Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware has frozen my screen - wants to SELL ME A fix [Closed] [Solved


  • This topic is locked This topic is locked

#31
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step #8 Fix with JRT -- log below



Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by WriterOne on Wed 02/26/2014 at 22:08:17.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\bonanzadealslive"
Successfully deleted: [Folder] "C:\Users\WriterOne\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\WriterOne\appdata\local\bonanzadealslive"
Successfully deleted: [Folder] "C:\Users\WriterOne\appdata\locallow\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadeals"
Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadealslive"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Users\WriterOne\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"



~~~ FireFox

Successfully deleted: [File] C:\Users\WriterOne\AppData\Roaming\mozilla\firefox\profiles\y2qknv13.default\user.js
Successfully deleted: [File] C:\Users\WriterOne\AppData\Roaming\mozilla\firefox\profiles\y2qknv13.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Users\WriterOne\AppData\Roaming\mozilla\firefox\profiles\y2qknv13.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted the following from C:\Users\WriterOne\AppData\Roaming\mozilla\firefox\profiles\y2qknv13.default\prefs.js

user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("extensions.mysearchdial.aflt", "irmsd1103");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzztByDyC0FtBzytD0DtBtDyB0C0E0EyCtN0D0Tzu0SyCzyyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
user_pref("extensions.mysearchdial.cr", "1371879283");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtBzytD0DtBtDyB0C0E0EyCtN0D0Tzu0SyCzyyCtN1L2XzutBtFtBt
user_pref("extensions.mysearchdial.id", "8256F290D207CEE6");
user_pref("extensions.mysearchdial.instlDay", "16035");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtBzytD0DtBtDyB0C0E0EyCtN0D0Tzu0SyCzyyCtN1L2XzutBtFt
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtBzytD0DtBtDyB0C0E0EyCtN0D0Tzu0SyCzyyCtN1L2XzutBt
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:15:2");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/26/2014 at 22:13:32.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  • 0

Advertisements


#32
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
For Step 7, click the Clean button.
and re-do step 6
  • 0

#33
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Step 7 -- here is the log after CLEAN -



# AdwCleaner v3.019 - Report created 28/02/2014 at 18:20:38
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : WriterOne - CRCS_LAPTOP
# Running from : C:\Users\WriterOne\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\WriterOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\WriterOne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\WriterOne\AppData\Roaming\Mozilla\Firefox\Profiles\y2qknv13.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6504 octets] - [26/02/2014 21:58:55]
AdwCleaner[R1].txt - [2349 octets] - [28/02/2014 18:19:53]
AdwCleaner[S0].txt - [1943 octets] - [28/02/2014 18:20:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2003 octets] ##########



  • 0

#34
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc....=1371879283=> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\..\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}: "URL" = http://start.mysearc....=1371879283=> in the current context!
Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc....=1371879283=> in the current context!
Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.screennam...6f6c3&locale=us> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}: "URL" = http://start.mysearc....=1371879283=> in the current context!
Error: Unable to interpret < FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"> in the current context!
Error: Unable to interpret < [2013/12/16 00:37:21 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\WriterOne\AppData\Roaming\Mozilla\Firefox\Profiles\y2qknv13.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}> in the current context!
Error: Unable to interpret < [2013/11/26 19:15:26 | 000,000,841 | ---- | M] () -- C:\Users\WriterOne\AppData\Roaming\Mozilla\Firefox\Profiles\y2qknv13.default\searchplugins\Mysearchdial.xml> in the current context!
Error: Unable to interpret < O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found> in the current context!
Error: Unable to interpret < O4 - Startup: C:\Users\WriterOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)> in the current context!
Error: Unable to interpret < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0> in the current context!
Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\MyPC Backup> in the current context!
Error: Unable to interpret < :Commands> in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: WriterOne
->Temp folder emptied: 2304992 bytes
->Temporary Internet Files folder emptied: 22668030 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 784 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41362 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb


Step 6: - Repeat

OTL by OldTimer - Version 3.2.69.0 log created on 02282014_182537

Files\Folders moved on Reboot...
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MUH3E03N\page__st__15[2].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HAIK7Y9C\login[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HAIK7Y9C\size=1300x800;noperf=1;alias=93313514;kvpg=_my.screenname.aol__cqr_login_login[2].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RDOF1PG\login[2].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2RDOF1PG\size=1300x800;noperf=1;alias=93313514;kvpg=_my.screenname.aol__cqr_login_login[2].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



  • 0

#35
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Provide me a fresh set of OTL log. To perform this, re-run OTL and click Quick Scan and post the log when done. Do you still have MyPCBackup folder in your PC? How is your system running?
  • 0

#36
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Here is the Fresh OTL Log.

Everything is running like normal now and the My PC Backup folder is all gone! No longer pops up with each new boot up!!



Excellent.



How does this Fresh Log look?



=========================================================================


OTL logfile created on: 3/3/2014 5:25:46 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WriterOne\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 65.38% Memory free
4.55 Gb Paging File | 3.13 Gb Available in Paging File | 68.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 425.80 Gb Total Space | 387.19 Gb Free Space | 90.93% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.07 Gb Free Space | 92.29% Space Free | Partition Type: NTFS
Drive E: | 3.84 Gb Total Space | 0.90 Gb Free Space | 23.54% Space Free | Partition Type: FAT32

Computer Name: CRCS_LAPTOP | User Name: WriterOne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/19 15:30:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WriterOne\Downloads\OTL.exe
PRC - [2014/02/17 08:09:48 | 012,493,152 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/02/17 08:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/02/17 07:53:06 | 000,202,592 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014/01/11 16:58:00 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/09/17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
PRC - [2012/08/02 15:31:58 | 001,706,576 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
PRC - [2012/07/27 13:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2012/07/27 13:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012/07/18 16:21:06 | 000,066,640 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
PRC - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/12 07:59:15 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
PRC - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/04/24 16:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011/03/09 17:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/23 17:20:37 | 007,041,536 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\bca236f576ea12db3a9191f4586a445a\System.Core.ni.dll
MOD - [2014/02/23 17:20:30 | 010,051,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\f0602360211041a6be208f0b4138dddd\System.ni.dll
MOD - [2014/02/23 17:20:23 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
MOD - [2012/07/18 16:27:00 | 000,021,072 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
MOD - [2012/07/12 07:59:16 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2012/07/12 07:59:16 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
MOD - [2012/07/12 07:59:16 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2012/07/12 07:59:15 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
MOD - [2012/07/12 07:59:15 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
MOD - [2012/07/12 07:59:15 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2012/07/12 07:59:15 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2012/07/12 07:59:15 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll
MOD - [2012/07/12 07:59:15 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
MOD - [2012/07/12 07:59:15 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
MOD - [2012/07/12 07:59:14 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
MOD - [2012/07/12 07:59:14 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll
MOD - [2011/03/09 17:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2011/03/09 17:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/10/26 09:55:36 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/10/26 09:55:36 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/09/17 17:22:40 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/02/17 08:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/11/12 22:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/12 07:17:48 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/18 16:21:06 | 000,066,640 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe -- (Lenovo Smart Update Service)
SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 16:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/26 09:55:36 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/26 09:51:31 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013/10/26 09:51:31 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/07/01 15:51:36 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/27 10:07:42 | 005,361,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/23 02:48:06 | 000,327,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/03/25 12:11:12 | 000,474,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/25 12:11:12 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/13 14:36:36 | 006,835,784 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/10 22:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/01 20:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/30 11:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2012/06/08 12:03:36 | 000,008,704 | ---- | M] (TODO: <Company name>) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LAD.sys -- (LAD)
DRV:64bit: - [2012/06/02 09:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4D2B801A-29FF-47E9-9B2C-654FCEBA8205}
IE:64bit: - HKLM\..\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}: "URL" = http://start.mysearc...r=1371879283=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.screennam...6f6c3&locale=us
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/01/11 16:59:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/11/26 17:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WriterOne\AppData\Roaming\Mozilla\Extensions
[2014/02/26 22:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WriterOne\AppData\Roaming\Mozilla\Firefox\Profiles\y2qknv13.default\extensions
[2013/11/26 17:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/26 17:13:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [Smart Update] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpIdfPlugin.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2050E461-BCC5-4030-AB0B-AC3BEE49E414}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F38B1414-896B-4E1A-A542-9AE2CA6009D7}: DhcpNameServer = 150.100.0.11
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/01 04:42:45 | 000,000,000 | ---D | C] -- C:\Users\WriterOne\Desktop\Metatron
[2014/02/26 22:08:15 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/02/26 22:04:53 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\WriterOne\Desktop\JRT.exe
[2014/02/26 21:58:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/26 21:49:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/14 16:44:15 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/09 16:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/02/09 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

========== Files - Modified Within 30 Days ==========

[2014/03/03 17:22:48 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/03 17:22:48 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/03 17:22:48 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/03 17:22:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/01 04:59:20 | 030,830,041 | ---- | M] () -- C:\Users\WriterOne\Desktop\0250 HCS - Feb 24 Obedience, Self-Discpline & The I AM Presence.mp3
[2014/03/01 04:59:20 | 028,032,032 | ---- | M] () -- C:\Users\WriterOne\Desktop\0200 HCS - 02-09-14 Ascension Lecture Recap.mp3
[2014/03/01 04:48:36 | 023,616,116 | ---- | M] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Cosmic Clearing with the.mp3
[2014/03/01 04:48:36 | 013,721,350 | ---- | M] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Message, Cleanse, and Protection.mp3
[2014/03/01 04:48:36 | 010,315,401 | ---- | M] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ August FullMoon 2011.mp3
[2014/03/01 04:48:02 | 007,031,552 | ---- | M] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Question and Answers 4.1.10.mp3
[2014/03/01 04:47:44 | 003,988,539 | ---- | M] () -- C:\Users\WriterOne\Desktop\Archangel Metatron.mp3
[2014/03/01 04:44:44 | 025,046,611 | ---- | M] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Higher Self Meditation.mp3
[2014/02/28 18:27:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/02/28 18:27:40 | 3322,089,472 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/26 22:39:34 | 000,002,616 | ---- | M] () -- C:\Users\WriterOne\Desktop\hcs notes.rtf
[2014/02/26 22:04:58 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\WriterOne\Desktop\JRT.exe
[2014/02/26 21:57:40 | 001,241,834 | ---- | M] () -- C:\Users\WriterOne\Desktop\AdwCleaner.exe
[2014/02/25 00:21:23 | 024,896,089 | ---- | M] () -- C:\Users\WriterOne\Desktop\0150 HCS - 01-26-14 Using the Chakras to Accelerate Spiritual Growth.mp3
[2014/02/17 15:10:33 | 000,000,369 | ---- | M] () -- C:\Users\WriterOne\AppData\Local\RegisteredPackageInformation.xml
[2014/02/09 20:53:48 | 000,002,763 | ---- | M] () -- C:\ProgramData\connector.swf
[2014/02/09 20:43:41 | 000,001,984 | ---- | M] () -- C:\Users\WriterOne\AppData\Roaming\data.sec

========== Files Created - No Company Name ==========

[2014/03/01 05:08:27 | 013,721,350 | ---- | C] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Message, Cleanse, and Protection.mp3
[2014/03/01 05:08:25 | 003,988,539 | ---- | C] () -- C:\Users\WriterOne\Desktop\Archangel Metatron.mp3
[2014/03/01 05:08:19 | 025,046,611 | ---- | C] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Higher Self Meditation.mp3
[2014/03/01 05:08:16 | 010,315,401 | ---- | C] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ August FullMoon 2011.mp3
[2014/03/01 05:08:10 | 023,616,116 | ---- | C] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Cosmic Clearing with the.mp3
[2014/03/01 05:08:08 | 007,031,552 | ---- | C] () -- C:\Users\WriterOne\Desktop\Archangel Metatron ~ Question and Answers 4.1.10.mp3
[2014/02/26 22:24:11 | 000,002,616 | ---- | C] () -- C:\Users\WriterOne\Desktop\hcs notes.rtf
[2014/02/26 21:58:04 | 001,241,834 | ---- | C] () -- C:\Users\WriterOne\Desktop\AdwCleaner.exe
[2014/02/25 00:20:56 | 024,896,089 | ---- | C] () -- C:\Users\WriterOne\Desktop\0150 HCS - 01-26-14 Using the Chakras to Accelerate Spiritual Growth.mp3
[2014/02/23 15:52:13 | 030,830,041 | ---- | C] () -- C:\Users\WriterOne\Desktop\0250 HCS - Feb 24 Obedience, Self-Discpline & The I AM Presence.mp3
[2014/02/19 18:04:15 | 000,385,614 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2014/02/09 20:52:59 | 000,002,763 | ---- | C] () -- C:\ProgramData\connector.swf
[2014/02/09 20:43:41 | 000,001,984 | ---- | C] () -- C:\Users\WriterOne\AppData\Roaming\data.sec
[2014/02/09 16:18:45 | 028,032,032 | ---- | C] () -- C:\Users\WriterOne\Desktop\0200 HCS - 02-09-14 Ascension Lecture Recap.mp3
[2013/11/29 23:23:29 | 000,000,369 | ---- | C] () -- C:\Users\WriterOne\AppData\Local\RegisteredPackageInformation.xml
[2013/11/26 20:21:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/11/26 18:29:28 | 000,000,021 | ---- | C] () -- C:\windows\CS_SETUP.ini
[2013/11/26 16:02:03 | 000,000,104 | ---- | C] () -- C:\windows\WB3USER.INI
[2013/11/24 23:33:53 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/11/24 14:59:55 | 000,000,343 | ---- | C] () -- C:\windows\lgfwup.ini
[2013/11/24 14:17:35 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/07/24 03:44:24 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013/07/24 03:44:05 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/07/24 03:44:04 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/11/26 16:23:19 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/03 17:26:30 | 000,000,000 | ---D | M] -- C:\Users\WriterOne\AppData\Roaming\ClassicShell
[2013/12/16 18:54:54 | 000,000,000 | ---D | M] -- C:\Users\WriterOne\AppData\Roaming\IngermansonCommunications
[2013/11/24 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\WriterOne\AppData\Roaming\Nitro
[2013/11/25 22:59:04 | 000,000,000 | ---D | M] -- C:\Users\WriterOne\AppData\Roaming\Nitro PDF
[2013/12/22 01:08:47 | 000,000,000 | ---D | M] -- C:\Users\WriterOne\AppData\Roaming\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >












  • 0

#37
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi geeksugarbaby, :)

Everything is running like normal now and the My PC Backup folder is all gone! No longer pops up with each new boot up!!

Magical, isn't it? :lol:

  • Step #9 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}: "URL" = http://start.mysearc...r=1371879283=
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.screennam...6f6c3&locale=us
    O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing

    :Commands
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #10 Scan with Malwarebytes' Anti-Malware
  • Double-click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan. The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the Logs tab in the interface.
  • Copy and Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

  • Step #11 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.


When The Scan is Complete:

  • If No Threats Were Found:

    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

  • Required Log(s):
  • OTL Fix Log;
  • MBAM Fix Log;
  • ESET Scan Log

Regards,
Valinorum
  • 0

#38
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\..\SearchScopes\{4D2B801A-29FF-47E9-9B2C-654FCEBA8205}: "URL" = http://start.mysearc...r=1371879283=> in the current context!
Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.screennam...6f6c3&locale=us> in the current context!
Error: Unable to interpret < O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < :Commands> in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: WriterOne
->Temp folder emptied: 117146 bytes
->Temporary Internet Files folder emptied: 46207055 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 793 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50172 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 58792050 bytes

Total Files Cleaned = 100.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03042014_191936

Files\Folders moved on Reboot...
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\WriterOne\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUY5EFUE\engagement[1].xml moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUY5EFUE\indresume[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLNHKDS2\page__st__30__p__2379761__fromsearch__1[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SLNHKDS2\suite[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1MWPC70\login[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1MWPC70\size=1300x800;noperf=1;alias=93313514;kvpg=_my.screenname.aol__cqr_login_login[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1MWPC70\tcodewads_at[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6QHKN05B\atids[2].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6QHKN05B\Suite[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6QHKN05B\tcode3[1].htm moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\WriterOne\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



  • 0

#39
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.04.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
WriterOne :: CRCS_LAPTOP [administrator]

3/4/2014 8:02:11 PM
mbam-log-2014-03-04 (20-02-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215760
Time elapsed: 4 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BCKD (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\bckd|ImagePath (Trojan.Agent) -> Data: 22.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\WriterOne\Downloads\Mozilla Firefox setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\WriterOne\AppData\Roaming\data.sec (Malware.Trace.E) -> Quarantined and deleted successfully.

(end)



  • 0

#40
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
RE: ESET



OK I TURNED OFF WINDOWS DEFENDER



WITH ESET AFTER CLICKING I AGREE AND START

ALL I GOT WAS A WINDOW THAT SAID:

http://www.eset.com/...-scanner-popup/



AND NOTHING BEYOND THAT
  • 0

Advertisements


#41
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
P.S. THIS WAS AFTER RUNNING INTERNET EXPLORER AS ADMINSTRATOR.



(I TRIED THE INSTRUX FOR FIREFOX BUT I HAVE WINDOWS 8 AND AFTER DOWNLOADING THE EXTRA PROGRAM, I GOT A MESSAGE THAT IT WOULDNT RUN ON MY COMPUTER)







THANKS!!
  • 0

#42
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Were you able to click the start button? If you are seeing a blank window, look below and allow the addon to be install.
  • 0

#43
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
there was no add-on to be installed. Just a blank window...
  • 0

#44
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Look into the main IE window. You may see an add-on installation prompt below.
  • 0

#45
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
I tried ESET again.



no luck.


I even went to the ESET FAQ page and made sure my internet options --security tab was set up properly...



also added ESET;s URL to my SAFE Trusted List.



still no luck...



tried FIREFOX again



same thing.



is there a SUBSTITUTE FOR ESET??????





see attachments

Attached Thumbnails

  • Capture Eset.PNG
  • Eset Firefox.PNG

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP