Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/Swrort.A.10259 infected Chrome, may have remote accessed programs [

trojan.swrort.a chrome

  • This topic is locked This topic is locked

#1
Sonnet29

Sonnet29

    Member

  • Member
  • PipPip
  • 31 posts

On 7/21/14 Avira Free Antivirus blocked and quarantined 16+ instances of TR/Swrort.A.10259. I think these were in Chrome. During this time, Chrome ultimately became unresponsive. I think I had around that many tabs open, but I can't check. After a force close, I found that the Chrome.exe had been renamed (to either chrome_new or new_chrome), I'm assuming as a result of Avira quarantining the infected items.

 

During and after this, I started to occasionally hear a strange whirring/grinding noise in a certain part of my laptop. My laptop also seemed to start running slowly. I have never heard my laptop make this noise before. It is a Lenovo Z570, and the noise occurred in the bottom left corner. Is it possible that something was being remotely accessed? In specific, could my web camera have been accessed without the light switching on to signify this? Is there any way to check if such items were remotely accessed, or anything else? These are my concerns.

 

As a follow up after the Chrome items were quarantined, I returned Chrome's filename to Chrome.exe. I installed Windows updates, and then did a scan with Malwarebytes Anti-Malware and Avira Free Antivirus. No malicious items were found. Avira detected 2935 hidden objects which seemed an unusually high number though I'm not sure if that information is helpful.

 

I'm not sure how I got this virus as I was not browsing any sites known to be dangerous, and they were all sites that I visit on a daily basis. If it would be helpful I could try to pick out from my history which tabs I had open exactly. I also have not downloaded anything recently.

 

EDIT: Learned that TR/Swrort.A.10259 is a false alarm from another thread about the same infection. However, I would still greatly appreciate a confirmation/an OK that my computer is in the clear. How was such a false alarm detected? 

 

Here is my OTL log, thanks in advance for your help:

 

OTL logfile created on: 7/23/2014 2:31:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jessica\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.92 Gb Total Physical Memory | 4.23 Gb Available Physical Memory | 71.45% Memory free
11.83 Gb Paging File | 10.04 Gb Available in Paging File | 84.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 173.91 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 25.95 Gb Free Space | 89.49% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/07/22 11:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
PRC - [2014/07/03 11:36:25 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/07/03 11:36:17 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/07/03 11:36:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/12/26 19:42:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/04/09 19:37:50 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2012/04/09 19:34:35 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012/02/26 23:58:14 | 000,041,304 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/04 21:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/01/19 06:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/09 19:37:50 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2012/04/09 19:34:34 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012/02/26 23:57:52 | 000,249,688 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
MOD - [2012/02/26 23:57:36 | 000,241,496 | ---- | M] () -- C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
MOD - [2010/11/11 06:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/11/11 06:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 23:58:04 | 000,082,264 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:32:18 | 000,994,064 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2011/07/27 17:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 16:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 16:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/02/15 08:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2014/07/03 11:36:25 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/07/03 11:36:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/26 19:42:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/13 00:53:54 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/03 11:36:17 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/05/27 06:42:47 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/26 19:42:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/10/07 09:11:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/05 18:11:18 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/06/08 12:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/06/08 12:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/06/02 02:25:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/09 19:49:57 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/04/09 19:49:55 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/04/09 19:36:22 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/04/09 19:36:22 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 23:58:02 | 000,032,600 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2012/02/26 23:58:02 | 000,027,992 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2012/02/26 23:58:00 | 000,032,600 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2012/02/26 23:58:00 | 000,022,360 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2011/09/28 23:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/28 23:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 13:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/18 04:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/15 02:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/02/15 02:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/02/15 02:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/02/15 02:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/02/15 02:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/02/14 09:50:02 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/12/22 08:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/04 21:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 01:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 18:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ng}&rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013/02/01 21:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: AdBlock = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\
CHR - Extension: AdBlock = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.8_0\
CHR - Extension: Gestures for Google Chromeâ„¢ = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0\
CHR - Extension: Auto Replay for YouTubeâ„¢ = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.35_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.1.0_0\
CHR - Extension: Google Wallet = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Akari URL Shortener = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofmmbnabogmjpbdniiifakjplajbpok\1.22_0\
 
O1 HOSTS File: ([2013/02/15 01:48:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [WTClient] C:\windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://labo.erinn.bi...012.04.25.0.cab (MabinogiWebAvatarRenderer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4A37F62-3751-4FDB-8CC0-85440B10321D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bfb19f09-ac77-11e1-82bd-c01885ec8803}\Shell - "" = AutoRun
O33 - MountPoints2\{bfb19f09-ac77-11e1-82bd-c01885ec8803}\Shell\AutoRun\command - "" = E:\autorun.exe -auto
O33 - MountPoints2\{bfb19f0f-ac77-11e1-82bd-c01885ec8803}\Shell - "" = AutoRun
O33 - MountPoints2\{bfb19f0f-ac77-11e1-82bd-c01885ec8803}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/22 11:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2014/07/22 04:23:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV
[2014/07/22 04:23:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV
[2014/07/10 23:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/07/08 02:54:24 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/08 02:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/08 02:53:23 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/07/08 02:53:23 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/07/08 02:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/14 21:24:56 | 000,607,664 | ---- | C] (Neople inc) -- C:\Users\Jessica\AppData\Local\DFOIns.exe
[2014/05/14 18:30:16 | 000,477,104 | ---- | C] (Neople inc) -- C:\Users\Jessica\AppData\Local\NeopleCustomURLStarter.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/23 02:21:18 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001Core.job
[2014/07/23 02:19:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/23 02:13:59 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001UA.job
[2014/07/23 02:13:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/22 11:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2014/07/22 04:43:39 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/22 04:43:39 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/22 04:42:02 | 000,783,360 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/07/22 04:42:02 | 000,663,086 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/07/22 04:42:02 | 000,122,664 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/07/22 04:37:03 | 000,149,745 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/07/22 04:36:21 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/22 04:35:42 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/22 04:30:40 | 000,324,240 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/22 03:48:06 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/21 23:26:45 | 000,007,609 | ---- | M] () -- C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
[2014/07/20 19:19:26 | 000,001,182 | ---- | M] () -- C:\Users\Jessica\Desktop\ Mabinogi .lnk
[2014/07/17 14:22:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/08 05:36:45 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2014/07/08 02:53:27 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/03 11:36:17 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/01/28 20:21:50 | 000,001,401 | ---- | C] () -- C:\windows\Tablet10000x6250M.ini
[2013/11/14 04:21:08 | 000,000,218 | ---- | C] () -- C:\Users\Jessica\.recently-used.xbel
[2013/03/18 01:48:04 | 000,344,472 | ---- | C] () -- C:\windows\SetupX32.EXE
[2013/02/12 13:12:01 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-JESSICA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/12/14 03:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/12/14 03:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/11/02 18:04:13 | 000,007,609 | ---- | C] () -- C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
[2012/09/02 15:54:02 | 000,775,974 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/21 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\.purple
[2013/04/13 00:14:18 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Braid
[2012/06/02 02:32:48 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\DAEMON Tools Pro
[2014/02/04 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Dropbox
[2013/12/05 23:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Foxit Software
[2012/11/13 23:27:29 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\gtk-2.0
[2012/09/11 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\LibreOffice
[2012/06/21 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\LolClient
[2014/07/18 03:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Mumble
[2012/06/06 23:50:02 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ooVoo Details
[2013/10/13 01:32:27 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Origin
[2013/06/30 01:33:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\puush
[2014/03/23 19:09:46 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\qBittorrent
[2013/08/22 02:31:48 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\SoftGrid Client
[2014/01/29 04:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\SYSTEMAX Software Development
[2012/09/09 23:23:38 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\TP
[2013/04/24 16:53:50 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >

Edited by Sonnet29, 23 July 2014 - 10:01 PM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Very sorry that you've had to wait so long. We've been quite busy.

 

I'll be looking at your posted log and will be back with you within the next 24 hours.


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

I am back with a fix for you and some additional scans that I'd like you to run. You expressed concern about sounds from your computer as well as alerts from MBAM and Avira. I can't really tell you what those might have been, but based on your OTL log I don't see anything of real concern or severity. There are a few browser related items I'm cleaning up, but those are just from browsing and nothing of a concerning nature.

 

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
:Commands

[createrestorepoint]



:OTL
PRC - File not found --

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
 
:commands

[resethosts]

[emptytemp]

[reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

 

Please include the content of this logfile in your next reply.

 

Next,

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next, download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the box:

    Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Last, rerun OTL as you did previously, but this time just press the Quick Scan button. When OTL completes you will find one log, OTL.TXT. Please post that with the adwCleaner log, the Junkware log, the ZOEK log and the Security Log.


  • 0

#4
Sonnet29

Sonnet29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi, thanks so much for your help! Sorry for the late reply, will follow up tomorrow ASAP.


Edited by Sonnet29, 03 August 2014 - 12:44 AM.

  • 0

#5
Sonnet29

Sonnet29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hello Biscuithd,
 
I ran the script in OTL as requested, and twice it has become unresponsive; on the bottom it says "Processing PRC - File not found --..."
 
Since OTL freezes on that script, I proceeded with the following steps.
 
Here are the results in AdwCleaner[S1].txt:
 

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 12:14:49
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jessica - JESSICA-PC
# Boot Mode : Normal
# Running from : C:\Users\Jessica\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Jessica\AppData\Local\Coupon Companion Plugin
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKLM\Software\PIP
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Registry is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [950 octets] - [12/02/2013 12:14:49]
 
########## EOF - C:\AdwCleaner[S1].txt - [1009 octets] ##########
 

And the contents of JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jessica on Sun 08/03/2014 at 20:28:20.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{00131306-D7A1-45F4-83B3-81F48A3BEEEF}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{09628B44-DB4F-459A-9D6F-9179B0792A0B}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{09C03ED3-4765-4BB1-ACDB-F51346773E3A}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{14734A7C-7CFE-4895-B000-FBF043202AD2}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{1C9B8AD8-5943-45C4-BE0D-4D9A16A0319E}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{21ED709B-BF8C-4945-B522-B912B86DF15D}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{278D1C4F-8545-4E29-B98C-4E148D1FCCF7}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{2BCD9C68-7D50-495C-A91E-1636B8921AA3}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{304BD470-0B97-4DD9-BBFE-039A44111765}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{3657A309-965F-4FF4-B954-934A2FC48556}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{39270AB4-A114-40C8-A8DA-9CB64C2ACA7C}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{3FCDC689-E1A7-40CF-A3B5-F40078504282}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{42054C5E-9B6E-4AB2-BDF9-DF1660D3D4BE}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{4BA487E5-83CC-4C63-B6F7-7027EC22C47A}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{50D5745E-27A9-4F4F-8E2A-442A5BFF5724}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{52F618AE-66B6-46A4-8502-AF0D09671C4E}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{5439F21F-EC0E-4A16-8F38-02C65593C2CC}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{55BF9DC8-7FB7-4FD3-8F09-96FBE55760B2}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{66778C15-6FD8-4F94-8D57-D17EDBEF8A87}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{667BC8E8-9A75-496B-BE0C-64581776F0B5}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{66B29C28-7EF1-47E8-A617-019A6E829493}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{6B52F742-1C25-4877-B98B-5C10FB5CA9E1}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{6D08256C-66F1-4679-86DD-C65BEAEF3A4F}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{7CC18E3F-0690-4D56-A81C-C19F41CD0BD0}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{7DB41664-3079-422A-9E43-5FFEFC6968A9}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{814992D7-92F6-42C2-BC05-AFE1941E9086}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{836C0084-30CD-42E0-B273-93265D5C7996}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{840CEE37-9DD9-4F6E-9EAA-780B9D48C84F}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{888DD72F-D881-4240-8157-1F035CACDF1B}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{8AE94913-14F6-4855-BD28-260152DD908B}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{9090D4A4-ABC6-4BC5-865A-8527D78C26E2}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{90C719C1-A60A-42C1-8231-BDD7B09312E3}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{9EE86B57-8BAE-49F3-8D2B-0540E8D1959A}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{9EEE1D8F-EC80-4F99-94D7-791B7BAAC02E}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{A7ADCED1-FF55-45B7-9804-4089F465971D}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{A8D7F305-6D3E-463E-9F44-FD74FA0B0BD6}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{B19A33D5-0BF3-4586-A543-C1EE6B6E8641}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{B2F66C37-B974-4F31-9143-74B49F7B8594}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{BA950487-9E7D-47D8-9518-D496E5E2B6BC}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{BDD1E828-4B97-4740-955A-6224BDB46444}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{BF45F82F-0179-46D8-9CA4-B05BA5C7F74B}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{BF8773CE-869C-4236-B83E-7FF80A203C70}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{C4CED7F2-9A9B-4650-AE8B-15704A1A4568}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{C571474B-113E-4846-86AC-B3510DA68EF4}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{CEF384B9-EC2A-405E-B02A-F65CEE81BB35}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{D1AF9E6E-F57F-4FF7-92BD-0A99EABD1A3A}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{D6024889-E6EA-4D31-A9E8-35428878145A}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{DA813DBF-0F14-4392-A8A0-FF8BD3F9AF6F}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{E01999B0-85F7-4F0F-B9CB-09CE00999A40}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{E14D9872-8A38-4D8B-9181-0100E8080FD9}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{E7F41C38-34F6-4222-9DB9-2837BCEA5344}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{F5CCDC79-447F-4771-8DB3-E6D6CEC40506}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{F7D283F2-1CCE-4D36-911A-C438F22D9161}
Successfully deleted: [Empty Folder] C:\Users\Jessica\appdata\local\{F9C5F388-EE2E-483A-B4B7-4490B686F073}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/03/2014 at 20:33:27.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Next, while zoek.exe was running, 5 windows came up, each with the name of a file. These files (followed by the contents of the message) are:
 

C:\Users\Jessica\AppData\Local\Temp\os.vbs
C:\Users\Jessica\AppData\Local\Temp\test.vbs
C:\Users\Jessica\AppData\Local\Temp\drt.vbs
C:\Users\Jessica\AppData\Local\Temp\scripttest.vbs
C:\Users\Jessica\AppData\Local\Temp\folderchk.vbs
This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.
 
Here are the contents of zoek-results.log:
 

 
Zoek.exe v5.0.0.0 Updated 03-August-2014
Tool run by Jessica on Sun 08/03/2014 at 20:46:50.28.
Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 WMI=failure
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jessica\Desktop\zoek.exe
 
Scripts are disabled or blocked by a security program, you cannot run zoek.exe
Disable security programs or enable scripting, and try again.
 
==== Reset WMI ======================
 
The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.
 
   Security Center
   IP Helper
 
The Security Center service is stopping.
The Security Center service was stopped successfully.
 
The IP Helper service is stopping.
The IP Helper service was stopped successfully.
 
The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.
 
C:\windows\system32\wbem\repository renamed to repository.old
C:\windows\syswow64\wbem\repository renamed to repository.old
 
==== C:\zoek_backup content ======================
 
 
==== After Reboot ======================
 
==== EOF on Sun 08/03/2014 at 21:02:39.92 ======================
 

The contents of checkup.txt:

 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
 Avira successfully updated! 
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 windows defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log``````````````````````
 
 
And finally, the results of OTL's quick scan - OTL.Txt:
 

OTL logfile created on: 8/3/2014 9:16:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jessica\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.92 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 74.66% Memory free
11.83 Gb Paging File | 10.26 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 160.98 Gb Free Space | 38.16% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 25.95 Gb Free Space | 89.49% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/07/22 11:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
PRC - [2014/07/03 11:36:25 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/07/03 11:36:17 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/07/03 11:36:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/12/26 19:42:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/04/09 19:37:50 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2012/04/09 19:34:35 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012/02/26 23:58:14 | 000,041,304 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/04 21:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/01/19 06:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/09 19:37:50 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2012/04/09 19:34:34 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012/02/26 23:57:52 | 000,249,688 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
MOD - [2012/02/26 23:57:36 | 000,241,496 | ---- | M] () -- C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
MOD - [2010/11/11 06:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/11/11 06:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 23:58:04 | 000,082,264 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:32:18 | 000,994,064 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2011/07/27 17:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 16:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 16:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/02/15 08:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2014/07/03 11:36:25 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/07/03 11:36:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/26 19:42:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/13 00:53:54 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/20 06:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 06:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/03 11:36:17 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/05/27 06:42:47 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/26 19:42:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/10/07 09:11:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/05 18:11:18 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/06/08 12:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/06/08 12:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/06/02 02:25:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/09 19:49:57 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/04/09 19:49:55 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/04/09 19:36:22 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/04/09 19:36:22 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 23:58:02 | 000,032,600 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2012/02/26 23:58:02 | 000,027,992 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2012/02/26 23:58:00 | 000,032,600 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2012/02/26 23:58:00 | 000,022,360 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2011/09/28 23:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/28 23:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 13:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/18 04:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/15 02:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/02/15 02:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/02/15 02:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/02/15 02:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/02/15 02:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/02/14 09:50:02 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/12/22 08:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/04 21:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 01:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 18:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ng}&rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013/02/01 21:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: AdBlock = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.9_0\
CHR - Extension: Gestures for Google Chromeâ„¢ = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0\
CHR - Extension: Auto Replay for YouTubeâ„¢ = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.35_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.3.0_0\
CHR - Extension: Google Wallet = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Akari URL Shortener = C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofmmbnabogmjpbdniiifakjplajbpok\1.22_0\
 
O1 HOSTS File: ([2013/02/15 01:48:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [WTClient] C:\windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://labo.erinn.bi...012.04.25.0.cab (MabinogiWebAvatarRenderer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4A37F62-3751-4FDB-8CC0-85440B10321D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bfb19f09-ac77-11e1-82bd-c01885ec8803}\Shell - "" = AutoRun
O33 - MountPoints2\{bfb19f09-ac77-11e1-82bd-c01885ec8803}\Shell\AutoRun\command - "" = E:\autorun.exe -auto
O33 - MountPoints2\{bfb19f0f-ac77-11e1-82bd-c01885ec8803}\Shell - "" = AutoRun
O33 - MountPoints2\{bfb19f0f-ac77-11e1-82bd-c01885ec8803}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/03 20:45:37 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/08/03 20:23:59 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Jessica\Desktop\JRT.exe
[2014/08/03 20:08:05 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/08/03 20:07:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/03 19:16:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/26 00:56:27 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\code.client.msg.error.7
[2014/07/26 00:51:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2014/07/26 00:51:13 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\EA Games
[2014/07/26 00:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
[2014/07/24 00:36:45 | 000,000,000 | -HSD | C] -- C:\Users\Jessica\AppData\Local\EmieUserList
[2014/07/24 00:36:45 | 000,000,000 | -HSD | C] -- C:\Users\Jessica\AppData\Local\EmieSiteList
[2014/07/22 11:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2014/07/22 04:23:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\NV
[2014/07/22 04:23:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\NV
[2014/07/10 23:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/07/08 02:54:24 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/08 02:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/08 02:53:23 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/07/08 02:53:23 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/07/08 02:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/14 21:24:56 | 000,607,664 | ---- | C] (Neople inc) -- C:\Users\Jessica\AppData\Local\DFOIns.exe
[2014/05/14 18:30:16 | 000,477,104 | ---- | C] (Neople inc) -- C:\Users\Jessica\AppData\Local\NeopleCustomURLStarter.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/03 21:19:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/03 21:09:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001UA.job
[2014/08/03 21:05:18 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/03 21:05:18 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/03 21:05:05 | 000,854,410 | ---- | M] () -- C:\Users\Jessica\Desktop\SecurityCheck.exe
[2014/08/03 21:03:18 | 000,783,360 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/03 21:03:18 | 000,663,086 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/03 21:03:18 | 000,122,664 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/03 21:02:53 | 000,230,465 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/08/03 21:02:18 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/03 20:57:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/03 20:57:20 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/03 20:54:55 | 018,909,274 | ---- | M] () -- C:\windows\repository.backup
[2014/08/03 20:45:37 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe
[2014/08/03 20:44:30 | 001,288,704 | ---- | M] () -- C:\Users\Jessica\Desktop\zoek.exe
[2014/08/03 20:24:03 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Jessica\Desktop\JRT.exe
[2014/08/03 20:09:00 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001Core.job
[2014/08/03 20:06:08 | 001,361,309 | ---- | M] () -- C:\Users\Jessica\Desktop\AdwCleaner.exe
[2014/08/03 10:23:16 | 000,001,182 | ---- | M] () -- C:\Users\Jessica\Desktop\ Mabinogi .lnk
[2014/07/30 20:59:05 | 000,067,093 | ---- | M] () -- C:\Users\Jessica\Desktop\0eda350e81c3e25a533ebafa589c6ff5.jpg
[2014/07/26 00:34:52 | 000,001,682 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
[2014/07/22 11:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2014/07/22 04:30:40 | 000,324,240 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/22 03:48:06 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/21 23:26:45 | 000,007,609 | ---- | M] () -- C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
[2014/07/17 14:22:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/08 05:36:45 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2014/07/08 02:53:27 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2014/08/03 21:05:02 | 000,854,410 | ---- | C] () -- C:\Users\Jessica\Desktop\SecurityCheck.exe
[2014/08/03 20:55:29 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe
[2014/08/03 20:54:53 | 018,909,274 | ---- | C] () -- C:\windows\repository.backup
[2014/08/03 20:44:28 | 001,288,704 | ---- | C] () -- C:\Users\Jessica\Desktop\zoek.exe
[2014/08/03 20:06:04 | 001,361,309 | ---- | C] () -- C:\Users\Jessica\Desktop\AdwCleaner.exe
[2014/07/30 20:59:04 | 000,067,093 | ---- | C] () -- C:\Users\Jessica\Desktop\0eda350e81c3e25a533ebafa589c6ff5.jpg
[2014/07/26 00:34:52 | 000,001,682 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/01/28 20:21:50 | 000,001,401 | ---- | C] () -- C:\windows\Tablet10000x6250M.ini
[2013/11/14 04:21:08 | 000,000,218 | ---- | C] () -- C:\Users\Jessica\.recently-used.xbel
[2013/03/18 01:48:04 | 000,344,472 | ---- | C] () -- C:\windows\SetupX32.EXE
[2013/02/12 13:12:01 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-JESSICA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/12/14 03:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/12/14 03:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/11/02 18:04:13 | 000,007,609 | ---- | C] () -- C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
[2012/09/02 15:54:02 | 000,775,974 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/03 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\.purple
[2013/04/13 00:14:18 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Braid
[2012/06/02 02:32:48 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\DAEMON Tools Pro
[2014/02/04 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Dropbox
[2013/12/05 23:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Foxit Software
[2012/11/13 23:27:29 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\gtk-2.0
[2012/09/11 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\LibreOffice
[2012/06/21 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\LolClient
[2014/07/18 03:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Mumble
[2012/06/06 23:50:02 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ooVoo Details
[2013/10/13 01:32:27 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Origin
[2013/06/30 01:33:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\puush
[2014/03/23 19:09:46 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\qBittorrent
[2013/08/22 02:31:48 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\SoftGrid Client
[2014/01/29 04:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\SYSTEMAX Software Development
[2012/09/09 23:23:38 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\TP
[2013/04/24 16:53:50 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
 

 

 

 

EDIT: Tonight Avira Free Antivirus detected zoek.exe as "HEUR/APC (Cloud)" and requested to move to quarantine. Since this is a program you recommended I declined, but thought I would mention it.


Edited by Sonnet29, 04 August 2014 - 02:39 AM.

  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

Let's work through the information and see what we've got.

 

On 7/21/14 Avira Free Antivirus blocked and quarantined 16+ instances of TR/Swrort.A.10259. I think these were in Chrome. During this time, Chrome ultimately became unresponsive. I think I had around that many tabs open, but I can't check. After a force close, I found that the Chrome.exe had been renamed (to either chrome_new or new_chrome), I'm assuming as a result of Avira quarantining the infected items.

I am by no means a Chrome expert. That said, there are a number of threads that talk about Chrome.exe being renamed to New_Chrome. Sometimes it is due to Chrome being used by the same account holder on portable versions of Chrome or Chromium (Linux). Does this apply to you? Also, this could be part of an adware sometimes it is called Hyper - Browser/Hyper - Browser Runner that has the not-so-nice feature of re-naming Chrome.

 

Just so you know, we do have an area of the board devoted to Chrome and other Browsers. You could aways post a quesiton there. They are an excellent group of technicians!

During and after this, I started to occasionally hear a strange whirring/grinding noise in a certain part of my laptop. My laptop also seemed to start running slowly. I have never heard my laptop make this noise before. It is a Lenovo Z570, and the noise occurred in the bottom left corner. Is it possible that something was being remotely accessed? In specific, could my web camera have been accessed without the light switching on to signify this? Is there any way to check if such items were remotely accessed, or anything else? These are my concerns.

Always a disconcerting feeling when one hears odd sounds coming from the machine. My first throughts go to a fan on it's way to non-functioning followed by the dreaded Hard Disk failure. I would hurry to Back Up my needed information (which you should always be doing). As to whether someone or something be accessing your machine? Absent "hand on" forensics, I'd only be guessing. Could your machine have been accessed? Can the camera "turn on" by external means? Both of these are possibilities, but not highly probable. There was a recent piece of malware that turned on cameras remotely, however, this was not something that effected millions and millions. My opinion (and it's just an opinion), if you use good security measures while computing (encryption as appropriate, A/V, surf responsibily, careful with email/attachments, etc. you will be in the best possible shape. I liken it to Home Security. You don't need to fortify your home like Ft. Knox, just enough so that the bad guy gets discouraged and moves on to a house with simpler entre'. That said, I have friends that keep a Post-It note over their PC camera until they need to use it. Paranoid? Maybe, but, you have to do whatever makes you comfortable. Again, my opinion on the noise...I'd thinking failing fan or hard drive, not remote access.

As a follow up after the Chrome items were quarantined, I returned Chrome's filename to Chrome.exe. I installed Windows updates, and then did a scan with Malwarebytes Anti-Malware and Avira Free Antivirus. No malicious items were found. Avira detected 2935 hidden objects which seemed an unusually high number though I'm not sure if that information is helpful.

Without actually looking at each item, it would be hard to say. However, it might just be simple stuff like Tracking Cookies, etc.

I'm not sure how I got this virus as I was not browsing any sites known to be dangerous, and they were all sites that I visit on a daily basis. If it would be helpful I could try to pick out from my history which tabs I had open exactly. I also have not downloaded anything recently.

Sadly, the more innocent sites pick up malware too. Certainly not like the nastier sites.

 

Now, down to the business at hand. Since the OTL fix stalled, I'd like to scan with a different tool. Here are instructions.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

#7
Sonnet29

Sonnet29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hey Biscuithd,

 

I don't use portable versions of Chrome or Chromium. As for the sound I heard, I have not heard my laptop make an alarming noise since then, so I'd like to think I'm in the clear as far as a failing hard drive or fan... are there diagnostic tests I can run to check? And, in the future I will definitely poke the browser forums if I have questions! In regards to all else, I do try to follow good security measures and will definitely continue to. I also almost always have a paper over my webcam and I don't think it's paranoid at all - just this one time I didn't and was a little scared.

 

On to the Farbar scan, here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Jessica (administrator) on JESSICA-PC on 04-08-2014 15:40:04
Running from C:\Users\Jessica\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NEXON KOREA) C:\Nexon\Mabinogi\Client.exe
() C:\Nexon\Mabinogi\NexonGuard\NGAuth.bin
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Jessica\AppData\Roaming\Google\Google Talk\googletalk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Jessica\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-09] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-09] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [159744 2012-08-19] (IvoSoft)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-09] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WTClient] => C:\windows\SysWOW64\WTClient.exe [41304 2012-02-26] (Tablet Driver)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-80063314-2414172027-2873710408-1001\...\Run: [Google Update] => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.)
HKU\S-1-5-21-80063314-2414172027-2873710408-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe
HKU\S-1-5-21-80063314-2414172027-2873710408-1001\...\MountPoints2: {bfb19f09-ac77-11e1-82bd-c01885ec8803} - E:\autorun.exe -auto
HKU\S-1-5-21-80063314-2414172027-2873710408-1001\...\MountPoints2: {bfb19f0f-ac77-11e1-82bd-c01885ec8803} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...ng}&rlz=1I7LENN
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://labo.erinn.bi...012.04.25.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jessica\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jessica\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2012-06-02]
CHR Extension: (AdBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-06-02]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2013-01-22]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2012-06-07]
CHR Extension: (FastestFox for Chrome) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2012-06-02]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Akari URL Shortener) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofmmbnabogmjpbdniiifakjplajbpok [2013-11-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-08-13] (BioWare)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [994064 2011-07-27] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-02] (DT Soft Ltd)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
R3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 IAStorDataMgrSvc; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 Oasis2Service; 
U2 PCCarerServic; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SoftwareService; 
U2 Stereo Service; 
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 15:40 - 2014-08-04 15:40 - 00022808 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-08-04 15:39 - 2014-08-04 15:40 - 00000000 ____D () C:\FRST
2014-08-04 15:38 - 2014-08-04 15:38 - 02094080 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-08-03 21:40 - 2014-08-03 21:40 - 00000000 ____D () C:\Users\Jessica\Documentscode.client.directory.cache
2014-08-03 21:05 - 2014-08-03 21:05 - 00854410 _____ () C:\Users\Jessica\Desktop\SecurityCheck.exe
2014-08-03 20:55 - 2014-08-03 20:45 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-08-03 20:54 - 2014-08-03 21:02 - 00001278 _____ () C:\zoek-results.log
2014-08-03 20:54 - 2014-08-03 20:54 - 18909274 _____ () C:\windows\repository.backup
2014-08-03 20:45 - 2014-08-03 20:45 - 00000000 ____D () C:\zoek_backup
2014-08-03 20:44 - 2014-08-03 20:44 - 01288704 _____ () C:\Users\Jessica\Desktop\zoek.exe
2014-08-03 20:33 - 2014-08-03 20:33 - 00006838 _____ () C:\Users\Jessica\Desktop\JRT.txt
2014-08-03 20:23 - 2014-08-03 20:24 - 01016261 _____ (Thisisu) C:\Users\Jessica\Desktop\JRT.exe
2014-08-03 20:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-03 20:07 - 2014-08-03 20:13 - 00000000 ____D () C:\AdwCleaner
2014-08-03 20:06 - 2014-08-03 20:06 - 01361309 _____ () C:\Users\Jessica\Desktop\AdwCleaner.exe
2014-08-03 19:16 - 2014-08-03 19:16 - 00000000 ____D () C:\_OTL
2014-07-29 23:36 - 2014-07-29 23:36 - 00030235 _____ () C:\Users\Jessica\Downloads\image (1).jpeg
2014-07-29 23:34 - 2014-07-29 23:35 - 00030235 _____ () C:\Users\Jessica\Downloads\image.jpeg
2014-07-29 18:13 - 2014-07-29 18:13 - 00032818 _____ () C:\Users\Jessica\Downloads\basic-life-truth-growing-up-sucks-roll-dubs-to-stay-75cde9-4156187
2014-07-26 00:56 - 2014-07-26 00:56 - 00000000 ____D () C:\Users\Jessica\Documents\code.client.msg.error.7
2014-07-26 00:51 - 2014-07-26 00:51 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-07-26 00:51 - 2014-07-26 00:51 - 00000000 ____D () C:\Users\Jessica\Documents\EA Games
2014-07-26 00:34 - 2014-07-26 00:34 - 00001682 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2014-07-26 00:34 - 2014-07-26 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-07-24 00:36 - 2014-07-24 00:36 - 00000000 __SHD () C:\Users\Jessica\AppData\Local\EmieUserList
2014-07-24 00:36 - 2014-07-24 00:36 - 00000000 __SHD () C:\Users\Jessica\AppData\Local\EmieSiteList
2014-07-23 02:39 - 2014-07-23 02:39 - 00061006 _____ () C:\Users\Jessica\Desktop\Extras.Txt
2014-07-23 02:38 - 2014-08-03 21:21 - 00092556 _____ () C:\Users\Jessica\Desktop\OTL.Txt
2014-07-22 11:22 - 2014-07-22 11:23 - 00602112 _____ (OldTimer Tools) C:\Users\Jessica\Desktop\OTL.exe
2014-07-22 04:24 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-22 04:24 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-22 04:24 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-22 04:24 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-22 04:24 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-22 04:24 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-22 04:24 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-22 04:24 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-07-22 04:24 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-07-22 04:24 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-07-22 04:24 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-22 04:24 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-22 04:24 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-07-22 04:24 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-22 04:24 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-07-22 04:24 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-07-22 04:24 - 2013-10-01 16:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-22 04:24 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-07-22 04:23 - 2014-07-22 04:33 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-07-22 04:23 - 2014-07-22 04:33 - 00000000 ____D () C:\windows\system32\NV
2014-07-22 04:14 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-22 04:14 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-22 04:14 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-22 04:14 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-22 04:14 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-22 04:14 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-22 04:14 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-22 04:14 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-22 04:14 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-22 04:14 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-22 04:14 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-22 04:14 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-22 04:14 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-22 04:14 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-22 04:14 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-22 04:14 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-22 04:14 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-22 04:14 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-22 04:14 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-22 04:14 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-07-22 04:14 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-22 04:14 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-07-22 04:14 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-07-22 04:14 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-07-22 04:14 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-07-22 04:14 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-07-22 04:14 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-07-22 04:14 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-07-22 04:14 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-07-22 04:14 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-07-22 04:14 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-07-22 04:14 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-07-22 04:14 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-07-22 04:14 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-07-22 04:14 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-07-22 04:13 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-22 04:13 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-22 04:13 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-22 04:13 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-22 04:13 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-22 04:13 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-22 04:13 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-22 04:13 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-22 04:13 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-22 04:13 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-22 04:13 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-22 04:13 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-22 04:13 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-22 04:13 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-22 04:13 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-22 04:13 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-22 04:13 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-22 04:13 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-22 04:13 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-22 04:13 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-22 04:13 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-22 04:13 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-22 04:13 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-22 04:13 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-22 04:13 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-22 04:13 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-22 04:13 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-22 04:13 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-22 04:13 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-22 04:13 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-22 04:13 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-22 04:13 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-22 04:13 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-22 04:13 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-22 04:13 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-22 04:13 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-22 04:13 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-22 04:13 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-22 04:13 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-22 04:13 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-22 04:13 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-22 04:13 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-22 04:13 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-22 04:13 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-22 04:13 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-22 04:13 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-22 04:13 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-22 04:13 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-22 04:13 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-22 04:13 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-22 04:13 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-22 04:13 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-22 04:13 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-22 04:13 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-22 04:13 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-22 04:13 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-22 04:13 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-22 04:13 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-22 04:13 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-22 04:13 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-22 04:12 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-22 04:12 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-08 02:54 - 2014-07-22 03:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 02:53 - 2014-07-08 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 02:53 - 2014-07-08 02:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 02:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-08 02:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 15:40 - 2014-08-04 15:40 - 00022808 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-08-04 15:40 - 2014-08-04 15:39 - 00000000 ____D () C:\FRST
2014-08-04 15:38 - 2014-08-04 15:38 - 02094080 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-08-04 15:20 - 2012-04-09 19:45 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 15:10 - 2012-07-03 13:01 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001UA.job
2014-08-04 14:09 - 2012-06-08 04:58 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\.purple
2014-08-04 07:00 - 2012-04-09 18:54 - 01189239 _____ () C:\windows\WindowsUpdate.log
2014-08-04 04:19 - 2012-04-09 19:45 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 21:40 - 2014-08-03 21:40 - 00000000 ____D () C:\Users\Jessica\Documentscode.client.directory.cache
2014-08-03 21:40 - 2014-03-03 19:36 - 00001182 _____ () C:\Users\Jessica\Desktop\ Mabinogi .lnk
2014-08-03 21:40 - 2012-06-01 07:55 - 00000000 ____D () C:\Users\Jessica
2014-08-03 21:38 - 2009-07-14 00:51 - 00138625 _____ () C:\windows\setupact.log
2014-08-03 21:21 - 2014-07-23 02:38 - 00092556 _____ () C:\Users\Jessica\Desktop\OTL.Txt
2014-08-03 21:05 - 2014-08-03 21:05 - 00854410 _____ () C:\Users\Jessica\Desktop\SecurityCheck.exe
2014-08-03 21:05 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 21:05 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 21:03 - 2009-07-14 01:13 - 00783360 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-03 21:02 - 2014-08-03 20:54 - 00001278 _____ () C:\zoek-results.log
2014-08-03 21:02 - 2012-04-09 19:36 - 00230465 _____ () C:\windows\system32\fastboot.set
2014-08-03 21:02 - 2012-04-09 19:34 - 01746279 _____ () C:\FaceProv.log
2014-08-03 21:02 - 2012-04-09 19:34 - 00000000 ____D () C:\ProgramData\VeriFace
2014-08-03 20:57 - 2010-11-20 23:47 - 03445380 _____ () C:\windows\PFRO.log
2014-08-03 20:57 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-03 20:54 - 2014-08-03 20:54 - 18909274 _____ () C:\windows\repository.backup
2014-08-03 20:45 - 2014-08-03 20:55 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-08-03 20:45 - 2014-08-03 20:45 - 00000000 ____D () C:\zoek_backup
2014-08-03 20:44 - 2014-08-03 20:44 - 01288704 _____ () C:\Users\Jessica\Desktop\zoek.exe
2014-08-03 20:33 - 2014-08-03 20:33 - 00006838 _____ () C:\Users\Jessica\Desktop\JRT.txt
2014-08-03 20:24 - 2014-08-03 20:23 - 01016261 _____ (Thisisu) C:\Users\Jessica\Desktop\JRT.exe
2014-08-03 20:13 - 2014-08-03 20:07 - 00000000 ____D () C:\AdwCleaner
2014-08-03 20:09 - 2012-07-03 13:01 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001Core.job
2014-08-03 20:06 - 2014-08-03 20:06 - 01361309 _____ () C:\Users\Jessica\Desktop\AdwCleaner.exe
2014-08-03 19:16 - 2014-08-03 19:16 - 00000000 ____D () C:\_OTL
2014-08-03 01:00 - 2012-08-24 04:46 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Skype
2014-07-29 23:36 - 2014-07-29 23:36 - 00030235 _____ () C:\Users\Jessica\Downloads\image (1).jpeg
2014-07-29 23:35 - 2014-07-29 23:34 - 00030235 _____ () C:\Users\Jessica\Downloads\image.jpeg
2014-07-29 18:13 - 2014-07-29 18:13 - 00032818 _____ () C:\Users\Jessica\Downloads\basic-life-truth-growing-up-sucks-roll-dubs-to-stay-75cde9-4156187
2014-07-29 02:47 - 2013-02-20 22:40 - 00000000 ____D () C:\Users\Jessica\Documents\Youcam
2014-07-26 00:56 - 2014-07-26 00:56 - 00000000 ____D () C:\Users\Jessica\Documents\code.client.msg.error.7
2014-07-26 00:51 - 2014-07-26 00:51 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2014-07-26 00:51 - 2014-07-26 00:51 - 00000000 ____D () C:\Users\Jessica\Documents\EA Games
2014-07-26 00:34 - 2014-07-26 00:34 - 00001682 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk
2014-07-26 00:34 - 2014-07-26 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-07-26 00:34 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-25 23:49 - 2013-10-12 16:43 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-25 23:48 - 2013-10-12 16:41 - 00000000 ____D () C:\ProgramData\Origin
2014-07-25 23:47 - 2013-10-12 16:41 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-24 00:36 - 2014-07-24 00:36 - 00000000 __SHD () C:\Users\Jessica\AppData\Local\EmieUserList
2014-07-24 00:36 - 2014-07-24 00:36 - 00000000 __SHD () C:\Users\Jessica\AppData\Local\EmieSiteList
2014-07-23 10:52 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-07-23 02:39 - 2014-07-23 02:39 - 00061006 _____ () C:\Users\Jessica\Desktop\Extras.Txt
2014-07-22 11:23 - 2014-07-22 11:22 - 00602112 _____ (OldTimer Tools) C:\Users\Jessica\Desktop\OTL.exe
2014-07-22 05:04 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-22 04:33 - 2014-07-22 04:23 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-07-22 04:33 - 2014-07-22 04:23 - 00000000 ____D () C:\windows\system32\NV
2014-07-22 04:30 - 2009-07-14 00:45 - 00324240 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-22 04:28 - 2014-06-03 03:17 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-22 04:28 - 2011-09-28 23:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-22 04:28 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-22 04:28 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-22 04:28 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-07-22 04:23 - 2012-04-09 19:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 04:21 - 2012-04-09 19:04 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-22 04:18 - 2013-08-05 03:05 - 00000000 ____D () C:\windows\system32\MRT
2014-07-22 03:48 - 2014-07-08 02:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 23:26 - 2012-11-02 18:04 - 00007609 _____ () C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
2014-07-21 22:54 - 2014-03-21 19:57 - 00000000 ____D () C:\Users\Jessica\Desktop\KILL la KILL Bonus CD Vol.1 (Vocal Rearrange & Soundtrack Remix)
2014-07-21 22:27 - 2012-04-09 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 03:11 - 2013-01-05 23:14 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Mumble
2014-07-17 14:22 - 2012-04-09 19:46 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 04:29 - 2014-01-29 22:10 - 00000000 ____D () C:\Users\Jessica\Desktop\PaintTool SAI English Pack
2014-07-10 23:38 - 2013-05-27 23:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-10 23:38 - 2012-08-24 04:46 - 00000000 ____D () C:\ProgramData\Skype
2014-07-08 05:36 - 2013-08-05 17:45 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-07-08 02:53 - 2014-07-08 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 02:53 - 2014-07-08 02:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 02:53 - 2013-01-31 22:00 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 02:53 - 2013-01-31 22:00 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Malwarebytes
2014-07-08 02:53 - 2013-01-31 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
 
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\avgnt.exe
C:\Users\Jessica\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Jessica\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Jessica\AppData\Local\Temp\Quarantine.exe
C:\Users\Jessica\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jessica\AppData\Local\Temp\VSUSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-22 02:43
 
==================== End Of Log ============================
 
And Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Jessica at 2014-08-04 15:40:56
Running from C:\Users\Jessica\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
Blood Bowl: Legendary Edition (HKLM-x32\...\Steam App 58520) (Version:  - Cyanide Studios)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None, Inc.)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version:  - Focus Home Interactive)
Classic Shell (HKLM\...\{DC45D291-769A-4608-A688-77E6DBC03498}) (Version: 3.6.1 - IvoSoft)
Combined Community Codec Pack 2013-10-17 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.10.17.0 - CCCP Project)
Confrontation (HKLM-x32\...\Steam App 204560) (Version:  - Cyanide Studios)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version:  - Larian Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Dungeon Fighter Online (HKLM-x32\...\DFO) (Version:  - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Game of Thrones  (HKLM-x32\...\Steam App 208730) (Version:  - Cyanide Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Home (HKLM-x32\...\Steam App 215670) (Version:  - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
LibreOffice 3.6 (HKLM-x32\...\{C2F438B6-7010-453B-93EC-B2FC053AA97B}) (Version: 3.6.1.2 - The Document Foundation)
Mabinogi (HKLM-x32\...\Mabinogi) (Version:  - devCAT)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA Control Panel 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
qBittorrent 3.1.9 (HKLM-x32\...\qbittorrent) (Version: 3.1.9 - The qBittorrent project)
RAW - Realms of Ancient War (HKLM-x32\...\Steam App 209730) (Version:  - Wizarbox)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - )
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version:  - Frogwares)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.5.1 - Tweaking.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo)
Wargame: European Escalation (HKLM-x32\...\Steam App 58610) (Version:  - Eugen Systems)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
CustomCLSID: HKU\S-1-5-21-80063314-2414172027-2873710408-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
20-07-2014 06:46:51 Windows Update
22-07-2014 07:58:29 Removed Java 7 Update 55
22-07-2014 08:15:03 Windows Update
03-08-2014 07:09:30 Scheduled Checkpoint
03-08-2014 08:54:39 Windows Update
03-08-2014 23:16:43 OTL Restore Point - 8/3/2014 7:16:42 PM
03-08-2014 23:42:11 OTL Restore Point - 8/3/2014 7:42:08 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-02-15 01:48 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3A7C803E-52CF-457C-B565-CEC67FB7835E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001Core => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {66501FD1-D045-4F49-AAD9-D6528255E5EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001UA => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {9AB5B440-D87B-4592-B41D-F9B057FB469D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09] (Google Inc.)
Task: {D5ADA38E-BAD3-496F-A735-DE02E45BE28B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {FC1CFAA7-C851-4EB0-974F-E7376EADDBCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001Core.job => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80063314-2414172027-2873710408-1001UA.job => C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-04-09 19:05 - 2013-10-28 19:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-11 06:42 - 2010-11-11 06:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 06:44 - 2010-11-11 06:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-04-09 19:34 - 2012-04-09 19:34 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2011-02-15 08:26 - 2011-02-15 08:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2012-04-09 19:34 - 2012-04-09 19:34 - 00622592 _____ () C:\windows\system32\SimpleExt.dll
2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2008-12-19 23:20 - 2012-04-09 19:49 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 23:20 - 2012-04-09 19:49 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-04-13 23:01 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-09 19:37 - 2012-04-09 19:37 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2013-12-06 20:42 - 2014-03-08 19:45 - 00169768 _____ () C:\Nexon\Mabinogi\NexonGuard\NGAuth.bin
2012-02-26 23:58 - 2012-02-26 23:58 - 00301912 _____ () C:\windows\system32\WinTab32.DLL
2010-11-11 06:38 - 2010-11-11 06:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 06:39 - 2010-11-11 06:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-04-09 19:34 - 2012-04-09 19:34 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-02-26 23:57 - 2012-02-26 23:57 - 00249688 _____ () C:\Windows\SysWOW64\WinTab32.DLL
2012-02-26 23:57 - 2012-02-26 23:57 - 00241496 _____ () C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2013-02-16 01:28 - 2013-02-16 01:28 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2013-02-16 01:28 - 2013-02-16 01:28 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2013-02-16 01:28 - 2013-02-16 01:28 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2013-02-16 01:28 - 2013-02-16 01:28 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2013-02-16 01:28 - 2013-02-16 01:28 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2013-02-16 01:28 - 2013-02-16 01:28 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2013-02-16 01:28 - 2013-02-16 01:28 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2014-07-17 14:22 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 14:22 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 14:22 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 14:22 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 14:22 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: googletalk => C:\Users\Jessica\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/03/2014 08:55:47 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
 
 
System errors:
=============
Error: (08/03/2014 08:57:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (08/03/2014 08:55:47 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 78%
Total physical RAM: 6058.14 MB
Available physical RAM: 1285.79 MB
Total Pagefile: 12114.46 MB
Available Pagefile: 6688.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:160.46 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:25.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 711436F8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================

  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Ok, here's the point where I start to get preachy ;)  You have Peer-to-Peer software running on your computer in the form of qTorrent. Briefly, it exposes you to a myriad of vulnerabilities as well as exhausts valuable system resources. You can read my canned information below.

 

I would highly recommend uninstalling that software.

 

 

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

 

Ok, sermon finished. How is the computer working now? if things are good, I've got two more scans for you. If not, let's get those issues handled.


  • 0

#9
Sonnet29

Sonnet29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hey Biscuithd,

 

I uninstalled qBittorent. After I moved my boyfriend downloaded it to get something once, I think it was a one-time use for him. (Last time I came here I also ended up uninstalling my torrent program, and it stayed off until the move!) I don't like torrenting/downloading overall so I try to avoid it. I also don't find what you've said as preachy.

 

I think I only had that one torrent program, and it's gone, so I'm ready for any follow up scans. Things seem to be running smoothly. :)


  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Excellent news!

 

Ok, here's the next steps

 

We'll search for some remnants that might be hiding.
 
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update
 
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

MBAMsettings.JPG

 
  • Go back to the Dashboard and select Scan Now

MBAMScan.JPG

 
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

MBAMReboot.JPG

  
  • On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

MBAMLog.JPG

 
 
Please post that log for my review.

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
ESET x86 - minimal canned
ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

 

CryptoPrevent install this programme to lock down and prevent crypto ransom-ware. (This is really important!)

CryptoPrevent.JPG

 

Don't forget to post the logs for MBAM and ESET


  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi there,

 

I haven't heard from your for a bit, were you able to run the steps I listed in Post #9?

 

If you had issues running the scans, let me know so we can work them out.

 

If not, how is the computer running and do you have any concerns that we should be talking about? :)


  • 0

#12
Sonnet29

Sonnet29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Biscuithd,

 

Sorry again for the wait. I'm currently running Malwarebytes' scan, will follow up shortly tonight.


  • 0

#13
Sonnet29

Sonnet29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hello again, I ran both scans. It seems like your instructions included an ESET scan twice - was there anything different between the two mentions? I only noticed the difference in file path location for the scan file between the two. I also downloaded CryptoPrevent and selected to apply protection. Going to restart for that right after I submit this post.

 

Here is the MBAM scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/9/2014
Scan Time: 10:53:43 PM
Logfile: MBAM Scan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.10.01
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jessica
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325913
Time Elapsed: 15 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
And here is the ESET log:
 
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c3d3a25581cf984ba73b2780362e375a
# engine=13159
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-15 07:40:22
# local_time=2013-02-15 02:40:22 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 0 130642127 0 0
# compatibility_mode=5893 16776574 100 94 21975707 112457472 0 0
# scanned=135970
# found=12
# cleaned=0
# scan_time=5090
sh=D215983C4145701E3FF3425E504313F34097596B ft=1 fh=5a2aca858c2c2c51 vn="a variant of Win32/Packed.Themida application" ac=I fn="C:\Nexon\Mabinogi\Client.exe.bak"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=261145D1AE47EE86F60E2A4B65A5FB3A56CD4057 ft=1 fh=ccde4a0ecc812467 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=B51642AFF56379C0A649C242C960BF102F0157CB ft=1 fh=3535796f1a0d48ee vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Jessica\Downloads\avira_free_antivirus_en.exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Jessica\Downloads\cbsidlm-tr1_10a-Foxit_Reader-SEO-10313206.exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Jessica\Downloads\cbsidlm-tr1_10a-PDFXChange_Viewer-SEO-10598377.exe"
sh=CAD7F5E8DA192D390EDA596ED2D5C4E0CB38E41C ft=1 fh=bb1f3b8ffd9a710e vn="a variant of Win32/InstallCore.D application" ac=I fn="C:\Users\Jessica\Downloads\cnet2_revosetup_exe.exe"
sh=59D612F4689098E79E7B31C7F43EF78FAB38B022 ft=1 fh=a85d7198d11df5f4 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Jessica\Downloads\DAEMONToolsPro510-0333.exe"
sh=F53194FE335C1DF41F1BC945626206D3F844FA89 ft=1 fh=d05664838e1e7c7e vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Jessica\Downloads\FoxitReader545.0124_enu_Setup.exe"
sh=3B5FA247BC20BCE3FDF362C7D4E78A49C1CD56EB ft=1 fh=e0b4bd5a140dc59d vn="Win32/OpenCandy application" ac=I fn="C:\Users\Jessica\Downloads\Umineko No Naku Koro Ni + Chiru Episodes 1-8 VN\DTLite4453-0297.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c3d3a25581cf984ba73b2780362e375a
# engine=19581
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-10 05:38:23
# local_time=2014-08-10 01:38:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 0 152093281 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 159192553 0 0
# scanned=234704
# found=8
# cleaned=0
# scan_time=7202
sh=53293F2E2E3B1B6D03EADBF4204C686A484025E9 ft=1 fh=aa8817bd2024650e vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Nexon\Mabinogi\Pleione.dll"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=0E58E764B1C3B5E3BF80D1197867AD9AE9D70C28 ft=1 fh=ae594cf377a27902 vn="a variant of Win32/GameHack.F potentially unsafe application" ac=I fn="C:\Users\Jessica\Documents\Downloads\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.exe"
sh=C28C0CEF6F1C3A1CE673B0F4CDD73DDD5474604A ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application" ac=I fn="C:\Users\Jessica\Documents\Downloads\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.rar"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Keygen.GU potentially unsafe application" ac=I fn="C:\Users\Jessica\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso"
sh=9B229D45DAF8E42A9E5AB80B8A8F3C1DA28BE5D9 ft=1 fh=fc29e722f48e28ff vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI8246.tmp"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Temp\AskSLib.dll"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe"
 

Edited by Sonnet29, 10 August 2014 - 12:25 AM.

  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

This is looking quite good to me. :)

 

What's important is how does it look from your end? Is the machine running properly?


  • 0

#15
Sonnet29

Sonnet29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Things have been running very well! I haven't experienced any problems.


  • 0






Similar Topics


Also tagged with one or more of these keywords: trojan.swrort.a, chrome

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP