:64bit: - [2011/12/08 15:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/08 15:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/05 15:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/09 12:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/05/29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7LENP_enUS560
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/10/31 22:56:50 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: LastPass = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.16_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.21_0\
CHR - Extension: LastPass Vault = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: Google Wallet = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/12/10 11:52:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Input Device Main Program] C:\Program Files\Lenovo\Lenovo Ultraslim Plus Wireless Keyboard & Mouse\Pelico.exe (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.EXE ()
O4 - HKCU..\Run: [AIM for Windows] C:\Users\Family\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C07E91B1-59C7-4EBD-99AE-F9F2AE4A0DF1}: DhcpNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/14 21:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bfc413d-2c84-41bd-96ab-4bb32874185c}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011/12/14 21:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/01 18:32:59 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\System Cleanup Programs
[2013/12/01 17:47:29 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/01 17:34:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/01 17:18:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/01 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/12/01 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/14 03:20:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | C] -- C:\ldiag
[2013/11/13 04:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/13 04:31:52 | 000,000,000 | ---D | C] -- C:\temp

========== Files - Modified Within 30 Days ==========

[2013/12/10 12:12:13 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 12:12:13 | 000,031,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 12:10:50 | 000,005,788 | ---- | M] () -- C:\Users\Family\Desktop\Capture.PNG
[2013/12/10 12:08:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/10 12:05:03 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/10 12:04:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/10 12:04:47 | 3082,674,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/10 11:52:05 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/12/10 11:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/03 10:16:54 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/03 10:16:54 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/03 10:16:54 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/01 18:45:35 | 000,002,128 | ---- | M] () -- C:\Users\Family\Desktop\Microsoft Security Essentials.lnk
[2013/12/01 16:07:52 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/11/26 03:01:57 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 20:14:45 | 629,694,464 | -HS- | M] () -- C:\windows\lenovo_fastboot.img
[2013/11/13 05:02:54 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/12/10 12:10:50 | 000,005,788 | ---- | C] () -- C:\Users\Family\Desktop\Capture.PNG
[2013/12/01 18:45:35 | 000,002,128 | ---- | C] () -- C:\Users\Family\Desktop\Microsoft Security Essentials.lnk
[2013/12/01 16:07:52 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/12/01 16:07:44 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/26 03:01:57 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 03:01:55 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/13 05:02:54 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013/11/13 04:36:19 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/13 04:36:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/31 22:15:39 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2013/10/31 22:15:36 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2013/10/31 22:15:36 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/10/31 22:15:35 | 013,024,256 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2013/10/31 20:30:33 | 000,000,000 | ---- | C] () -- C:\windows\firstboot.dat
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/31 20:33:56 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2013/11/14 03:20:18 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Lenovo
[2013/11/13 05:02:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\LSC
[2013/11/01 08:02:39 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

Attached Thumbnails

  • Capture.PNG

Edited by ncrunch32, 10 December 2013 - 11:24 AM.

  • 0

#15
ncrunch32

ncrunch32

    Member

  • Member
  • PipPip
  • 11 posts
I have reloaded my monitor driver (Samsung Syncmaster S20A300B analog) and rebooted but still text is splotchy. Resolution of 1280 x 960 seems to fix the problem but that is not optimal for my monitor. Optimal for my monitor is 1600 x 900. I have played with microsoft clear text but that just makes the problem worse.

Joe
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured