Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

How do I remove GetPose Stormfall malware [Closed]

Started by Tim Eisner , Jun 01 2014 10:50 AM

Getpose stormfall

This topic is locked

#1
Tim Eisner

Posted 01 June 2014 - 10:50 AM

New Member

Member
8 posts

Help! I downloaded an Excel viewer from CNET and got infected with the Stormfall malware and I don't know how to remove it.

Here is my OTL log:

OTL logfile created on: 6/1/2014 9:39:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.84% Memory free
5.97 Gb Paging File | 2.93 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 75.82 Gb Free Space | 16.67% Space Free | Partition Type: NTFS
Drive Q: | 9.76 Gb Total Space | 3.25 Gb Free Space | 33.32% Space Free | Partition Type: NTFS

Computer Name: THIMKPAD | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/01 09:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2014/05/19 17:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/15 10:31:16 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/09 12:20:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/03/30 09:13:57 | 000,054,960 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2014/03/30 09:13:12 | 001,614,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2014/03/30 09:11:32 | 001,343,472 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/04/22 09:40:54 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/01/29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/01/29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2013/01/10 14:10:44 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/10 14:10:41 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/10 14:10:11 | 005,918,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/25 17:45:14 | 000,082,824 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2011/05/05 20:32:30 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/04/19 03:52:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/03/08 15:14:34 | 000,303,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/03/08 13:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/14 15:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/12/14 15:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/10/29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/07/19 18:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/07/19 18:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/02 20:54:28 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/03/31 22:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/27 05:01:26 | 014,090,688 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/07/13 18:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe
PRC - [2008/10/30 15:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/30 16:41:39 | 000,043,008 | ---- | M] () -- c:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaul_ch.dll
MOD - [2014/05/30 16:41:28 | 000,027,136 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\_multiprocessing.pyd
MOD - [2014/05/30 16:41:27 | 001,159,680 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\_ssl.pyd
MOD - [2014/05/30 16:41:27 | 001,062,400 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._controls_.pyd
MOD - [2014/05/30 16:41:27 | 000,811,008 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._windows_.pyd
MOD - [2014/05/30 16:41:27 | 000,805,888 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._gdi_.pyd
MOD - [2014/05/30 16:41:27 | 000,713,216 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\_hashlib.pyd
MOD - [2014/05/30 16:41:27 | 000,686,080 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\unicodedata.pyd
MOD - [2014/05/30 16:41:27 | 000,127,488 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\pyexpat.pyd
MOD - [2014/05/30 16:41:27 | 000,110,080 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\PyWinTypes27.dll
MOD - [2014/05/30 16:41:27 | 000,070,656 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._html2.pyd
MOD - [2014/05/30 16:41:27 | 000,038,912 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32inet.pyd
MOD - [2014/05/30 16:41:27 | 000,035,840 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32process.pyd
MOD - [2014/05/30 16:41:27 | 000,025,600 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32pdh.pyd
MOD - [2014/05/30 16:41:27 | 000,024,064 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32pipe.pyd
MOD - [2014/05/30 16:41:27 | 000,018,432 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32event.pyd
MOD - [2014/05/30 16:41:27 | 000,010,240 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\select.pyd
MOD - [2014/05/30 16:41:26 | 000,557,056 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\pysqlite2._sqlite.pyd
MOD - [2014/05/30 16:41:26 | 000,525,640 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/30 16:41:26 | 000,320,512 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32com.shell.shell.pyd
MOD - [2014/05/30 16:41:26 | 000,167,936 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32gui.pyd
MOD - [2014/05/30 16:41:26 | 000,128,512 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\_elementtree.pyd
MOD - [2014/05/30 16:41:26 | 000,119,808 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32file.pyd
MOD - [2014/05/30 16:41:26 | 000,108,544 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32security.pyd
MOD - [2014/05/30 16:41:26 | 000,098,816 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32api.pyd
MOD - [2014/05/30 16:41:26 | 000,087,552 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\_ctypes.pyd
MOD - [2014/05/30 16:41:26 | 000,045,568 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\_socket.pyd
MOD - [2014/05/30 16:41:26 | 000,022,528 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32ts.pyd
MOD - [2014/05/30 16:41:26 | 000,017,408 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32profile.pyd
MOD - [2014/05/30 16:41:25 | 001,175,040 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._core_.pyd
MOD - [2014/05/30 16:41:25 | 000,735,232 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._misc_.pyd
MOD - [2014/05/30 16:41:25 | 000,364,544 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\pythoncom27.dll
MOD - [2014/05/30 16:41:25 | 000,078,336 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._animate.pyd
MOD - [2014/05/30 16:41:24 | 000,122,368 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\wx._wizard.pyd
MOD - [2014/05/30 16:41:24 | 000,011,264 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI48523\win32crypt.pyd
MOD - [2014/05/15 10:31:16 | 016,361,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/09 12:20:28 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/30 09:14:09 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll
MOD - [2014/03/30 09:12:57 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2014/02/28 04:02:23 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/28 04:02:22 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/28 04:02:20 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/28 04:02:19 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/28 04:02:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/28 04:02:13 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/28 04:02:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/13 04:26:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 04:26:24 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 04:26:08 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:26:05 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 04:26:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 04:25:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 18:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/05/05 20:32:00 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2011/04/19 03:52:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/27 05:01:30 | 000,058,816 | ---- | M] () -- C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\SPBasic.dll
MOD - [2010/03/27 05:00:08 | 000,070,592 | ---- | M] () -- C:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Alcid.dll
MOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll

========== Services (SafeList) ==========

SRV - [2014/05/15 10:31:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 12:20:29 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/30 09:13:57 | 000,054,960 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2014/03/30 09:13:11 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2014/03/30 09:11:32 | 001,343,472 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2014/03/06 00:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/21 13:39:52 | 000,024,120 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/01/11 08:11:54 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/25 17:45:14 | 000,082,824 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2011/05/27 00:16:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/19 03:52:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/04/19 03:52:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/01/14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/07/19 18:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/07/19 18:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/29 18:25:38 | 000,099,768 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/28 19:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2014/03/30 09:15:52 | 000,078,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2014/03/30 09:14:09 | 000,778,032 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2014/03/30 09:13:43 | 000,066,832 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2014/03/30 09:13:26 | 000,516,936 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2013/08/23 12:48:39 | 000,165,744 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2013/08/07 12:46:04 | 000,360,376 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2013/07/26 10:53:51 | 000,135,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2013/06/26 19:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 19:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 19:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 19:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2013/02/18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/11 08:11:54 | 008,913,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/01/11 08:11:54 | 000,025,376 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2012/11/02 13:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2012/04/17 13:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2011/11/14 19:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011/04/19 03:52:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011/04/19 03:52:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011/01/13 11:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/10 12:42:09 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/15 00:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/08/25 09:45:56 | 000,486,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/07/22 09:38:06 | 000,215,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/07/14 05:42:24 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2010/06/16 14:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 14:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/10 14:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2010/02/26 00:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009/10/25 22:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 18:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV - [2009/09/24 04:58:52 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/09/16 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/01 19:16:16 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/05/10 19:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {E84816C5-83A0-4164-A278-A4F97DC64AD6}
IE - HKLM\..\SearchScopes\{E84816C5-83A0-4164-A278-A4F97DC64AD6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/us/laptop/?c [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {E84816C5-83A0-4164-A278-A4F97DC64AD6}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.kickstar...ch-of-the-ants"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/05/09 12:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2014/03/30 09:06:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/05/09 12:20:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/26 11:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2014/05/27 22:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\extensions
[2014/05/27 22:24:59 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/05/01 19:36:34 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/20 12:30:28 | 000,000,643 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\searchplugins\trovi-search.xml
[2014/05/09 12:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/09 12:20:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/05/26 15:35:09 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:    127.0.0.1   activate.adobe.com
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BF97CDD-C848-4B09-B498-D198787FCD6C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD1CBD65-C01A-492C-B2C0-80C16FCDBBAA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 09:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{b1ebc5f6-8793-11e0-941c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b1ebc5f6-8793-11e0-941c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 14:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{e26924b1-36b2-11e2-9717-f0def11b37d4}\Shell - "" = AutoRun
O33 - MountPoints2\{e26924b1-36b2-11e2-9717-f0def11b37d4}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/01 09:38:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2014/05/31 11:29:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\New folder
[2014/05/20 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{407392FA-6FB1-4F05-81C8-0F1DFD1261D2}
[2014/05/20 12:33:14 | 000,000,000 | -HSD | C] -- C:\Users\Tim\AppData\Local\EmieUserList
[2014/05/20 12:33:14 | 000,000,000 | -HSD | C] -- C:\Users\Tim\AppData\Local\EmieSiteList
[2014/05/20 12:21:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Optimizer Pro
[2014/05/20 12:17:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\IsolatedStorage
[2014/05/20 12:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\webget
[2014/05/20 12:16:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\StormFall
[2014/05/20 12:16:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
[2014/05/20 12:16:05 | 001,705,063 | ---- | C] (AnyProtect.com) -- C:\Users\Tim\AppData\Local\AnyProtectScannerSetup.exe
[2014/05/19 11:05:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{2398FCAC-7F1F-42C4-BAAA-BF5CCF60666A}
[2014/05/16 22:53:59 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{3067C60C-2D43-4F27-B967-BBE65A215A66}
[2014/05/15 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D252AA83-7DC8-4900-B106-2E71B773977A}
[2014/05/14 15:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/14 15:36:52 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/13 19:35:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DropboxMaster
[2014/05/13 18:50:36 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/05/13 18:50:36 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/13 18:50:28 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/05/13 18:50:28 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/05/13 18:50:27 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2014/05/13 18:50:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
[2014/05/13 18:50:26 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
[2014/05/13 18:50:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
[2014/05/13 18:50:26 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
[2014/05/13 18:50:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014/05/13 18:50:25 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
[2014/05/13 18:50:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2014/05/09 22:33:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{F35C4FF6-8678-46F0-8C5F-67F8B1E4DFD5}
[2014/05/09 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\GoPro
[2014/05/09 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Plythrough Video
[2014/05/09 20:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/05/09 20:22:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\GoPro
[2014/05/09 20:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm
[2014/05/09 12:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/07 12:32:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{C64DD0BF-F729-4DAB-B60A-144599DAE914}
[2014/05/05 23:54:34 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/01 09:43:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/01 09:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2014/06/01 09:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 09:26:07 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2014/06/01 09:22:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1518848740-4250292544-4256302612-1002UA.job
[2014/06/01 09:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/31 18:48:18 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1518848740-4250292544-4256302612-1002Core.job
[2014/05/31 18:42:42 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/31 12:05:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\PassShow Update.job
[2014/05/31 09:48:58 | 000,001,456 | ---- | M] () -- C:\Users\Tim\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/05/30 16:48:36 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 16:48:36 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 16:46:18 | 000,663,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/30 16:46:18 | 000,122,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/30 16:40:05 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/05/30 16:39:56 | 000,008,192 | ---- | M] () -- C:\Windows\System32\WDPABKP.dat
[2014/05/30 16:39:22 | 2406,223,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/26 09:50:40 | 003,716,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/24 10:06:23 | 000,001,059 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/23 19:04:41 | 001,433,591 | ---- | M] () -- C:\Users\Tim\Desktop\IMG_20140523_190441.jpg
[2014/05/23 18:03:30 | 001,249,478 | ---- | M] () -- C:\Users\Tim\Desktop\IMG_20140523_180330.jpg
[2014/05/20 12:22:29 | 000,000,324 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\aps.uninstall.scan.results
[2014/05/20 10:41:44 | 000,009,151 | ---- | M] () -- C:\Users\Tim\Desktop\nvidia shield.jpg
[2014/05/19 12:38:04 | 000,002,903 | ---- | M] () -- C:\Users\Tim\Desktop\Playthrough round 2 part two and round three part 1.wlmp
[2014/05/19 12:33:41 | 000,002,731 | ---- | M] () -- C:\Users\Tim\Desktop\Playthrough round 2 edit 2nd half.wlmp
[2014/05/19 12:29:12 | 000,002,250 | ---- | M] () -- C:\Users\Tim\Desktop\Round 3 Part 2.wlmp
[2014/05/19 07:19:26 | 001,705,063 | ---- | M] (AnyProtect.com) -- C:\Users\Tim\AppData\Local\AnyProtectScannerSetup.exe
[2014/05/15 12:54:32 | 000,743,047 | ---- | M] () -- C:\Users\Tim\Desktop\PDXAGE1EventBook.pdf
[2014/05/15 10:31:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/15 10:31:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/09 21:48:50 | 000,024,304 | ---- | M] () -- C:\Users\Tim\Documents\untitled_AutoSave.gcs
[2014/05/09 15:23:20 | 115,345,816 | ---- | M] () -- C:\Users\Tim\Desktop\GoProStudioPC-2.0.1.319.exe
[2014/05/09 00:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/05/09 00:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/06 13:32:41 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2014/05/05 20:07:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/05 12:05:28 | 000,069,895 | ---- | M] () -- C:\Users\Tim\Desktop\MagicraftQuote to Tim 2014.4.23 - Quotation.pdf
[2014/05/04 10:56:41 | 000,050,417 | ---- | M] () -- C:\Users\Tim\Desktop\728px-Velvet_Ant.jpg
[2014/05/04 10:54:52 | 000,138,272 | ---- | M] () -- C:\Users\Tim\Desktop\ant in moon.jpg
[2014/05/04 10:40:15 | 000,716,691 | ---- | M] () -- C:\Users\Tim\Desktop\March-of-the-Ants-Rules-Compressed-2014.pdf
[2014/05/04 00:57:31 | 078,448,837 | ---- | M] () -- C:\Users\Tim\Desktop\March of the Ants Rules May 2014.pdf
[2014/05/04 00:56:05 | 001,414,609 | ---- | M] () -- C:\Users\Tim\Desktop\Rule Book 1, Set up, Gameplay.pdf
[2014/05/02 23:00:30 | 000,462,486 | ---- | M] () -- C:\Users\Tim\Desktop\March-of-the-Ants-Rules1.pdf
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/23 19:29:11 | 001,249,478 | ---- | C] () -- C:\Users\Tim\Desktop\IMG_20140523_180330.jpg
[2014/05/23 19:28:44 | 001,433,591 | ---- | C] () -- C:\Users\Tim\Desktop\IMG_20140523_190441.jpg
[2014/05/20 12:20:52 | 000,000,324 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\aps.uninstall.scan.results
[2014/05/20 12:15:34 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\PassShow Update.job
[2014/05/20 10:41:43 | 000,009,151 | ---- | C] () -- C:\Users\Tim\Desktop\nvidia shield.jpg
[2014/05/19 12:38:04 | 000,002,903 | ---- | C] () -- C:\Users\Tim\Desktop\Playthrough round 2 part two and round three part 1.wlmp
[2014/05/19 12:33:11 | 000,002,731 | ---- | C] () -- C:\Users\Tim\Desktop\Playthrough round 2 edit 2nd half.wlmp
[2014/05/19 12:29:12 | 000,002,250 | ---- | C] () -- C:\Users\Tim\Desktop\Round 3 Part 2.wlmp
[2014/05/15 12:54:31 | 000,743,047 | ---- | C] () -- C:\Users\Tim\Desktop\PDXAGE1EventBook.pdf
[2014/05/09 22:04:22 | 2154,913,846 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0156.MP4
[2014/05/09 22:03:59 | 1658,617,182 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0153.MP4
[2014/05/09 22:03:36 | 3934,786,975 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0152.MP4
[2014/05/09 22:03:28 | 3430,597,098 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0151.MP4
[2014/05/09 20:26:38 | 000,024,304 | ---- | C] () -- C:\Users\Tim\Documents\untitled_AutoSave.gcs
[2014/05/09 15:16:16 | 115,345,816 | ---- | C] () -- C:\Users\Tim\Desktop\GoProStudioPC-2.0.1.319.exe
[2014/05/05 12:05:36 | 000,069,895 | ---- | C] () -- C:\Users\Tim\Desktop\MagicraftQuote to Tim 2014.4.23 - Quotation.pdf
[2014/05/04 10:56:41 | 000,050,417 | ---- | C] () -- C:\Users\Tim\Desktop\728px-Velvet_Ant.jpg
[2014/05/04 10:54:52 | 000,138,272 | ---- | C] () -- C:\Users\Tim\Desktop\ant in moon.jpg
[2014/05/04 10:40:19 | 000,716,691 | ---- | C] () -- C:\Users\Tim\Desktop\March-of-the-Ants-Rules-Compressed-2014.pdf
[2014/05/04 00:55:34 | 001,414,609 | ---- | C] () -- C:\Users\Tim\Desktop\Rule Book 1, Set up, Gameplay.pdf
[2014/05/04 00:52:53 | 078,448,837 | ---- | C] () -- C:\Users\Tim\Desktop\March of the Ants Rules May 2014.pdf
[2014/04/26 23:39:46 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2014/03/30 09:08:53 | 000,764,980 | ---- | C] () -- C:\ProgramData\1396195323.bdinstall.bin
[2014/03/29 22:06:10 | 000,007,632 | ---- | C] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
[2014/03/29 14:28:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\WDPABKP.dat
[2013/10/21 12:27:47 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnic2.bmp
[2013/10/21 12:27:29 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnic.bmp
[2013/10/21 11:27:55 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnicrelease.bmp
[2013/10/21 11:27:32 | 006,699,056 | ---- | C] () -- C:\Users\Tim\LeahPassport.bmp
[2013/10/21 11:26:52 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnicapp.bmp
[2013/09/11 11:22:54 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2013/09/11 11:22:52 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2013/09/11 11:22:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/09/11 11:22:51 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2013/09/11 11:22:50 | 013,787,648 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2013/09/11 11:22:50 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2013/08/12 15:24:57 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/04/16 12:59:36 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2013/03/01 23:14:15 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2012/07/09 15:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012/07/09 15:59:04 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/05/15 19:58:25 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/04/25 14:19:31 | 000,001,456 | ---- | C] () -- C:\Users\Tim\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/29 20:26:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >

Edited by Tim Eisner, 01 June 2014 - 10:54 AM.

#2
Phel

Posted 01 June 2014 - 11:08 AM

Trusted Helper

Malware Removal
1,386 posts

Hello, Tim Eisner and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer.
Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
Finally, let's go!

One more step before we start. There should be another log on your Desktop, named Extras.txt. Please, post it's contents in your next message.

#3
Tim Eisner

Posted 01 June 2014 - 11:19 AM

New Member

Topic Starter
Member
8 posts

OTL Extras logfile created on: 6/1/2014 9:39:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.84% Memory free
5.97 Gb Paging File | 2.93 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 75.82 Gb Free Space | 16.67% Space Free | Partition Type: NTFS
Drive Q: | 9.76 Gb Total Space | 3.25 Gb Free Space | 33.32% Space Free | Partition Type: NTFS

Computer Name: THIMKPAD | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4925C6-6A0F-4FF2-8AF1-D3D44160272B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0CA61402-1DF8-4F99-960C-7F5EE7592279}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D1F6DD8-6265-4150-A09D-5FDADEB619A1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{132EBD02-128E-4374-9046-818961A5FE5D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13403B9D-C5A5-4442-8AD4-A6B1CFEF004A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B30D8F9-CA83-44EE-B863-533612A08DF0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2B4CF0A3-D38A-410A-87FE-69D26DC5B31D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A89AF64-7616-4BCF-AAEF-B67286CD5C11}" = lport=137 | protocol=17 | dir=in | app=system |
"{422A7B41-C423-47FC-9F26-7235519B44FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4917A6A9-E8A7-4CB9-BA5E-E963B8FF38D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{550A08B6-07BB-4B3B-B989-B971A129335C}" = lport=138 | protocol=17 | dir=in | app=system |
"{586516EB-35EF-44E6-B75D-4CAA5A9E537F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F25C490-D002-46FA-8875-183153000E1B}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D33D6E4-223A-4A45-A346-4D9CB887EAFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{727B3928-7792-407D-A3AB-EFD1F4E5C1A2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{74D2FDE2-A869-4493-ABDC-31FDA742614E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78D4B933-75DA-4328-B9BA-54D85515C5D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{83038F48-39BA-489B-9CC9-C01D3ADF5163}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{862D2BCB-F748-4106-865B-0D5A820D20C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A3D2890-20A8-400F-8788-186D1896E7CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8B3BF4B4-1CB2-498F-9FE3-CA6D8312612C}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C00CABF-85BF-4659-94BF-E57C5A2ED11D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8E9FFD36-A694-49CD-9714-15ABFA8A8FD1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9D18DB09-D673-4476-A29F-8B7DBC53F083}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9AFC91B-623A-4F0E-85C2-A929C1D3E6F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B49D8CCC-3E30-4D80-A6A4-B8F3BF45B89B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE2089C0-A17C-4398-B18C-82F83473A304}" = lport=139 | protocol=6 | dir=in | app=system |
"{CE50EC42-C332-4200-BA62-BEE57905F65E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D35FAE56-F38D-4DF1-8441-2F399359F3B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD795D88-2191-45BE-BCA5-2566F0599615}" = lport=445 | protocol=6 | dir=in | app=system |
"{F0655B2B-A793-44C4-B2DE-D8034F46D2C3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F2E29492-D20E-48FF-B4BA-07ED4D6EF1FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{FDEE51A8-48D0-4AC6-8573-A1E3167B617F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F7D59E-8B48-49F5-8EA5-EF5BCAA1D3A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C8D3917-A708-4095-9023-509DFA2F2E32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13839084-B1B2-425C-80BB-3324D58FA7BB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{170224B9-37FF-4B2B-80A6-B3BF28840E38}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{1E0CC651-4773-4872-9D0C-6D3CE0BB8E88}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{25CFECD3-50C4-4976-8B40-F31F20D6870F}" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{2C42F3FB-90E8-40F2-A6F4-1B49CB1E56BE}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{2EE6440A-C710-4CA8-99C3-DDBC192A43D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30DD5E0E-BAE2-48DA-AB0B-8D91EFC8A55F}" = protocol=58 | dir=out | [email protected],-28546 |
"{36545277-66AA-4664-A363-6698B5EEAF7F}" = protocol=6 | dir=in | app=c:\users\tim\appdata\roaming\dropbox\bin\dropbox.exe |
"{3698FC7E-C7D5-465A-B154-FED01DA803CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5175242D-EDF7-4882-B993-9C7C56C4C843}" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{51AC9C94-851F-4E9A-8F9E-75798A8F83A1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{524C9E44-F76F-45AB-8017-9F18FFA52E91}" = protocol=58 | dir=in | [email protected],-28545 |
"{57DFD4A8-F9A6-4327-93C5-DC9B2ED48C2A}" = protocol=17 | dir=in | app=c:\users\tim\appdata\roaming\dropbox\bin\dropbox.exe |
"{5898BB89-1DDE-487F-8C86-C30C1513526D}" = protocol=1 | dir=in | [email protected],-28543 |
"{5A748942-E1C4-450B-8EF5-733E338FC7D5}" = protocol=1 | dir=out | [email protected],-28544 |
"{5B00C90C-D92D-4B14-B30B-189311A69AE4}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{5D4A149E-0A7C-4833-B23A-01F448A1C8CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61787CFC-6342-4444-A41B-B135244085DD}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe |
"{703BE310-D472-440E-B55E-3FB7D17D83C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76FA838D-3736-40A5-B130-A47D94F25513}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77090073-D0A5-469B-9A01-DCAD6FF87BBF}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe |
"{7BB1DA0C-AF7D-4EF7-BB6D-E4A6F8FDFC6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C386A8B-8E25-4AE2-8203-C627B2388500}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C788194-289F-4CCF-837D-E33951E47288}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{8EE690F2-3435-4B15-9A6C-CD2F2719ABBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F90155C-2593-439D-A27C-D1558A31CBAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C653232-2486-4002-B1AD-5EB697C9EE24}" = protocol=58 | dir=in | [email protected],-148 |
"{A3407EEB-EF99-4B5A-B8EF-CB32423815BA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B3D7974B-90ED-44D3-8D3A-0120B8A498FB}" = protocol=6 | dir=out | app=system |
"{B78B554A-5A68-49D2-BF3C-527D75D0C0C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC8BC186-E619-45E3-ABA8-497FD8E4ADD0}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{C07D603A-E89A-485D-868F-FBBBE64EE1CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF7CE463-7085-4F00-B423-C49B49715D62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4F1C679-78EC-42D0-9597-78D6187F5ECA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4635002-4179-4232-82BC-053A71A23F2C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E8DD362A-18B0-48EE-B2AA-4C18CCE9B7B9}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{F3AE7A4E-3544-41B1-89BD-6901129DB77F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7F4A7B1-9E7F-46A2-81C0-2BFE342C72B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0DEAA216-758E-4288-B3E7-6AD55321E298}C:\users\tim\downloads\mtgoiii_helper(2).exe" = protocol=6 | dir=in | app=c:\users\tim\downloads\mtgoiii_helper(2).exe |
"TCP Query User{4E22F983-943E-4323-9567-8CDE75C80A39}C:\users\tim\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\tim\downloads\mtgoiii_helper.exe |
"TCP Query User{6F093F87-70FE-4388-860B-4EF9C24D49CB}C:\users\tim\downloads\mtgoiii_helper(1).exe" = protocol=6 | dir=in | app=c:\users\tim\downloads\mtgoiii_helper(1).exe |
"TCP Query User{A6396253-E79C-48C2-9D95-B13443C168BE}C:\users\tim\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tim\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1659647C-E442-46F7-9F60-BA26D3061174}C:\users\tim\downloads\mtgoiii_helper(1).exe" = protocol=17 | dir=in | app=c:\users\tim\downloads\mtgoiii_helper(1).exe |
"UDP Query User{6CFAC8B1-E275-4E12-8D42-1B85FA30270D}C:\users\tim\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tim\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BD5B0C33-1DC1-4259-BAF6-7A3A1DC57F8F}C:\users\tim\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\tim\downloads\mtgoiii_helper.exe |
"UDP Query User{D92A0306-3119-4500-A581-2E9702769701}C:\users\tim\downloads\mtgoiii_helper(2).exe" = protocol=17 | dir=in | app=c:\users\tim\downloads\mtgoiii_helper(2).exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series" = Canon Pro9000 II series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{124310E8-7C49-4C33-B4F2-3CF43F3830B7}" = WD Quick View
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}" = Google Talk Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft Mouse and Keyboard Center
"{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}" = WD SmartWare Installer
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.42
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED80B64B-FFAE-43D7-9E21-225F94221239}" = WD SmartWare
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECI) System (09/17/2009 6.0.0.1179)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192" = Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0)
"7D0F5312FCD010C924A5F6856298FB1A3158B9E5" = Windows Driver Package - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Bitdefender" = Bitdefender Total Security 2013
"C66535CA6304603B86F44D3775D6CC25119F994C" = Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"GnuCash_is1" = GnuCash 2.4.11
"HandBrake" = HandBrake 0.9.8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"IrfanView" = IrfanView (remove only)
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9f2df17776476c05" = Magic The Gathering Online
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2014 12:26:42 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:26:42:2520)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:26:42 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:26:42:2520)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:26:42 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:26:42:2560)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:26:42 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:26:42:2560)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:26:42 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:26:42:2570)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:26:42 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:26:42:2580)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale:
PCDLocale: language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:27:07 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:27:07:0450)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:27:07 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:27:07:0590)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:27:07 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:27:07:0640)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

Error - 6/1/2014 12:27:07 PM | Computer Name = Thimkpad | Source = PC-Doctor | ID = 1
Description = (4348) Asapi: (09:27:07:0640)(4348) DEFECT.LOCALIZATION - Error --
Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale:
language = en, customer = lenovo, variant = ltt

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/19/2011 1:37:13 AM | Computer Name = Thimkpad | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT2': LTTCheck.exe

Error - 5/18/2013 7:34:14 PM | Computer Name = Thimkpad | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ System Events ]
Error - 5/30/2014 9:32:52 AM | Computer Name = Thimkpad | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Remote Access Connection Manager
service, but this action failed with the following error:   %%1056

Error - 5/30/2014 9:32:52 AM | Computer Name = Thimkpad | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the User Profile Service service,
but this action failed with the following error:   %%1056

Error - 5/30/2014 9:32:52 AM | Computer Name = Thimkpad | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error:   %%1056

Error - 5/30/2014 9:41:02 AM | Computer Name = Thimkpad | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the VSSERV service.

Error - 5/30/2014 7:42:17 PM | Computer Name = Thimkpad | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error:   %%1330    To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 5/30/2014 7:42:17 PM | Computer Name = Thimkpad | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error:   %%1069

Error - 5/31/2014 12:26:30 PM | Computer Name = Thimkpad | Source = ipnathlp | ID = 31004
Description =

Error - 5/31/2014 3:09:53 PM | Computer Name = Thimkpad | Source = ipnathlp | ID = 31004
Description =

Error - 5/31/2014 9:42:01 PM | Computer Name = Thimkpad | Source = ipnathlp | ID = 31004
Description =

Error - 6/1/2014 5:14:57 AM | Computer Name = Thimkpad | Source = ipnathlp | ID = 31004
Description =

< End of report >

#4
Phel

Posted 01 June 2014 - 01:54 PM

Trusted Helper

Malware Removal
1,386 posts

Okay, let's start.

Step 1. AdwCleaner scan.

Please, download AdwCleaner from here to your Desktop.
Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
Adwcleaner window should appear.
Click on Scan button. Scan could take some time to proceed.
Click on the Clean button.
Click on OK.
Computer will be rebooted automatically, when program will finish it's job.
After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. OTL fix.

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:Commands
[CREATERESTOREPOINT]

:OTL
[2014/05/20 12:30:28 | 000,000,643 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\searchplugins\trovi-search.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
[2014/05/20 12:21:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Optimizer Pro
[2014/05/20 12:17:50 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\IsolatedStorage
[2014/05/20 12:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\webget
[2014/05/20 12:16:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\StormFall
[2014/05/20 12:16:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
[2014/05/20 12:16:05 | 001,705,063 | ---- | C] (AnyProtect.com) -- C:\Users\Tim\AppData\Local\AnyProtectScannerSetup.exe
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:054203E4

:Commands
[REBOOT]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.

Step 3. OTL scan.

Run OTL.
Click on Scan All Users checkbox, which is located near Quick Scan button.
Under the Custom Scans/Fixes box at the bottom, paste in the following:
```
BASESERVICES
set /c
```
Then click the Run Scan button at the top.
Let the program run unhindered.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

OTL.txt
AdwCleaner log

#5
Tim Eisner

Posted 01 June 2014 - 03:17 PM

New Member

Topic Starter
Member
8 posts

# AdwCleaner v3.211 - Report created 01/06/2014 at 14:11:44
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Tim - THIMKPAD
# Running from : C:\Users\Tim\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\webget
Folder Deleted : C:\Users\Tim\AppData\Local\Temp\webget
Folder Deleted : C:\Users\Tim\Documents\Optimizer Pro
File Deleted : C:\Users\Tim\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\Tim\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2221 octets] - [01/06/2014 14:02:38]
AdwCleaner[S0].txt - [2184 octets] - [01/06/2014 14:11:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2244 octets] ##########

#6
Tim Eisner

Posted 01 June 2014 - 03:38 PM

New Member

Topic Starter
Member
8 posts

OTL logfile created on: 6/1/2014 2:24:31 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.67% Memory free
5.97 Gb Paging File | 3.90 Gb Available in Paging File | 65.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 75.38 Gb Free Space | 16.57% Space Free | Partition Type: NTFS
Drive Q: | 9.76 Gb Total Space | 3.25 Gb Free Space | 33.32% Space Free | Partition Type: NTFS

Computer Name: THIMKPAD | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/01 09:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2014/05/19 17:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/15 10:31:16 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/09 12:20:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/03/30 09:13:57 | 000,054,960 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2014/03/30 09:13:12 | 001,614,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2014/03/30 09:11:32 | 001,343,472 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/04/22 09:40:54 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/01/29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/01/29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2013/01/10 14:10:44 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/10 14:10:41 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/25 17:45:14 | 000,082,824 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2011/05/05 20:32:30 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/04/19 03:52:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/03/08 15:14:34 | 000,303,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/03/08 13:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/14 15:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/12/14 15:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/10/29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/07/19 18:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/07/19 18:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/02 20:54:28 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/03/31 22:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/10/30 15:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/01 14:21:34 | 000,043,008 | ---- | M] () -- c:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxzq03v.dll
MOD - [2014/06/01 14:20:56 | 000,027,136 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\_multiprocessing.pyd
MOD - [2014/06/01 14:20:55 | 001,159,680 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\_ssl.pyd
MOD - [2014/06/01 14:20:55 | 000,811,008 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._windows_.pyd
MOD - [2014/06/01 14:20:55 | 000,805,888 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._gdi_.pyd
MOD - [2014/06/01 14:20:55 | 000,713,216 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\_hashlib.pyd
MOD - [2014/06/01 14:20:55 | 000,110,080 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\PyWinTypes27.dll
MOD - [2014/06/01 14:20:55 | 000,070,656 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._html2.pyd
MOD - [2014/06/01 14:20:55 | 000,035,840 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32process.pyd
MOD - [2014/06/01 14:20:55 | 000,025,600 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32pdh.pyd
MOD - [2014/06/01 14:20:55 | 000,024,064 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32pipe.pyd
MOD - [2014/06/01 14:20:54 | 001,062,400 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._controls_.pyd
MOD - [2014/06/01 14:20:54 | 000,686,080 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\unicodedata.pyd
MOD - [2014/06/01 14:20:54 | 000,525,640 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\windows._lib_cacheinvalidation.pyd
MOD - [2014/06/01 14:20:54 | 000,167,936 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32gui.pyd
MOD - [2014/06/01 14:20:54 | 000,127,488 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\pyexpat.pyd
MOD - [2014/06/01 14:20:54 | 000,119,808 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32file.pyd
MOD - [2014/06/01 14:20:54 | 000,108,544 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32security.pyd
MOD - [2014/06/01 14:20:54 | 000,038,912 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32inet.pyd
MOD - [2014/06/01 14:20:54 | 000,018,432 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32event.pyd
MOD - [2014/06/01 14:20:54 | 000,017,408 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32profile.pyd
MOD - [2014/06/01 14:20:54 | 000,010,240 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\select.pyd
MOD - [2014/06/01 14:20:52 | 001,175,040 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._core_.pyd
MOD - [2014/06/01 14:20:52 | 000,557,056 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\pysqlite2._sqlite.pyd
MOD - [2014/06/01 14:20:52 | 000,364,544 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\pythoncom27.dll
MOD - [2014/06/01 14:20:52 | 000,320,512 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32com.shell.shell.pyd
MOD - [2014/06/01 14:20:52 | 000,128,512 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\_elementtree.pyd
MOD - [2014/06/01 14:20:52 | 000,098,816 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32api.pyd
MOD - [2014/06/01 14:20:52 | 000,087,552 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\_ctypes.pyd
MOD - [2014/06/01 14:20:52 | 000,045,568 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\_socket.pyd
MOD - [2014/06/01 14:20:52 | 000,022,528 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32ts.pyd
MOD - [2014/06/01 14:20:51 | 000,735,232 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._misc_.pyd
MOD - [2014/06/01 14:20:51 | 000,122,368 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._wizard.pyd
MOD - [2014/06/01 14:20:51 | 000,078,336 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\wx._animate.pyd
MOD - [2014/06/01 14:20:51 | 000,011,264 | ---- | M] () -- C:\Users\Tim\AppData\Local\Temp\_MEI47162\win32crypt.pyd
MOD - [2014/05/15 10:31:16 | 016,361,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/09 12:20:28 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/30 09:14:09 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll
MOD - [2014/03/30 09:12:57 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2014/02/28 04:02:23 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/28 04:02:22 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/28 04:02:20 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/28 04:02:19 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/28 04:02:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/28 04:02:13 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/28 04:02:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/13 04:26:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 04:26:24 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 04:26:08 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:26:05 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 04:26:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 04:25:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/02 18:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 12:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/05/05 20:32:00 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2011/04/19 03:52:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

========== Services (SafeList) ==========

SRV - [2014/05/15 10:31:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 12:20:29 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/30 09:13:57 | 000,054,960 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2014/03/30 09:13:11 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2014/03/30 09:11:32 | 001,343,472 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2014/03/06 00:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/21 13:39:52 | 000,024,120 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/01/11 08:11:54 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/25 17:45:14 | 000,082,824 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2011/05/27 00:16:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/19 03:52:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/04/19 03:52:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/01/14 15:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/07/19 18:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/07/19 18:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/29 18:25:38 | 000,099,768 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/28 19:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2014/03/30 09:15:52 | 000,078,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2014/03/30 09:14:09 | 000,778,032 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2014/03/30 09:13:43 | 000,066,832 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2014/03/30 09:13:26 | 000,516,936 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2013/08/23 12:48:39 | 000,165,744 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2013/08/07 12:46:04 | 000,360,376 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2013/07/26 10:53:51 | 000,135,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2013/06/26 19:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 19:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 19:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 19:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2013/02/18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/11 08:11:54 | 008,913,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/01/11 08:11:54 | 000,025,376 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2012/11/02 13:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2012/04/17 13:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2011/11/14 19:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011/04/19 03:52:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011/04/19 03:52:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011/01/13 11:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/10 12:42:09 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/15 00:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/08/25 09:45:56 | 000,486,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/07/22 09:38:06 | 000,215,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/07/14 05:42:24 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2010/06/16 14:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 14:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/10 14:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2010/02/26 00:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009/10/25 22:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 18:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV - [2009/09/24 04:58:52 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/09/16 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/01 19:16:16 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/05/10 19:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E84816C5-83A0-4164-A278-A4F97DC64AD6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1518848740-4250292544-4256302612-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1518848740-4250292544-4256302612-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/us/laptop/?c [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1518848740-4250292544-4256302612-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1518848740-4250292544-4256302612-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1518848740-4250292544-4256302612-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1518848740-4250292544-4256302612-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.kickstar...ch-of-the-ants"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/05/09 12:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2014/03/30 09:06:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/05/09 12:20:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/26 11:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2014/05/27 22:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\extensions
[2014/05/27 22:24:59 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/05/01 19:36:34 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/09 12:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/09 12:20:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/05/26 15:35:09 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:    127.0.0.1   activate.adobe.com
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-1518848740-4250292544-4256302612-1002..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BF97CDD-C848-4B09-B498-D198787FCD6C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD1CBD65-C01A-492C-B2C0-80C16FCDBBAA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 09:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{b1ebc5f6-8793-11e0-941c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b1ebc5f6-8793-11e0-941c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 14:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{e26924b1-36b2-11e2-9717-f0def11b37d4}\Shell - "" = AutoRun
O33 - MountPoints2\{e26924b1-36b2-11e2-9717-f0def11b37d4}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/01 14:17:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/01 14:02:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/01 09:38:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2014/05/31 11:29:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\New folder
[2014/05/20 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{407392FA-6FB1-4F05-81C8-0F1DFD1261D2}
[2014/05/20 12:33:14 | 000,000,000 | -HSD | C] -- C:\Users\Tim\AppData\Local\EmieUserList
[2014/05/20 12:33:14 | 000,000,000 | -HSD | C] -- C:\Users\Tim\AppData\Local\EmieSiteList
[2014/05/19 11:05:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{2398FCAC-7F1F-42C4-BAAA-BF5CCF60666A}
[2014/05/16 22:53:59 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{3067C60C-2D43-4F27-B967-BBE65A215A66}
[2014/05/15 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{D252AA83-7DC8-4900-B106-2E71B773977A}
[2014/05/14 15:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/14 15:36:52 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/13 19:35:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DropboxMaster
[2014/05/13 18:50:36 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/05/13 18:50:36 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/13 18:50:28 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/05/13 18:50:28 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/05/13 18:50:27 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2014/05/13 18:50:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
[2014/05/13 18:50:26 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
[2014/05/13 18:50:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
[2014/05/13 18:50:26 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
[2014/05/13 18:50:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014/05/13 18:50:25 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
[2014/05/13 18:50:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2014/05/09 22:33:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{F35C4FF6-8678-46F0-8C5F-67F8B1E4DFD5}
[2014/05/09 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\GoPro
[2014/05/09 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Plythrough Video
[2014/05/09 20:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/05/09 20:22:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\GoPro
[2014/05/09 20:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm
[2014/05/09 12:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/05/07 12:32:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{C64DD0BF-F729-4DAB-B60A-144599DAE914}
[2014/05/05 23:54:34 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/01 14:28:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 14:27:55 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 14:27:55 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 14:22:50 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1518848740-4250292544-4256302612-1002UA.job
[2014/06/01 14:20:42 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/06/01 14:20:38 | 000,008,192 | ---- | M] () -- C:\Windows\System32\WDPABKP.dat
[2014/06/01 14:20:21 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/01 14:20:20 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\PassShow Update.job
[2014/06/01 14:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/01 14:19:38 | 2406,223,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/01 14:13:22 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2014/06/01 13:49:03 | 001,327,971 | ---- | M] () -- C:\Users\Tim\Desktop\adwcleaner_3.211.exe
[2014/06/01 13:43:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/01 11:28:55 | 000,001,456 | ---- | M] () -- C:\Users\Tim\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/06/01 09:38:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2014/05/31 18:48:18 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1518848740-4250292544-4256302612-1002Core.job
[2014/05/30 16:46:18 | 000,663,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/30 16:46:18 | 000,122,680 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/26 09:50:40 | 003,716,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/05/24 10:06:23 | 000,001,059 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/23 19:04:41 | 001,433,591 | ---- | M] () -- C:\Users\Tim\Desktop\IMG_20140523_190441.jpg
[2014/05/23 18:03:30 | 001,249,478 | ---- | M] () -- C:\Users\Tim\Desktop\IMG_20140523_180330.jpg
[2014/05/20 10:41:44 | 000,009,151 | ---- | M] () -- C:\Users\Tim\Desktop\nvidia shield.jpg
[2014/05/19 12:38:04 | 000,002,903 | ---- | M] () -- C:\Users\Tim\Desktop\Playthrough round 2 part two and round three part 1.wlmp
[2014/05/19 12:33:41 | 000,002,731 | ---- | M] () -- C:\Users\Tim\Desktop\Playthrough round 2 edit 2nd half.wlmp
[2014/05/19 12:29:12 | 000,002,250 | ---- | M] () -- C:\Users\Tim\Desktop\Round 3 Part 2.wlmp
[2014/05/15 12:54:32 | 000,743,047 | ---- | M] () -- C:\Users\Tim\Desktop\PDXAGE1EventBook.pdf
[2014/05/15 10:31:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/15 10:31:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/09 21:48:50 | 000,024,304 | ---- | M] () -- C:\Users\Tim\Documents\untitled_AutoSave.gcs
[2014/05/09 15:23:20 | 115,345,816 | ---- | M] () -- C:\Users\Tim\Desktop\GoProStudioPC-2.0.1.319.exe
[2014/05/09 00:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/05/09 00:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/06 13:32:41 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2014/05/05 20:07:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/05 12:05:28 | 000,069,895 | ---- | M] () -- C:\Users\Tim\Desktop\MagicraftQuote to Tim 2014.4.23 - Quotation.pdf
[2014/05/04 10:56:41 | 000,050,417 | ---- | M] () -- C:\Users\Tim\Desktop\728px-Velvet_Ant.jpg
[2014/05/04 10:54:52 | 000,138,272 | ---- | M] () -- C:\Users\Tim\Desktop\ant in moon.jpg
[2014/05/04 10:40:15 | 000,716,691 | ---- | M] () -- C:\Users\Tim\Desktop\March-of-the-Ants-Rules-Compressed-2014.pdf
[2014/05/04 00:57:31 | 078,448,837 | ---- | M] () -- C:\Users\Tim\Desktop\March of the Ants Rules May 2014.pdf
[2014/05/04 00:56:05 | 001,414,609 | ---- | M] () -- C:\Users\Tim\Desktop\Rule Book 1, Set up, Gameplay.pdf
[2014/05/02 23:00:30 | 000,462,486 | ---- | M] () -- C:\Users\Tim\Desktop\March-of-the-Ants-Rules1.pdf
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/01 13:49:03 | 001,327,971 | ---- | C] () -- C:\Users\Tim\Desktop\adwcleaner_3.211.exe
[2014/05/23 19:29:11 | 001,249,478 | ---- | C] () -- C:\Users\Tim\Desktop\IMG_20140523_180330.jpg
[2014/05/23 19:28:44 | 001,433,591 | ---- | C] () -- C:\Users\Tim\Desktop\IMG_20140523_190441.jpg
[2014/05/20 12:15:34 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\PassShow Update.job
[2014/05/20 10:41:43 | 000,009,151 | ---- | C] () -- C:\Users\Tim\Desktop\nvidia shield.jpg
[2014/05/19 12:38:04 | 000,002,903 | ---- | C] () -- C:\Users\Tim\Desktop\Playthrough round 2 part two and round three part 1.wlmp
[2014/05/19 12:33:11 | 000,002,731 | ---- | C] () -- C:\Users\Tim\Desktop\Playthrough round 2 edit 2nd half.wlmp
[2014/05/19 12:29:12 | 000,002,250 | ---- | C] () -- C:\Users\Tim\Desktop\Round 3 Part 2.wlmp
[2014/05/15 12:54:31 | 000,743,047 | ---- | C] () -- C:\Users\Tim\Desktop\PDXAGE1EventBook.pdf
[2014/05/09 22:04:22 | 2154,913,846 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0156.MP4
[2014/05/09 22:03:59 | 1658,617,182 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0153.MP4
[2014/05/09 22:03:36 | 3934,786,975 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0152.MP4
[2014/05/09 22:03:28 | 3430,597,098 | ---- | C] () -- C:\Users\Tim\Desktop\GOPR0151.MP4
[2014/05/09 20:26:38 | 000,024,304 | ---- | C] () -- C:\Users\Tim\Documents\untitled_AutoSave.gcs
[2014/05/09 15:16:16 | 115,345,816 | ---- | C] () -- C:\Users\Tim\Desktop\GoProStudioPC-2.0.1.319.exe
[2014/05/05 12:05:36 | 000,069,895 | ---- | C] () -- C:\Users\Tim\Desktop\MagicraftQuote to Tim 2014.4.23 - Quotation.pdf
[2014/05/04 10:56:41 | 000,050,417 | ---- | C] () -- C:\Users\Tim\Desktop\728px-Velvet_Ant.jpg
[2014/05/04 10:54:52 | 000,138,272 | ---- | C] () -- C:\Users\Tim\Desktop\ant in moon.jpg
[2014/05/04 10:40:19 | 000,716,691 | ---- | C] () -- C:\Users\Tim\Desktop\March-of-the-Ants-Rules-Compressed-2014.pdf
[2014/05/04 00:55:34 | 001,414,609 | ---- | C] () -- C:\Users\Tim\Desktop\Rule Book 1, Set up, Gameplay.pdf
[2014/05/04 00:52:53 | 078,448,837 | ---- | C] () -- C:\Users\Tim\Desktop\March of the Ants Rules May 2014.pdf
[2014/04/26 23:39:46 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2014/03/30 09:08:53 | 000,764,980 | ---- | C] () -- C:\ProgramData\1396195323.bdinstall.bin
[2014/03/29 22:06:10 | 000,007,632 | ---- | C] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
[2014/03/29 14:28:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\WDPABKP.dat
[2013/10/21 12:27:47 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnic2.bmp
[2013/10/21 12:27:29 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnic.bmp
[2013/10/21 11:27:55 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnicrelease.bmp
[2013/10/21 11:27:32 | 006,699,056 | ---- | C] () -- C:\Users\Tim\LeahPassport.bmp
[2013/10/21 11:26:52 | 006,699,056 | ---- | C] () -- C:\Users\Tim\leahnicapp.bmp
[2013/09/11 11:22:54 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2013/09/11 11:22:52 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2013/09/11 11:22:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/09/11 11:22:51 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2013/09/11 11:22:50 | 013,787,648 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2013/09/11 11:22:50 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2013/08/12 15:24:57 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/04/16 12:59:36 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2013/03/01 23:14:15 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2012/07/09 15:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012/07/09 15:59:04 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/05/15 19:58:25 | 000,000,132 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/04/25 14:19:31 | 000,001,456 | ---- | C] () -- C:\Users\Tim\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/29 20:26:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 18:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 21:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 18:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 05:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 05:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2014/04/11 19:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 14:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 21:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 05:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 22:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 18:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 05:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 18:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 18:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 18:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 09:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 18:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 03:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/10 22:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2014/04/11 19:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 18:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 05:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 05:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 18:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2014/04/11 19:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 18:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 05:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 05:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 21:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 05:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 05:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 05:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 05:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 05:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 05:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 05:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 18:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 05:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 18:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 05:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tim\AppData\Roaming
asl.log=Destination=file
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THIMKPAD
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tim
LOCALAPPDATA=C:\Users\Tim\AppData\Local
LOGONSERVER=\\THIMKPAD
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Common Files\Lenovo;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem\;C:\SWTOOLS\ReadyApps
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 37 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=2505
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
READYAPPS=C:\SWTOOLS\ReadyApps
RR=C:\Program Files\Lenovo\Rescue and Recovery
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tim\AppData\Local\Temp
TMP=C:\Users\Tim\AppData\Local\Temp
TSMPATH=C:\Program Files\ThinkPad\UltraNav Utility
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=Thimkpad
USERNAME=Tim
USERPROFILE=C:\Users\Tim
windir=C:\Windows

< End of report >

#7
Phel

Posted 02 June 2014 - 02:17 PM

Trusted Helper

Malware Removal
1,386 posts

So, how your computer is running now?

Please, follow these steps:

Step 1. AdwCleaner scan.

Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
Adwcleaner window should appear.
Click on the Clean button.
Click on OK.
Computer will be rebooted automatically, when program will finish it's job.

After reboot:

Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
AdwCleaner window should appear.
Click on the Scan button.
When scan will be finished, click Report button.
Now ahould appear Notepad window with report. Post the contents of the report in your next message.

#8
Tim Eisner

Posted 10 June 2014 - 07:07 PM

New Member

Topic Starter
Member
8 posts

Sorry I was delayed in replying to this. My computer is running well.

# AdwCleaner v3.212 - Report created 10/06/2014 at 18:05:08
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Tim - THIMKPAD
# Running from : C:\Users\Tim\Desktop\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\kpwyeb7f.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2221 octets] - [01/06/2014 14:02:38]
AdwCleaner[R1].txt - [1020 octets] - [10/06/2014 18:00:55]
AdwCleaner[R2].txt - [755 octets] - [10/06/2014 18:05:08]
AdwCleaner[S0].txt - [2324 octets] - [01/06/2014 14:11:44]
AdwCleaner[S1].txt - [1088 octets] - [10/06/2014 18:02:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [934 octets] ##########

#9
Phel

Posted 11 June 2014 - 10:50 AM

Trusted Helper

Malware Removal
1,386 posts

Nice, let's scan for remnants.

Step 1. MBAM scan.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup<build number here>.exe to install the application.

Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware.
Make sure that checkmark is NOT placed next to Enable free trial of Malwarebytes Anti-Malware Premium.
Click Finish.
Malwarebytes Anti-Malware will be launched.
If an update is found, it will download and install the latest version.
Once the program has loaded, click big green button Scan now.
The scan may take some time to finish, so please be patient.
When the scan is completed, click Copy to Clipboard button.
Click Cancel, after that - Yes.
Paste the entire report in your next reply.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner.

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box.
Tick the box next to YES, I accept the Terms of Use then click on: Start.
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Then click on: Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

ESET Online scanner's log
MBAM log

#10
Tim Eisner

Posted 13 June 2014 - 11:54 PM

New Member

Topic Starter
Member
8 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2014
Scan Time: 10:27:40 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.14.01
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Tim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318435
Time Elapsed: 23 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.OutBrowse.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [0158ccacf388bd79916d3e2b54b07888],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 10
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nse9138.exe, , [1c3dafc9c7b40c2a09ea6d17cf32f30d],
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nseBEFC.exe, , [a9b0334589f289ad747ff58ff50c1ee2],
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nseD003.exe, , [0f4a85f3bac1d363ea0988fc3bc6b54b],
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nsj9416.exe, , [2b2ebcbc2e4d2b0bdb180e7602ffbd43],
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nsj9771.exe, , [9fbaf38516650432c52edea6df221fe1],
PUP.Optional.OutBrowse.A, C:\Users\Tim\AppData\Local\Temp\f.exe, , [0158ccacf388bd79916d3e2b54b07888],
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nstCD05.exe, , [b3a617613e3d9d990de6d2b28978956b],
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nsyD2F0.exe, , [491085f3d0abb0868d66176d1fe2db25],
PUP.Optional.Conduit.A, C:\Users\Tim\AppData\Local\Temp\nsj2220\SpSetup.exe, , [f960a4d4b3c881b5549fc2c2ba47c838],
PUP.Optional.PassShow.A, C:\Windows\Tasks\PassShow Update.job, , [4f0a12667308063050b09b256b97fc04],

Physical Sectors: 0
(No malicious items detected)

(end)

#11
Phel

Posted 14 June 2014 - 11:43 AM

Trusted Helper

Malware Removal
1,386 posts

How about ESET log?

#12
Tim Eisner

Posted 15 June 2014 - 03:11 PM

New Member

Topic Starter
Member
8 posts

Is this the log? I am not entirely sure how to get it?

C:\$Recycle.Bin\S-1-5-21-1518848740-4250292544-4256302612-1002\$R641GKU.exe   a variant of Win32/CNETInstaller.B potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\AnyProtectScannerSetup.exe.vir   Win32/AnyProtect.D potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JNZH0ER\spstub[1].exe   a variant of Win32/Conduit.SearchProtect.N potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JNZH0ER\WeatherBugSetup[1].exe   a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application   deleted - quarantined
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQJ1YSFR\Setup[1].exe   Win32/InstallCore.PB potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\f.exe   a variant of Win32/OutBrowse.D potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nse9138.exe   Win32/Conduit.SearchProtect.R potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nseBEFC.exe   Win32/Conduit.SearchProtect.R potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nseD003.exe   Win32/Conduit.SearchProtect.R potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nsj9416.exe   Win32/Conduit.SearchProtect.R potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nsj9771.exe   Win32/Conduit.SearchProtect.R potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nsn6824.tmp   Win32/InstallCore.PB potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nstCD05.exe   Win32/Conduit.SearchProtect.R potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\nsyD2F0.exe   Win32/Conduit.SearchProtect.R potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\VuuPC.exe   Win32/VOPackage.B potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\is45637729\93029310_stp\AnyProtectScannerSetup.exe   Win32/AnyProtect.D potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\is45637729\93029818_stp\OptimizerPro_601.exe   Win32/SpeedingUpMyPC.I application   cleaned by deleting - quarantined
C:\Users\Tim\AppData\Local\Temp\nsj2220\SpSetup.exe   a variant of Win32/Conduit.SearchProtect.H potentially unwanted application   deleted - quarantined
C:\Users\Tim\AppData\Local\Temp\{2299BAAB-1E2B-4A3E-86A2-BD32C1112BAA}\setup.exe   multiple threats   cleaned by deleting - quarantined

#13
Tim Eisner

Posted 15 June 2014 - 04:14 PM

New Member

Topic Starter
Member
8 posts

Okay I think it. Let me know if this is what you need. Thanks

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=0f544f458e48e14f84cb2ca289df87aa
# engine=18720
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-14 10:42:03
# local_time=2014-06-14 03:42:03 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2061 16777213 100 100 0 80544303 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28412228 154330514 0 0
# scanned=312934
# found=19
# cleaned=19
# scan_time=6341
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1518848740-4250292544-4256302612-1002\$R641GKU.exe"
sh=605151B2EABB71AD5FA81E7513A43A0201AE8CAF ft=1 fh=48be24d62ce083a1 vn="Win32/AnyProtect.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JNZH0ER\spstub[1].exe"
sh=50FA25EE595C0C883D5A3410AFE48DDCCCAF1307 ft=1 fh=636e5018605b8472 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JNZH0ER\WeatherBugSetup[1].exe"
sh=1D34CBF50A64AE7B10D64453B05F53F18F495F6A ft=1 fh=563debc0f36e6ea6 vn="Win32/InstallCore.PB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQJ1YSFR\Setup[1].exe"
sh=AB0A82F0C59DAEBDEB0D094EDB0709708093DF2B ft=1 fh=1983d4e99174a8ef vn="a variant of Win32/OutBrowse.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\f.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nse9138.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nseBEFC.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nseD003.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nsj9416.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nsj9771.exe"
sh=1D34CBF50A64AE7B10D64453B05F53F18F495F6A ft=1 fh=563debc0f36e6ea6 vn="Win32/InstallCore.PB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nsn6824.tmp"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nstCD05.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nsyD2F0.exe"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\VuuPC.exe"
sh=605151B2EABB71AD5FA81E7513A43A0201AE8CAF ft=1 fh=48be24d62ce083a1 vn="Win32/AnyProtect.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\is45637729\93029310_stp\AnyProtectScannerSetup.exe"
sh=0598D8D67F80063EFD5668C38858EF63B26EB3D1 ft=1 fh=0ffa5076f75025ab vn="Win32/SpeedingUpMyPC.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\is45637729\93029818_stp\OptimizerPro_601.exe"
sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\nsj2220\SpSetup.exe"
sh=9FDBAE27385AA5C27BAE73F531F43654213CBA37 ft=1 fh=d01d64934ea6fe8c vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Tim\AppData\Local\Temp\{2299BAAB-1E2B-4A3E-86A2-BD32C1112BAA}\setup.exe"

#14
Phel

Posted 16 June 2014 - 01:28 PM

Trusted Helper

Malware Removal
1,386 posts

Yes, these are right logs.

Let's clear MBAM found threats:

Run Malwarebytes Anti-Malware.
If an update is found, it will download and install the latest version.
Once the program has loaded, click big green button Scan now.
The scan may take some time to finish, so please be patient.
When the scan is completed, click Apply Actions button.
When finished, reboot your computer.

#15
Phel

Posted 27 June 2014 - 03:23 PM

Trusted Helper

Malware Removal
1,386 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.