Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser popups and other MalSpyware-like issues [Solved]

Started by Steric , Jul 05 2014 07:09 AM

  • This topic is locked This topic is locked

#1
Steric
Posted 05 July 2014 - 07:09 AM

Steric

    Member

  • Member
  • PipPip
  • 47 posts

Halp! lol

 

When opening internet browser windows or new tabs within browser windows there are often other window popups (foreground to background), most recently Google Chrome has been opening itself up to a big red error/infected message page (even when no browser has been open at the time). Within the task manager there are multiple .exe files running that I know should not be running. Pages/websites don't always seem to load properly as well.

 

I know how to get into the startup section (through msconfig) to uncheck boxes to try to keep some of those things from running at start up, but I also know that a) that doesn't always work, and b) it doesn't actually remove the issues, but I'll at least start with that (after having posted this). I mention that because I don't know if it changes anything after the fact (OTL log will have been produced before I do that)

 

 

OTL logfile created on: 05/07/2014 8:58:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thinkpad\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 46.96% Memory free
7.60 Gb Paging File | 5.16 Gb Available in Paging File | 67.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.91 Gb Total Space | 218.90 Gb Free Space | 76.83% Space Free | Partition Type: NTFS
Drive Q: | 11.72 Gb Total Space | 3.16 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
 
Computer Name: THINKPADEDGE15 | User Name: Thinkpad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/05 08:51:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thinkpad\Downloads\OTL.exe
PRC - [2014/07/05 07:49:44 | 000,318,752 | ---- | M] () -- C:\Program Files (x86)\focusbase\updatefocusbase.exe
PRC - [2014/07/05 07:48:36 | 000,318,752 | ---- | M] () -- C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe
PRC - [2014/07/05 03:37:11 | 000,096,544 | ---- | M] () -- C:\Program Files (x86)\focusbase\bin\focusbase.BrowserAdapter.exe
PRC - [2014/07/03 14:29:45 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\v01BlockAndSurf\wdBlockAndSurfi.exe
PRC - [2014/07/03 14:29:44 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurfYr174.exe
PRC - [2014/07/03 14:29:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurf.exe
PRC - [2014/07/03 11:20:42 | 005,766,112 | ---- | M] () -- C:\Users\Thinkpad\AppData\Local\fst_ca_161\upfst_ca_161.exe
PRC - [2014/07/03 11:20:30 | 003,975,136 | ---- | M] () -- C:\Program Files (x86)\fst_ca_161\fst_ca_161.exe
PRC - [2014/06/26 11:46:02 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
PRC - [2014/06/18 18:18:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/06/16 02:53:32 | 000,159,744 | ---- | M] () -- C:\Windows\SysWOW64\netupdsrv.exe
PRC - [2014/06/16 02:53:10 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\nethtsrv.exe
PRC - [2014/04/21 15:24:48 | 000,392,704 | ---- | M] () -- C:\Program Files (x86)\Boost\BoostUpdater.exe
PRC - [2014/04/08 12:04:26 | 006,616,432 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2014/02/25 02:29:58 | 000,353,792 | ---- | M] () -- C:\Users\Thinkpad\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/11/04 02:37:18 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/07/12 05:03:34 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/14 18:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/11/04 00:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 00:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/05 03:37:11 | 000,096,544 | ---- | M] () -- C:\Program Files (x86)\focusbase\bin\focusbase.BrowserAdapter.exe
MOD - [2014/07/03 14:29:45 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\v01BlockAndSurf\wdBlockAndSurfi.exe
MOD - [2014/07/03 14:29:44 | 000,172,544 | ---- | M] () -- C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurfYr174.dll
MOD - [2014/07/03 14:29:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurf.exe
MOD - [2014/07/03 11:20:42 | 005,766,112 | ---- | M] () -- C:\Users\Thinkpad\AppData\Local\fst_ca_161\upfst_ca_161.exe
MOD - [2014/07/03 11:20:30 | 003,975,136 | ---- | M] () -- C:\Program Files (x86)\fst_ca_161\fst_ca_161.exe
MOD - [2014/06/26 11:46:01 | 017,024,688 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
MOD - [2014/06/18 18:17:59 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/14 07:00:49 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll
MOD - [2014/05/14 07:00:40 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6b0a1d4b63fb0ef68c0c1cd107ce9ba4\System.EnterpriseServices.ni.dll
MOD - [2014/05/14 07:00:38 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014/05/14 07:00:37 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014/04/21 15:24:48 | 000,392,704 | ---- | M] () -- C:\Program Files (x86)\Boost\BoostUpdater.exe
MOD - [2014/04/08 12:04:26 | 001,730,928 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\aspsys.dll
MOD - [2014/03/04 01:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/14 01:47:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/14 01:46:43 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll
MOD - [2014/02/14 01:45:53 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/14 01:41:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/14 01:41:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 01:41:06 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 01:41:05 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll
MOD - [2014/02/14 01:40:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 01:40:45 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/14 01:40:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 01:40:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/09/18 12:15:12 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/07/25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
MOD - [2012/07/25 12:03:12 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\unrar.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 23:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/12 03:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 03:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/13 17:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/07/15 01:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/11/18 01:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/05 07:49:44 | 000,318,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\focusbase\updatefocusbase.exe -- (Update focusbase)
SRV - [2014/07/05 07:48:36 | 000,318,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe -- (Util focusbase)
SRV - [2014/07/03 14:29:44 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurfYr174.exe -- (BlockAndSurf)
SRV - [2014/06/26 11:46:02 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/23 08:44:04 | 002,832,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/06/18 18:18:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/18 06:27:00 | 000,036,424 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/06/16 02:53:32 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\netupdsrv.exe -- (ServiceUpdater)
SRV - [2014/06/16 02:53:10 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\nethtsrv.exe -- (NetHttpService)
SRV - [2014/02/25 02:29:58 | 000,353,792 | ---- | M] () [Auto | Running] -- C:\Users\Thinkpad\AppData\Roaming\VOPackage\VOsrv.exe -- (VOsrv)
SRV - [2014/02/21 13:39:52 | 000,024,120 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/05/16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/11/04 00:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 00:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/04 05:35:40 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys -- ({2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64)
DRV:64bit: - [2014/06/16 02:53:50 | 000,046,160 | ---- | M] (nethfdrv) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nethfdrv.sys -- (nethfdrv)
DRV:64bit: - [2014/06/09 12:20:56 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys -- ({c8905eec-9eab-447c-84a8-9e864d454523}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/07/05 21:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/07/05 21:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/06/26 22:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/06/10 12:03:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/10 12:03:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/05/16 06:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/26 21:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/10/14 03:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/13 17:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 17:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/13 05:30:18 | 000,947,816 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/03/12 11:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 03:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 16:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/23 15:06:32 | 000,205,952 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009/11/18 01:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=686611601&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://speedial.com/...r=686611601&ir=
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ng}&rlz=1I7LENP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13920;https=127.0.0.1:13920
 
========== FireFox ==========
 
FF - prefs.js..CT3289847.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: ext%40RichMediaViewV1release767.net:1.1
FF - prefs.js..extensions.enabledAddons: boost%40boost.net:3.0.0.10
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.5.3
FF - prefs.js..extensions.enabledAddons: %7B2b929fe1-284b-4766-afb9-19b0915b99b0%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7BE1B16D30-15BD-D5B3-E2E0-5B23F8F57008%7D:1.174
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "http://search.condui...782220&UM=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BetterSurf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Better-Surf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release767\ff [2014/05/13 21:48:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 06:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E1B16D30-15BD-D5B3-E2E0-5B23F8F57008}: C:\Program Files (x86)\v01BlockAndSurf\174.xpi [2014/07/03 14:29:46 | 000,011,047 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/09/19 17:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Extensions
[2014/06/26 12:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions
[2014/06/26 12:04:26 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\[email protected]
[2014/05/15 19:03:00 | 000,041,472 | ---- | M] () (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\[email protected]
[2014/06/26 16:36:04 | 000,008,235 | ---- | M] () (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi
[2014/06/04 23:47:25 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/03 23:22:50 | 000,001,005 | ---- | M] () -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\searchplugins\conduit.xml
[2014/06/18 18:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/18 18:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/06/18 18:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/18 18:18:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/13 21:48:56 | 000,000,000 | ---D | M] (Rich Media View) -- C:\PROGRAM FILES (X86)\RICHMEDIAVIEWV1\RICHMEDIAVIEWV1RELEASE767\FF
[2014/07/03 14:29:46 | 000,011,047 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\V01BLOCKANDSURF\174.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...={searchTerms},
CHR - homepage: http://www.trovi.com...C868976F9&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Adblock Plus = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: BlockAndSurf = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghpppjpmpmfpanladiaggghbkeebmngg\1.174.0.0_0\
CHR - Extension: Boost = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\
CHR - Extension: Google Wallet = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Rich Media View = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\plagleapamahmpihnkoclmknbonaehgi\1.1_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Boost) - {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} - C:\Program Files (x86)\Boost\64Boost.dll (Jigsaw)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (BlockAndSurf) - {473D4253-D6EA-0FA0-B2F4-C7D70CFAC09A} - C:\Program Files (x86)\v01BlockAndSurf\174.dll ()
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Rich Media View) - {85c0c7b3-2f1e-4b22-a2a3-0957414fc189} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release767\ie\RichMediaViewV1release767.dll ()
O2 - BHO: (Boost) - {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} - C:\Program Files (x86)\Boost\Boost.dll (Jigsaw)
O2 - BHO: (focusbase) - {8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4} - C:\Program Files (x86)\focusbase\focusbaseBHO.dll (focusbase)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [fst_ca_161] C:\Program Files (x86)\fst_ca_161\fst_ca_161.exe ()
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [BlockAndSurf] C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurf.exe ()
O4 - HKCU..\Run: [PC Cleaner] C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe (PC Help Soft)
O4 - HKLM..\RunOnce: [upfst_ca_161.exe] C:\Users\Thinkpad\AppData\Local\fst_ca_161\upfst_ca_161.exe ()
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - Startup: C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk = C:\Program Files (x86)\Boost\BoostUpdater.exe ()
O4 - Startup: C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 107.20.195.51 107.20.190.171 209.87.239.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C80C92D-C3BA-43EE-A634-703570B16787}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EED5F43-C94A-4820-8D39-7239A9E81289}: DhcpNameServer = 107.20.195.51 107.20.190.171 209.87.239.21
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{3618d8fa-b316-11e1-8306-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3618d8fa-b316-11e1-8306-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/05 07:50:08 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
[2014/07/03 14:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v01BlockAndSurf
[2014/07/03 14:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy
[2014/07/03 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Local\fst_ca_161
[2014/07/03 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_ca_161
[2014/07/03 14:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/07/03 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/06/26 12:03:23 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys
[2014/06/26 11:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/06/26 11:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speedial
[2014/06/26 11:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner
[2014/06/26 11:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaner
[2014/06/26 11:16:21 | 000,608,262 | ---- | C] (Click Me In Limited) -- C:\Users\Thinkpad\AppData\Local\AnyProtectScannerSetup.exe
[2014/06/26 11:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/06/26 11:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/06/26 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/06/26 11:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/06/26 11:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/06/26 11:03:04 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/06/26 11:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2014/06/26 11:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/06/26 11:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boost
[2014/06/26 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\Systweak
[2014/06/26 11:02:33 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/06/26 11:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/06/26 11:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2014/06/26 11:02:14 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\VOPackage
[2014/06/26 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\focusbase
[2014/06/20 19:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Config
[2014/06/18 18:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/16 02:53:50 | 000,046,160 | ---- | C] (nethfdrv) -- C:\Windows\SysNative\drivers\nethfdrv.sys
[2014/06/05 14:29:45 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\MultiPDFConverter
[2014/06/05 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multi PDF Converter
[2014/06/05 14:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/06/05 12:24:29 | 000,000,000 | ---D | C] -- C:\Windows\en
[16 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Thinkpad\Documents\*.tmp files -> C:\Users\Thinkpad\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/05 08:48:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/05 08:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/05 08:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/05 08:19:53 | 000,001,122 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Continue VuuPC Installation.lnk
[2014/07/05 07:57:13 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/05 07:57:13 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/05 07:48:42 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/07/05 07:47:46 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\BlockAndSurf Update.job
[2014/07/05 07:47:35 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\BlockAndSurf_wd.job
[2014/07/05 07:47:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/05 07:47:15 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/04 05:35:40 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
[2014/07/03 15:57:11 | 000,001,350 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Clean Registry for Free!.lnk
[2014/07/03 15:02:11 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/07/03 14:30:12 | 000,000,336 | ---- | M] () -- C:\Windows\BRCALIB.INI
[2014/07/03 14:29:46 | 000,001,632 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/03 14:28:37 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/07/03 14:28:37 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/26 13:02:36 | 000,608,262 | ---- | M] (Click Me In Limited) -- C:\Users\Thinkpad\AppData\Local\AnyProtectScannerSetup.exe
[2014/06/26 11:37:18 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/06/26 11:16:30 | 000,001,046 | ---- | M] () -- C:\Users\Thinkpad\Desktop\PC Cleaner.lnk
[2014/06/26 11:04:46 | 000,001,989 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Sync Folder.lnk
[2014/06/26 11:04:17 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/26 11:03:22 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/06/26 11:03:05 | 000,001,117 | ---- | M] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/26 11:03:05 | 000,001,107 | ---- | M] () -- C:\Users\Thinkpad\Desktop\MyPC Backup.lnk
[2014/06/26 11:02:40 | 000,001,058 | ---- | M] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk
[2014/06/26 11:02:32 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/06/26 11:02:15 | 000,001,894 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Configure VO Package.lnk
[2014/06/24 12:08:10 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/24 12:08:10 | 000,667,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/24 12:08:10 | 000,126,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/16 02:53:50 | 000,046,160 | ---- | M] (nethfdrv) -- C:\Windows\SysNative\drivers\nethfdrv.sys
[2014/06/16 02:53:32 | 000,159,744 | ---- | M] () -- C:\Windows\SysWow64\netupdsrv.exe
[2014/06/16 02:53:20 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\installd.exe
[2014/06/16 02:53:10 | 000,180,224 | ---- | M] () -- C:\Windows\SysWow64\nethtsrv.exe
[2014/06/16 02:52:58 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\hfnapi.dll
[2014/06/16 02:52:50 | 000,246,784 | ---- | M] () -- C:\Windows\SysWow64\hfpapi.dll
[2014/06/09 12:20:56 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys
[2014/06/05 14:29:44 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Multi PDF Converter.lnk
[16 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Thinkpad\Documents\*.tmp files -> C:\Users\Thinkpad\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/03 14:29:47 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\BlockAndSurf Update.job
[2014/07/03 14:29:47 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\BlockAndSurf_wd.job
[2014/07/03 13:29:41 | 000,001,350 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Clean Registry for Free!.lnk
[2014/06/26 11:46:08 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/26 11:46:08 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/26 11:16:30 | 000,001,046 | ---- | C] () -- C:\Users\Thinkpad\Desktop\PC Cleaner.lnk
[2014/06/26 11:12:44 | 000,001,122 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Continue VuuPC Installation.lnk
[2014/06/26 11:04:46 | 000,001,989 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Sync Folder.lnk
[2014/06/26 11:04:17 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/26 11:03:22 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/06/26 11:03:05 | 000,001,117 | ---- | C] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/26 11:03:05 | 000,001,107 | ---- | C] () -- C:\Users\Thinkpad\Desktop\MyPC Backup.lnk
[2014/06/26 11:03:01 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/06/26 11:02:47 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/06/26 11:02:47 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/06/26 11:02:40 | 000,001,058 | ---- | C] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk
[2014/06/26 11:02:32 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/06/26 11:02:15 | 000,001,894 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Configure VO Package.lnk
[2014/06/16 02:53:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\netupdsrv.exe
[2014/06/16 02:53:20 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\installd.exe
[2014/06/16 02:53:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nethtsrv.exe
[2014/06/16 02:52:58 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\hfnapi.dll
[2014/06/16 02:52:50 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\hfpapi.dll
[2014/06/05 14:29:44 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi PDF Converter.lnk
[2014/06/05 14:29:44 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Multi PDF Converter.lnk
[2014/06/05 12:24:10 | 000,001,321 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014/06/05 12:20:51 | 000,002,209 | ---- | C] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/01/29 11:54:08 | 000,001,632 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/06 13:11:49 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2012/09/25 09:59:47 | 000,000,828 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/09/25 09:59:47 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/09/25 09:58:13 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/09/25 09:58:13 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/09/25 09:58:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/09/25 09:58:09 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/09/19 17:30:58 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/09/19 17:30:56 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/09/19 17:30:54 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/09/19 16:39:33 | 000,766,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/06 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\ControlCenter4
[2014/03/30 10:23:07 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Dropbox
[2014/01/07 11:31:43 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\DropboxMaster
[2012/10/12 13:02:59 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\InterVideo
[2012/09/19 11:32:20 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Leadertech
[2014/06/05 14:29:45 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\MultiPDFConverter
[2013/01/31 15:07:27 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Nuance
[2012/11/29 16:05:14 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\PC-FAX TX
[2014/02/05 15:02:39 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\PwrMgr
[2013/12/27 16:02:38 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\SoftGrid Client
[2014/06/26 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Systweak
[2012/09/24 13:31:11 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\TP
[2014/06/26 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\VOPackage
[2012/10/23 12:06:15 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 

 

 


  • 0

Advertisements

#2
Essexboy
Posted 05 July 2014 - 07:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, you appear to have more adware than MS files on your system... So lets fix that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/07/05 07:49:44 | 000,318,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\focusbase\updatefocusbase.exe -- (Update focusbase)
SRV - [2014/07/05 07:48:36 | 000,318,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\focusbase\bin\utilfocusbase.exe -- (Util focusbase)
SRV - [2014/07/03 14:29:44 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurfYr174.exe -- (BlockAndSurf)
SRV - [2014/06/23 08:44:04 | 002,832,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/06/18 06:27:00 | 000,036,424 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/06/16 02:53:32 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\netupdsrv.exe -- (ServiceUpdater)
SRV - [2014/06/16 02:53:10 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\nethtsrv.exe -- (NetHttpService)
SRV - [2014/02/25 02:29:58 | 000,353,792 | ---- | M] () [Auto | Running] -- C:\Users\Thinkpad\AppData\Roaming\VOPackage\VOsrv.exe -- (VOsrv)
SRV - [2014/02/21 13:39:52 | 000,024,120 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
DRV:64bit: - [2014/07/04 05:35:40 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys -- ({2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64)
DRV:64bit: - [2014/06/16 02:53:50 | 000,046,160 | ---- | M] (nethfdrv) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nethfdrv.sys -- (nethfdrv)
DRV:64bit: - [2014/06/09 12:20:56 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys -- ({c8905eec-9eab-447c-84a8-9e864d454523}Gw64)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=686611601&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://speedial.com/...r=686611601&ir=
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13920;https=127.0.0.1:13920
FF - prefs.js..CT3289847.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledAddons: ext%40RichMediaViewV1release767.net:1.1
FF - prefs.js..extensions.enabledAddons: boost%40boost.net:3.0.0.10
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.5.3
FF - prefs.js..extensions.enabledAddons: %7B2b929fe1-284b-4766-afb9-19b0915b99b0%7D:1.0.1
FF - prefs.js..keyword.URL: "http://search.condui...782220&UM=2&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BetterSurf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Better-Surf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release767\ff [2014/05/13 21:48:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E1B16D30-15BD-D5B3-E2E0-5B23F8F57008}: C:\Program Files (x86)\v01BlockAndSurf\174.xpi [2014/07/03 14:29:46 | 000,011,047 | ---- | M] ()
[2014/06/26 12:04:26 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\[email protected]
[2014/05/15 19:03:00 | 000,041,472 | ---- | M] () (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\[email protected]
[2014/06/26 16:36:04 | 000,008,235 | ---- | M] () (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\{2b929fe1-284b-4766-afb9-19b0915b99b0}.xpi
[2014/06/04 23:47:25 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/03 23:22:50 | 000,001,005 | ---- | M] () -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\searchplugins\conduit.xml
[2014/05/13 21:48:56 | 000,000,000 | ---D | M] (Rich Media View) -- C:\PROGRAM FILES (X86)\RICHMEDIAVIEWV1\RICHMEDIAVIEWV1RELEASE767\FF
[2014/07/03 14:29:46 | 000,011,047 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\V01BLOCKANDSURF\174.XPI
O2:64bit: - BHO: (Boost) - {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} - C:\Program Files (x86)\Boost\64Boost.dll (Jigsaw)
O2 - BHO: (Rich Media View) - {85c0c7b3-2f1e-4b22-a2a3-0957414fc189} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release767\ie\RichMediaViewV1release767.dll ()
O2 - BHO: (Boost) - {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} - C:\Program Files (x86)\Boost\Boost.dll (Jigsaw)
O2 - BHO: (focusbase) - {8fda85d4-b14a-49f5-9de6-f91c4ec5aaf4} - C:\Program Files (x86)\focusbase\focusbaseBHO.dll (focusbase)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [fst_ca_161] C:\Program Files (x86)\fst_ca_161\fst_ca_161.exe ()
O4 - HKCU..\Run: [BlockAndSurf] C:\Program Files (x86)\v01BlockAndSurf\BlockAndSurf.exe ()
O4 - HKCU..\Run: [PC Cleaner] C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe (PC Help Soft)
O4 - HKLM..\RunOnce: [upfst_ca_161.exe] C:\Users\Thinkpad\AppData\Local\fst_ca_161\upfst_ca_161.exe ()
O4 - Startup: C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk = C:\Program Files (x86)\Boost\BoostUpdater.exe ()
O4 - Startup: C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll ()
[2014/07/05 07:50:08 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
[2014/07/03 14:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v01BlockAndSurf
[2014/07/03 14:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy
[2014/07/03 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Local\fst_ca_161
[2014/07/03 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_ca_161
[2014/06/26 12:03:23 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys
[2014/06/26 11:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speedial
[2014/06/26 11:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner
[2014/06/26 11:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaner
[2014/06/26 11:16:21 | 000,608,262 | ---- | C] (Click Me In Limited) -- C:\Users\Thinkpad\AppData\Local\AnyProtectScannerSetup.exe
[2014/06/26 11:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/06/26 11:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/06/26 11:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/06/26 11:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/06/26 11:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/06/26 11:03:04 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/06/26 11:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2014/06/26 11:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/06/26 11:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boost
[2014/06/26 11:02:34 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\Systweak
[2014/06/26 11:02:33 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/06/26 11:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/06/26 11:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2014/06/26 11:02:14 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\VOPackage
[2014/06/26 11:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\focusbase
[2014/06/16 02:53:50 | 000,046,160 | ---- | C] (nethfdrv) -- C:\Windows\SysNative\drivers\nethfdrv.sys
[2014/07/05 08:19:53 | 000,001,122 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Continue VuuPC Installation.lnk
[2014/07/05 07:48:42 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/07/05 07:47:46 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\BlockAndSurf Update.job
[2014/07/05 07:47:35 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\BlockAndSurf_wd.job
[2014/07/04 05:35:40 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys
[2014/07/03 15:57:11 | 000,001,350 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Clean Registry for Free!.lnk
[2014/07/03 15:02:11 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/06/26 13:02:36 | 000,608,262 | ---- | M] (Click Me In Limited) -- C:\Users\Thinkpad\AppData\Local\AnyProtectScannerSetup.exe
[2014/06/26 11:37:18 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/06/26 11:16:30 | 000,001,046 | ---- | M] () -- C:\Users\Thinkpad\Desktop\PC Cleaner.lnk
[2014/06/26 11:04:46 | 000,001,989 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Sync Folder.lnk
[2014/06/26 11:04:17 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/26 11:03:22 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/06/26 11:03:05 | 000,001,117 | ---- | M] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/26 11:03:05 | 000,001,107 | ---- | M] () -- C:\Users\Thinkpad\Desktop\MyPC Backup.lnk
[2014/06/26 11:02:40 | 000,001,058 | ---- | M] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk
[2014/06/26 11:02:32 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/06/26 11:02:15 | 000,001,894 | ---- | M] () -- C:\Users\Thinkpad\Desktop\Configure VO Package.lnk
[2014/06/16 02:53:32 | 000,159,744 | ---- | M] () -- C:\Windows\SysWow64\netupdsrv.exe
[2014/06/16 02:53:20 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\installd.exe
[2014/06/16 02:53:10 | 000,180,224 | ---- | M] () -- C:\Windows\SysWow64\nethtsrv.exe
[2014/06/16 02:52:58 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\hfnapi.dll
[2014/06/16 02:52:50 | 000,246,784 | ---- | M] () -- C:\Windows\SysWow64\hfpapi.dll
[2014/06/09 12:20:56 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys
[2014/07/03 14:29:47 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\BlockAndSurf Update.job
[2014/07/03 14:29:47 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\BlockAndSurf_wd.job
[2014/07/03 13:29:41 | 000,001,350 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Clean Registry for Free!.lnk
[2014/06/26 11:16:30 | 000,001,046 | ---- | C] () -- C:\Users\Thinkpad\Desktop\PC Cleaner.lnk
[2014/06/26 11:12:44 | 000,001,122 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Continue VuuPC Installation.lnk
[2014/06/26 11:04:46 | 000,001,989 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Sync Folder.lnk
[2014/06/26 11:04:17 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/06/26 11:03:22 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/06/26 11:03:05 | 000,001,117 | ---- | C] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/26 11:03:05 | 000,001,107 | ---- | C] () -- C:\Users\Thinkpad\Desktop\MyPC Backup.lnk
[2014/06/26 11:03:01 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/06/26 11:02:47 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/06/26 11:02:47 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/06/26 11:02:40 | 000,001,058 | ---- | C] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk
[2014/06/26 11:02:32 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/06/26 11:02:15 | 000,001,894 | ---- | C] () -- C:\Users\Thinkpad\Desktop\Configure VO Package.lnk
[2014/06/16 02:53:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\netupdsrv.exe
[2014/06/16 02:53:20 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\installd.exe
[2014/06/16 02:53:10 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nethtsrv.exe
[2014/06/16 02:52:58 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\hfnapi.dll
[2014/06/16 02:52:50 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\hfpapi.dll
[2014/06/05 14:29:44 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi PDF Converter.lnk
[2014/06/05 14:29:44 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Multi PDF Converter.lnk
[2014/06/26 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Systweak
[2014/06/26 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\VOPackage

:Files
C:\Program Files (x86)\focusbase
C:\Program Files (x86)\v01BlockAndSurf
C:\Program Files (x86)\fst_ca_161
C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\SysWOW64\nethtsrv.exe
C:\Program Files (x86)\Advanced System Protector
C:\Users\Thinkpad\AppData\Roaming\VOPackage
C:\Program Files (x86)\Lenovo\System Update
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\RichMediaViewV1
C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghpppjpmpmfpanladiaggghbkeebmngg
C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\plagleapamahmpihnkoclmknbonaehgi
C:\Program Files (x86)\Boost
C:\Program Files (x86)\PC Cleaner

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#3
Steric
Posted 05 July 2014 - 09:30 AM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Thanks for the quick response. Here are the results.

 

 

# AdwCleaner v3.214 - Report created 05/07/2014 at 11:19:18
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Thinkpad - THINKPADEDGE15
# Running from : C:\Users\Thinkpad\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MediaBuzzV1
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\MediaViewerV1
Folder Deleted : C:\Program Files (x86)\MediaViewV1
Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\WebexpEnhancedV1
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Thinkpad\AppData\Local\Conduit
Folder Deleted : C:\Users\Thinkpad\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Thinkpad\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Thinkpad\AppData\Local\fst_ca_161
Folder Deleted : C:\Users\Thinkpad\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Thinkpad\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn
File Deleted : C:\END
File Deleted : C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\invalidprefs.js
File Deleted : C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\user.js
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\System32\Tasks\BlockAndSurf Update
File Deleted : C:\Windows\System32\Tasks\BlockAndSurf_wd
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{473D4253-D6EA-0FA0-B2F4-C7D70CFAC09A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{473D4253-D6EA-0FA0-B2F4-C7D70CFAC09A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{473D4253-D6EA-0FA0-B2F4-C7D70CFAC09A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{473D4253-D6EA-0FA0-B2F4-C7D70CFAC09A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtectInt2
Key Deleted : HKCU\Software\Speedial
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\blockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoftToday_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\prefs.js ]

Line Deleted : user_pref("CT3289847.FF19Solved", "true");
Line Deleted : user_pref("CT3289847.UserID", "UN56969275354782220");
Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "");
Line Deleted : user_pref("CT3289847.installDate", "3/4/2013 23:22:49");
Line Deleted : user_pref("CT3289847.installerVersion", "1.3.7.3");
Line Deleted : user_pref("CT3289847.keyword", "true");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN56969275354782220&UM=2&UP=SP40137514-573C-4C9C-B982-9DDC868976F9");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN56969275354782220&UM=2&SearchSource=3&q={searchTerms}");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN57877009924077198&ctid=CT3289847&sspv=TB_CC&UM=2
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3289847&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN57877009924077198&UM=2&UP=SP40137514-573C-4C9C-B982-9DDC868976F9&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3319734&octid=EB_ORIGINAL_CTID&ISID=ME2D40183-DF9C-4FDE-B324-7C8024111AE2&SearchSource=55&CUI=&UM=5&UP=SP40137514-573C-4C9C-B982-9DDC868976F9&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3319734&octid=EB_ORIGINAL_CTID&ISID=ME2D40183-DF9C-4FDE-B324-7C8024111AE2&SearchSource=55&CUI=&UM=5&UP=SP40137514-573C-4C9C-B982-9DDC868976F9&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : igckfjdcbkimejmjmpmebffdjjjgncfn
Deleted [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Deleted [Extension] : poheodfamflhhhdcmjfeggbgigeefaco

*************************

AdwCleaner[R0].txt - [11819 octets] - [05/07/2014 11:17:00]
AdwCleaner[S0].txt - [11497 octets] - [05/07/2014 11:19:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11558 octets] ##########
 

 

 

 

 

OTL logfile created on: 05/07/2014 11:23:19 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thinkpad\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.80 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 67.65% Memory free
7.60 Gb Paging File | 6.26 Gb Available in Paging File | 82.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.91 Gb Total Space | 222.81 Gb Free Space | 78.20% Space Free | Partition Type: NTFS
Drive Q: | 11.72 Gb Total Space | 3.16 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
 
Computer Name: THINKPADEDGE15 | User Name: Thinkpad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/05 08:51:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thinkpad\Desktop\OTL.exe
PRC - [2014/06/18 18:18:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/04 02:37:18 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/07/12 05:03:34 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/11/04 00:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 00:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/18 18:17:59 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/12 03:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 03:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/13 17:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/07/15 01:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/11/18 01:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/06/26 11:46:02 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/18 18:18:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/05/16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/03/09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/11/04 00:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 00:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/07/05 21:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/07/05 21:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/06/26 22:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/06/10 12:03:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/10 12:03:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/05/16 06:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/26 21:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/10/14 03:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/13 17:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 17:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/13 05:30:18 | 000,947,816 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/03/12 11:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 03:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 16:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/23 15:06:32 | 000,205,952 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009/11/18 01:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 06:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/09/19 17:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Extensions
[2014/07/05 11:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thinkpad\AppData\Roaming\Mozilla\Firefox\Profiles\gh0ryyc8.default\extensions
[2014/06/18 18:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/18 18:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/06/18 18:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/18 18:18:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...={searchTerms},
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Adblock Plus = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Wallet = C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/07/05 11:08:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thinkpad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 107.20.195.51 107.20.190.171 209.87.239.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C80C92D-C3BA-43EE-A634-703570B16787}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EED5F43-C94A-4820-8D39-7239A9E81289}: DhcpNameServer = 107.20.195.51 107.20.190.171 209.87.239.21
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{3618d8fa-b316-11e1-8306-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3618d8fa-b316-11e1-8306-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/05 11:17:21 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/05 11:16:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/05 11:03:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/05 08:51:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thinkpad\Desktop\OTL.exe
[2014/07/03 14:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/07/03 14:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/06/26 11:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/06/20 19:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Config
[2014/06/18 18:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/05 14:29:45 | 000,000,000 | ---D | C] -- C:\Users\Thinkpad\AppData\Roaming\MultiPDFConverter
[2014/06/05 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multi PDF Converter
[2014/06/05 14:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/06/05 12:24:29 | 000,000,000 | ---D | C] -- C:\Windows\en
[1 C:\Users\Thinkpad\Documents\*.tmp files -> C:\Users\Thinkpad\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/05 11:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/05 11:20:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/05 11:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/05 11:20:15 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/05 11:18:50 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/05 11:18:50 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/05 11:15:05 | 001,346,519 | ---- | M] () -- C:\Users\Thinkpad\Desktop\AdwCleaner.exe
[2014/07/05 11:08:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/07/05 09:48:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/05 08:51:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thinkpad\Desktop\OTL.exe
[2014/07/03 14:30:12 | 000,000,336 | ---- | M] () -- C:\Windows\BRCALIB.INI
[2014/07/03 14:29:46 | 000,001,632 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/03 14:28:37 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/24 12:08:10 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/24 12:08:10 | 000,667,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/24 12:08:10 | 000,126,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Users\Thinkpad\Documents\*.tmp files -> C:\Users\Thinkpad\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/05 11:14:58 | 001,346,519 | ---- | C] () -- C:\Users\Thinkpad\Desktop\AdwCleaner.exe
[2014/06/26 11:46:08 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/05 12:24:10 | 000,001,321 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014/06/05 12:20:51 | 000,002,209 | ---- | C] () -- C:\Users\Thinkpad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/01/29 11:54:08 | 000,001,632 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/06 13:11:49 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2012/09/25 09:59:47 | 000,000,828 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/09/25 09:59:47 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/09/25 09:58:13 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/09/25 09:58:13 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/09/25 09:58:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/09/25 09:58:09 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/09/19 17:30:58 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/09/19 17:30:56 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/09/19 17:30:54 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/09/19 16:39:33 | 000,766,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/06 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\ControlCenter4
[2014/03/30 10:23:07 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Dropbox
[2014/01/07 11:31:43 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\DropboxMaster
[2012/10/12 13:02:59 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\InterVideo
[2012/09/19 11:32:20 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Leadertech
[2014/06/05 14:29:45 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\MultiPDFConverter
[2013/01/31 15:07:27 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Nuance
[2012/11/29 16:05:14 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\PC-FAX TX
[2014/02/05 15:02:39 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\PwrMgr
[2013/12/27 16:02:38 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\SoftGrid Client
[2012/09/24 13:31:11 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\TP
[2012/10/23 12:06:15 | 000,000,000 | ---D | M] -- C:\Users\Thinkpad\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

#4
Essexboy
Posted 05 July 2014 - 09:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looking much better, a sweep for orphans now...

How is the computer behaving ?

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
  • 0

#5
Steric
Posted 05 July 2014 - 12:44 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Things appear better. No pop ups popping up...things running a little faster/smoother seemingly.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05/07/2014
Scan Time: 2:25:46 PM
Logfile: mal.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.05.09
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Thinkpad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279859
Time Elapsed: 11 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Quarantined, [839fcad14f2c05315a1ed57714ee5fa1],
PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Quarantined, [839fcad14f2c05315a1ed57714ee5fa1],
PUP.Optional.FocusBase.A, HKLM\SOFTWARE\WOW6432NODE\focusbase, Quarantined, [a77bdcbf9fdc84b240f550be6a9a3fc1],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\WOW6432NODE\RichMediaViewV1release767, Quarantined, [fe242873e99241f5f6bcc1fdbb473ac6],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mmifolfpllfdhilecpdpmemhelmanajl, Quarantined, [67bb504bc0bb201651e4fbc142c09f61],
PUP.Optional.FocusBase.A, HKU\S-1-5-21-2875010326-3697926104-1799906545-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\focusbase, Quarantined, [60c2bcdf611a1b1b8ea88d814fb537c9],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-2875010326-3697926104-1799906545-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [988a1883bac12412a1010ea6bc460af6],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
PUP.Optional.OptimumInstaller.A, C:\Users\Thinkpad\Downloads\Player-Chrome.exe, Quarantined, [bc665c3f9ae1f343bd3c55fefb065ba5],
PUP.Optional.BetterDeals.A, C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, Quarantined, [c35f3f5cb7c487af3ff31c9f9c66946c],
PUP.Optional.BetterDeals.A, C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, Quarantined, [7ea412895c1f38fe1b17d7e4df23c040],
PUP.Optional.LiveLyrics.A, C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [58cafe9dbdbefa3c4e21b10f5ca6e61a],
PUP.Optional.LiveLyrics.A, C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [0220ecaf7b002b0b0d627a466999ad53],
PUP.Optional.PricePeep.A, C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage, Quarantined, [2002debd9ae15adccf2cc448ec18f907],
PUP.Optional.PricePeep.A, C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal, Quarantined, [72b0900b6e0d1323f30851bb739160a0],
PUP.Optional.Conduit.A, C:\Users\Thinkpad\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: (        "search_url": "http://search.condui...9DDC868976F9&q={searchTerms}&SSPV=",), Replaced,[df43f8a37a01b284df0ec5fe9c682fd1]

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#6
Essexboy
Posted 05 July 2014 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems before I remove the tools and tidy up ?
  • 0

#7
Steric
Posted 05 July 2014 - 09:12 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

No, no other problems.


  • 0

#8
Essexboy
Posted 06 July 2014 - 04:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Steric
Posted 06 July 2014 - 08:16 AM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Thank you for the help!


  • 0

#10
Essexboy
Posted 06 July 2014 - 08:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure
  • 0

#11
Essexboy
Posted 07 July 2014 - 06:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP