Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MBAM infected file detected


  • This topic is locked This topic is locked

#1
aaaa44

aaaa44

    Member

  • Member
  • PipPipPip
  • 103 posts

I downloaded a Youtube video downloading program, and after that my Internet homepage and default search engines changed from Firefox to Yahoo and then to Bing.  I think the program was "Youtube Video Downloader", but I'm not sure.

 

When I downloaded the program it also downloaded a couple other programs whose icons were then on my desktop and tray.

 

After downloading the program I ran MBAM and MBAM directed me to a page saying that it found and infection with instructions on how to restore browser shortcuts and start pages.  I deleted all the icons from the dowload both from my desktop and tray.  I changed my computer and Firefox settings and eventually got Firefox as my Internet start page and Google as my default search engine again. 

 

I ran MBAM again today and it found an infection that it quarantined.  Thanks for any replies.      


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
aaaa44

aaaa44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

When I tried to download Farbar I got this message:"Windows protected your PC.  Windows SmartScreen prevented an unrecognized app from starting..."  My o/s is W8.1.  I guess Defender stopped Farbar from downloading.  My antivirus software is AVG.


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,
Windows SmartScreen can be irritating at times. It actually blocks software that are safe to run.

Disable it for now and install Farber see Here on how to do that.

Sorry for delay here, work has been busy.

Thanks
Joe
  • 0

#5
aaaa44

aaaa44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-10-2015 01
Ran by Steve9697 (administrator) on LENOVO-PC (16-10-2015 00:10:19)
Running from C:\Users\Steve9697\Downloads
Loaded Profiles: Steve9697 (Available Profiles: Steve9697)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Pokki) C:\Users\Steve9697\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Pokki) C:\Users\Steve9697\AppData\Local\Pokki\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Steve9697\AppData\Local\Pokki\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Steve9697\AppData\Local\Pokki\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3778472 2015-10-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3177360 2015-10-05] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-07-26] (Ruiware)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F688769F-6A3C-44A1-B4D4-1F50E2E946BD}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F71F3517-C3E8-4CB5-AD56-081EE2EC6E92}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://lenovo13.msn.com/?pc=LCJB
hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={C3F74CC8-99BF-4C55-B912-E2F614A1B33F}&mid=cf7f00884b8a47d2a1e011769372a57a-e430d6d9335b746559a7e0ea3c233e391f2628d2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-12 10:47:14&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {A4A33017-9042-4A4D-8471-96CF3E1A2F6E} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-10-05] (AVG)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-10-05] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  => No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-02-25] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\ucvuhand.default
FF DefaultSearchEngine: Web Search
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Web Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1307137307-3646667384-4218071605-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Steve9697\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-27] (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-05]
FF Extension: Garmin Communicator - C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\ucvuhand.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-02]
FF Extension: Adblock Plus - C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\ucvuhand.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://homepage-web.com/?s=lenovo&m=home
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=lenovo&m=start"
CHR DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
CHR DefaultSearchKeyword: Default -> homepage-web.com
CHR Profile: C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-02]
CHR Extension: (Google Docs) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-02]
CHR Extension: (Google Drive) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-02]
CHR Extension: (YouTube) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-02]
CHR Extension: (Google Search) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-02]
CHR Extension: (Google Sheets) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
CHR Extension: (Gmail) - C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-02]
CHR HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-05] (AVG Technologies CZ, s.r.o.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-04-27] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [99936 2006-11-10] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-26] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-10-05] (AVG Secure Search)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-05] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314800 2015-10-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-20] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-10-07] (SlimWare Utilities, Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 00:10 - 2015-10-16 00:11 - 00020170 _____ C:\Users\Steve9697\Downloads\FRST.txt
2015-10-16 00:05 - 2015-10-16 00:05 - 00000000 ____D C:\Users\Steve9697\Downloads\FRST-OlderVersion
2015-10-16 00:04 - 2015-10-16 00:10 - 00000000 ____D C:\FRST
2015-10-16 00:03 - 2015-10-16 00:03 - 02196480 _____ (Farbar) C:\Users\Steve9697\Desktop\FRST64.exe.part
2015-10-15 12:50 - 2015-10-15 23:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 10:53 - 2015-10-16 00:05 - 02196480 _____ (Farbar) C:\Users\Steve9697\Downloads\FRST64.exe
2015-10-14 11:29 - 2015-10-14 11:29 - 00001197 _____ C:\Users\Steve9697\Desktop\mbam.txt
2015-10-14 05:21 - 2015-09-29 05:31 - 07457624 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-10-14 05:21 - 2015-09-29 05:31 - 01658536 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-14 05:21 - 2015-09-29 05:31 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-10-14 05:21 - 2015-09-29 05:31 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-10-14 05:21 - 2015-09-29 05:31 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-10-14 05:21 - 2015-09-24 09:42 - 00348672 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2015-10-14 05:21 - 2015-09-24 09:40 - 00737280 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2015-10-14 05:21 - 2015-08-26 19:43 - 22372152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-14 05:21 - 2015-08-26 19:42 - 19795904 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-14 05:21 - 2015-08-07 14:40 - 01736520 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-10-14 05:21 - 2015-08-07 14:40 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-10-14 05:19 - 2015-09-10 11:02 - 25851392 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-14 05:19 - 2015-09-10 10:19 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-14 05:19 - 2015-09-10 10:18 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-14 05:19 - 2015-09-10 10:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-10-14 05:19 - 2015-09-10 10:14 - 05990400 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-14 05:19 - 2015-09-10 10:09 - 20358144 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-14 05:19 - 2015-09-10 10:06 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-10-14 05:19 - 2015-09-10 10:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-14 05:19 - 2015-09-10 09:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-10-14 05:19 - 2015-09-10 09:39 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-14 05:19 - 2015-09-10 09:37 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-14 05:19 - 2015-09-10 09:37 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-10-14 05:19 - 2015-09-10 09:35 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-10-14 05:19 - 2015-09-10 09:33 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-14 05:19 - 2015-09-10 09:28 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-10-14 05:19 - 2015-09-10 09:28 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-10-14 05:19 - 2015-09-10 09:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-14 05:19 - 2015-09-10 09:24 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-14 05:19 - 2015-09-10 09:21 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-10-14 05:19 - 2015-09-10 09:19 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-14 05:19 - 2015-09-10 09:19 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-10-14 05:19 - 2015-09-10 09:19 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-10-14 05:19 - 2015-09-10 09:17 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-10-14 05:19 - 2015-09-10 09:17 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-14 05:19 - 2015-09-10 09:07 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-10-14 05:19 - 2015-09-10 09:05 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-14 05:19 - 2015-09-10 09:02 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-14 05:19 - 2015-09-10 09:01 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-10-14 05:19 - 2015-09-10 09:00 - 12853760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-14 05:19 - 2015-09-10 08:57 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-14 05:19 - 2015-09-10 08:57 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-10-14 05:19 - 2015-09-10 08:55 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-10-14 05:19 - 2015-09-10 08:55 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-14 05:19 - 2015-09-10 08:55 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-10-14 05:19 - 2015-09-10 08:45 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-14 05:19 - 2015-09-10 08:34 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-10-14 05:19 - 2015-09-10 08:31 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-14 05:19 - 2015-09-10 08:27 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-14 05:19 - 2015-09-10 08:26 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-10-14 05:18 - 2015-09-29 05:29 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-10-14 05:18 - 2015-09-28 11:45 - 03705344 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-10-14 05:18 - 2015-09-28 11:26 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-10-14 05:18 - 2015-09-28 11:25 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-10-14 05:18 - 2015-09-28 11:25 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-10-14 05:18 - 2015-09-28 11:25 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-10-14 05:18 - 2015-09-28 11:22 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-10-14 05:18 - 2015-09-28 11:22 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-10-14 05:18 - 2015-09-28 11:22 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-10-14 05:18 - 2015-09-28 11:15 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-10-14 05:18 - 2015-09-28 11:13 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-10-14 05:18 - 2015-09-28 11:12 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-10-13 12:36 - 2015-10-16 00:02 - 00001126 _____ C:\windows\setupact.log
2015-10-13 12:36 - 2015-10-13 12:36 - 00000000 _____ C:\windows\setuperr.log
2015-10-13 10:53 - 2015-10-16 00:02 - 00447030 _____ C:\windows\WindowsUpdate.log
2015-10-13 10:43 - 2015-10-13 10:43 - 00965043 _____ C:\Users\Steve9697\Desktop\bookmarks.html
2015-10-09 15:23 - 2015-10-09 15:23 - 00003256 _____ C:\windows\System32\Tasks\Pokki
2015-10-08 11:25 - 2015-10-08 12:08 - 00000000 ____D C:\Users\Steve9697\AppData\Roaming\Anvsoft
2015-10-08 11:25 - 2015-10-08 11:25 - 00001230 _____ C:\Users\Steve9697\Desktop\Any Video Converter.lnk
2015-10-08 11:25 - 2015-10-08 11:25 - 00000000 ____D C:\Users\Steve9697\Documents\Any Video Converter
2015-10-08 11:25 - 2015-10-08 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-10-08 11:25 - 2015-10-08 11:25 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2015-10-08 11:23 - 2015-10-08 11:24 - 37973920 _____ (Any-Video-Converter.com ) C:\Users\Steve9697\Downloads\avc-free.exe
2015-10-07 14:34 - 2015-10-07 14:34 - 00000000 _____ C:\Users\Steve9697\Downloads\FYTD_Setup_2.exe
2015-10-07 11:26 - 2015-10-07 11:27 - 06677440 _____ (Piriform Ltd) C:\Users\Steve9697\Downloads\ccsetup510(1).exe
2015-10-07 11:19 - 2015-10-15 11:19 - 00000374 _____ C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Steve9697).job
2015-10-07 11:19 - 2015-10-07 11:19 - 00003024 _____ C:\windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Steve9697)
2015-10-06 10:50 - 2015-10-07 11:19 - 00016056 _____ (SlimWare Utilities, Inc.) C:\windows\system32\Drivers\SWDUMon.sys
2015-10-06 10:50 - 2015-10-06 10:50 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-10-06 10:42 - 2015-10-06 10:42 - 00929872 _____ (Google Inc.) C:\Users\Steve9697\Downloads\ChromeSetup(2).exe
2015-10-05 12:45 - 2015-10-05 12:45 - 00000000 ____D C:\Users\Steve9697\AppData\Local\Apple Computer
2015-10-05 12:30 - 2015-10-07 11:38 - 00000000 ____D C:\Users\Steve9697\AppData\Roaming\DVDVideoSoft
2015-10-05 12:30 - 2015-10-07 11:33 - 00000000 ____D C:\Users\Steve9697\AppData\Local\MalwareProtectionLive
2015-10-05 12:29 - 2015-10-05 12:30 - 44834288 _____ (DVDVideoSoft Ltd. ) C:\Users\Steve9697\Downloads\FreeYouTubeDownload.exe
2015-10-05 11:14 - 2015-10-05 11:14 - 00314800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2015-09-30 12:03 - 2015-09-30 12:03 - 06677440 _____ (Piriform Ltd) C:\Users\Steve9697\Downloads\ccsetup510.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 00:00 - 2014-10-01 00:42 - 00000000 ____D C:\Users\Steve9697\AppData\Local\Pokki
2015-10-16 00:00 - 2013-08-22 08:36 - 00000000 ____D C:\windows\system32\sru
2015-10-15 23:57 - 2014-10-01 00:48 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1307137307-3646667384-4218071605-1001
2015-10-15 23:56 - 2014-10-01 00:46 - 00002154 _____ C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-10-15 23:53 - 2015-03-04 14:07 - 00000000 ___RD C:\Users\Steve9697\Google Drive
2015-10-15 23:53 - 2014-12-02 22:51 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-15 23:53 - 2014-10-16 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-15 23:52 - 2015-02-25 16:16 - 00000000 ____D C:\Users\Steve9697\OneDrive
2015-10-15 23:48 - 2013-08-22 08:20 - 00000000 ____D C:\windows\CbsTemp
2015-10-15 16:31 - 2014-12-02 22:51 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 15:44 - 2015-01-27 23:37 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-15 13:06 - 2014-10-16 14:01 - 00000000 ____D C:\ProgramData\MFAData
2015-10-15 12:41 - 2013-08-22 08:36 - 00000000 ____D C:\windows\rescache
2015-10-15 11:18 - 2014-11-12 12:08 - 00000000 ____D C:\windows\system32\MRT
2015-10-15 11:12 - 2014-11-12 12:08 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-10-15 10:32 - 2014-12-02 22:52 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-15 01:06 - 2013-08-22 06:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-10-15 00:33 - 2014-10-01 00:51 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{89EF1102-66E7-4EB6-A594-1EFDDFF5FBB9}
2015-10-15 00:23 - 2014-10-16 13:29 - 00008192 _____ C:\windows\SysWOW64\WDPABKP.dat
2015-10-15 00:23 - 2013-08-22 07:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-14 15:56 - 2013-08-22 06:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-10-14 15:54 - 2013-08-22 08:36 - 00000000 ___RD C:\windows\ToastData
2015-10-14 12:51 - 2014-10-23 11:34 - 00000000 ____D C:\Users\Steve9697\AppData\Roaming\Nitro PDF
2015-10-14 01:44 - 2015-01-27 23:37 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-14 00:26 - 2014-10-16 18:01 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-14 00:25 - 2014-10-16 18:01 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-14 00:25 - 2014-10-16 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-14 00:25 - 2014-10-16 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-13 11:13 - 2015-03-19 02:03 - 00000000 ____D C:\Users\Steve9697\AppData\Local\MetaGeek,_LLC
2015-10-13 10:39 - 2014-10-16 17:52 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-10-13 10:39 - 2014-05-26 11:35 - 00000000 ____D C:\ProgramData\Temp
2015-10-13 00:24 - 2015-01-22 09:54 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-09 22:41 - 2014-10-01 00:46 - 00002292 _____ C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-10-09 15:23 - 2014-10-01 00:46 - 00002594 _____ C:\Users\Steve9697\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-10-08 11:22 - 2013-08-22 08:36 - 00000000 ____D C:\windows\system32\NDF
2015-10-08 10:34 - 2014-10-16 14:04 - 00000992 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-10-08 10:34 - 2014-10-16 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-08 00:24 - 2013-08-22 08:36 - 00000000 ____D C:\windows\AppReadiness
2015-10-08 00:01 - 2014-03-18 02:38 - 00000000 ____D C:\windows\SKB
2015-10-07 11:27 - 2014-10-16 17:55 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-07 11:27 - 2014-10-16 17:55 - 00000000 ____D C:\Program Files\CCleaner
2015-10-06 01:50 - 2015-04-04 15:12 - 00000000 ___SD C:\windows\system32\GWX
2015-10-05 09:59 - 2015-04-04 15:12 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-10-05 09:50 - 2014-10-16 18:00 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2014-10-16 18:00 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2014-10-16 18:00 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-10-05 01:47 - 2014-11-19 11:37 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-10-05 01:47 - 2014-11-19 11:37 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-10-02 07:24 - 2014-12-03 11:25 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-02 07:24 - 2014-12-03 11:25 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-30 12:05 - 2015-07-22 11:07 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-16 09:26 - 2014-12-02 22:51 - 00003898 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 09:26 - 2014-12-02 22:51 - 00003662 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-03-19 02:03 - 2015-03-19 02:03 - 0000038 ___SH () C:\Users\Steve9697\AppData\Local\69ff07055291669bb2b218.72821112
2014-05-26 11:21 - 2014-05-26 11:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-15 10:43

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by Steve9697 (2015-10-16 00:12:38)
Running from C:\Users\Steve9697\Downloads
Windows 8.1 Connected (X64) (2014-10-01 07:42:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1307137307-3646667384-4218071605-500 - Administrator - Disabled)
Guest (S-1-5-21-1307137307-3646667384-4218071605-501 - Limited - Disabled)
Steve9697 (S-1-5-21-1307137307-3646667384-4218071605-1001 - Administrator - Enabled) => C:\Users\Steve9697

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.4 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6172 - AVG Technologies)
AVG 2015 (Version: 15.0.4447 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6172 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
Canon MP Navigator 3.1 (HKLM-x32\...\MP Navigator 3.1) (Version:  - )
Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version:  - )
Canon MP140 series User Registration (HKLM-x32\...\Canon MP140 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-LayoutPrint (HKLM-x32\...\Easy-LayoutPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
Host App Service (HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Pokki) (Version: 0.269.7.783 - Pokki)
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.16.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.0.197 - Stoneware, Inc.)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo SoftAP (HKLM-x32\...\{F5A08FAD-697C-4952-9E7D-F741CD42F069}) (Version: 1.0.0.17 - Realtek)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo Web Start (HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.2.1.1000 - Maxthon International Limited)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Start Menu (HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\Pokki_Start_Menu) (Version: 0.269.7.783 - Pokki)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-09-2015 13:32:17 Scheduled Checkpoint
02-10-2015 14:24:32 Windows Update
07-10-2015 11:29:18 Removed DriverUpdate
07-10-2015 11:36:47 Removed SlimCleaner Plus
14-10-2015 05:24:37 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B39B4FA-B80F-4B1B-9EE0-68B9FFBF8E15} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {0FCCD4EE-DF2A-407B-AB66-BF3422B5357F} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {12BDF34B-3173-4E88-B987-2C0546948756} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {280DB648-B97C-4B11-AACE-ADA8330C60D4} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {2A9EAA0E-E6CE-418E-9FD4-88D409063F71} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {373D6600-CA46-4EF7-9A3C-C3613309A53D} - System32\Tasks\Pokki => %LOCALAPPDATA%\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {3BC28926-9298-4F92-ADEF-607FD89B9526} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-10-15] (Microsoft Corporation)
Task: {4EC22140-D8C1-4EFF-8D37-97ED27B56AF8} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\Steve9697\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION
Task: {54304288-479D-4399-94FA-CA0E758F4291} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {5ACBB1FE-E7C3-47E4-B38E-13197A2DD128} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {60FE1DFE-F898-4070-BADD-A01A8C722834} - \Advanced-System Protector_startup -> No File <==== ATTENTION
Task: {67038404-0226-43B2-9E56-57BEF753C51C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {72340956-B95B-4ED3-BBBE-21D7AE29B932} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Steve9697) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {8D5F95E7-24F1-475F-9BBC-D9883BDB5A73} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {95EA6C7D-8831-41D1-B67B-230B4038F805} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-11-20] (Maxthon International ltd.)
Task: {98FD34EF-9E84-4441-9FE9-AF078DDD14AB} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {A3596435-C8BA-4DE5-842E-B32BDBF43ECE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {AC89DB9B-CDD2-444C-8C71-79069453B7D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {AE09C122-7DCB-43AC-AF5A-892FE5860B7B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated)
Task: {C4DC4ECF-C0E2-479C-B45C-FBED8E616544} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E8BF08F7-60DA-48D3-8F86-45BCC74375FB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {EDBF143D-3285-4C4E-AD82-1DCC4CD26FC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Steve9697).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-04 13:40 - 2015-10-05 01:47 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-10-21 11:55 - 2006-11-10 08:12 - 00099936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-05-26 11:24 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-05-26 11:43 - 2013-05-14 11:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-05 01:47 - 2015-10-05 01:47 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
2014-05-26 11:23 - 2013-10-25 02:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2014-05-26 11:24 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-11-19 11:37 - 2015-10-05 01:47 - 03177360 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-10-05 01:47 - 2015-10-05 01:47 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\log4cplusU.dll
2015-10-15 23:52 - 2015-10-15 23:52 - 00098816 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32api.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00110080 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\pywintypes27.dll
2015-10-15 23:52 - 2015-10-15 23:52 - 00364544 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\pythoncom27.dll
2015-10-15 23:52 - 2015-10-15 23:52 - 00045568 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_socket.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 01161216 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_ssl.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00320512 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32com.shell.shell.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00713216 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_hashlib.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 01176576 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._core_.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00806400 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._gdi_.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00816128 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._windows_.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 01067008 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._controls_.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00733184 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._misc_.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00682496 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\pysqlite2._sqlite.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00087552 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_ctypes.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00119808 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32file.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00108544 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32security.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00007168 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\hashobjs_ext.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00068096 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\usb_ext.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00167936 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32gui.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00018432 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32event.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00128512 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_elementtree.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00127488 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\pyexpat.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00013824 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\common.time34.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00036864 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_psutil_windows.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00038912 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32inet.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00011264 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32crypt.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00077312 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._html2.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00027136 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_multiprocessing.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00020480 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\_yappi.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00035840 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32process.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00686080 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\unicodedata.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00123392 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._wizard.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00024064 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32pipe.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00010240 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\select.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00025600 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32pdh.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00525640 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\windows._lib_cacheinvalidation.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00017408 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32profile.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00022528 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\win32ts.pyd
2015-10-15 23:52 - 2015-10-15 23:52 - 00078848 _____ () C:\Users\Steve9697\AppData\Local\Temp\_MEI50602\wx._animate.pyd
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-05-26 11:24 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2014-11-19 11:37 - 2015-10-05 01:47 - 40638864 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00569856 _____ () C:\Users\Steve9697\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 01400846 _____ () C:\Users\Steve9697\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00151054 _____ () C:\Users\Steve9697\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00222734 _____ () C:\Users\Steve9697\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Steve9697\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\google.com -> hxxps://accounts.google.com

IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LVT"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BDF16C49-93CD-4CEB-A984-F0A82708E316}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F639D26B-E28B-4E47-ACCA-3EFEBD8D6F40}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{ACCDB750-845A-4473-983D-3C8904568017}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{44A32B92-C515-4CF8-ACB3-16275EF74E6B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{72266752-7B5D-4693-B874-F2167A9C7A29}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1CD0E376-D966-4CB1-A110-58A0F9A2D4ED}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{65CB4B1F-D6C9-4260-B7DD-D88963C311E8}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{81AC19CA-D61D-4E23-BD91-9A7E5FFA49DF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{240EBF9B-0195-4A7E-B0F4-4C3CCB63C03C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{170EE1B5-ED7D-4ECC-AA3A-AC81AEDB7A70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D1B786E-01E6-40FA-8520-7AB001818487}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{87C34D4C-5CB7-48E5-AB97-1641F1BA8C87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D7FD550D-241A-4BA4-B24B-625FF76E0528}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AFD0585D-08AD-43A9-B338-759B2F3FED3C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6A8143D0-0296-44E0-8016-81D1050FD513}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{952C7416-76EB-4244-8286-47F92165C5BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{04F1F35B-047D-4ECE-A57E-F7B35E946525}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{EC253810-3EA7-4064-B82F-0D3EB7B62447}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8A06E90E-60B3-4F68-9F2C-1C53829CA5E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23595B4C-2AF0-4CC1-9F9D-04A016034259}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F46B25B1-9F9F-4D34-9133-82AE6614FA27}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8457566B-D38F-42B7-BEA7-53BB971B5A2A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8A74A29A-AB8F-4479-B798-A16883101AFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CA9F9F7B-C896-46A1-B6EB-453DFADD0D50}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{AA1B92A0-0329-42DD-9687-E9005375B172}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{9BC297FA-B885-42AE-9265-656F5938040F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8B019F69-3AF3-4194-94FE-34D09BCE815F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C0335650-BFB7-4DC8-B7EF-48B965321CB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8329CF7C-3D4B-4A25-B5C2-3053447287E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{97AEFB17-B857-4BAA-9B0B-C9513E10F3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{6668E482-6945-4A9D-A4AD-CFEFDF39EF00}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2015 12:23:51 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (10/15/2015 12:23:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (10/13/2015 12:37:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (10/13/2015 09:59:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19f0

Start Time: 01d105d7bbf96715

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: b054a39e-71cb-11e5-828d-c03fd5964c89

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/09/2015 03:07:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (10/09/2015 02:56:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (10/08/2015 11:45:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (10/08/2015 11:45:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (10/08/2015 11:44:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (10/08/2015 12:02:19 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


System errors:
=============
Error: (10/15/2015 10:43:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - October 2015 (KB890830).

Error: (10/15/2015 12:21:40 AM) (Source: GeneStor) (EventID: 0) (User: )
Description: GeneStor driver startedGeneStor driver started (2)

Error: (10/13/2015 12:36:22 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: GeneStor driver startedGeneStor driver started (2)

Error: (10/11/2015 04:11:31 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/11/2015 04:11:31 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/11/2015 04:11:31 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/11/2015 04:11:31 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/10/2015 04:37:49 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (10/10/2015 04:37:49 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (10/10/2015 04:37:49 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


==================== Memory info ===========================

Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 69%
Total physical RAM: 3983.75 MB
Available physical RAM: 1200.7 MB
Total Virtual: 4687.75 MB
Available Virtual: 1707.43 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:363.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:918.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 47193F2E)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 7FE5E5CC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Thanks for posting the log reports. I need tome to look then over. I'll return today around 4pm EST.

Joe
  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Download the enclosed==> Attached File  fixlist.txt   2.38KB   114 downloads Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "C"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log


  • 0

#8
aaaa44

aaaa44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

When I clicked to download JRT it automatically ran, so I did not have AVG turned off.  I ended up with three AdwCleaner logs.  I posted the last one.  The FreeYoutubeDownload program that I believe caused these problems is still listed in my Downloads folder.  Shouild I delete it?  Should I run AdwCleaner and Junkware Removal Tool on a regular basis myself or only when instructed to do so by a techie when I have a problem?

 

 

# AdwCleaner v5.013 - Logfile created 16/10/2015 at 22:07:20
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 8.1 Connected (x64)
# Username : Steve9697 - LENOVO-PC
# Running from : C:\Users\Steve9697\Desktop\adwcleaner_5.013.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon
Service Found : vToolbarUpdater40.1.8

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Amazon\ABB
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\Users\Steve9697\AppData\Local\LenovoBrowserGuard
Folder Found : C:\Users\Steve9697\AppData\Local\pokki
Folder Found : C:\Users\Steve9697\AppData\Local\MalwareProtectionLive
Folder Found : C:\Users\Steve9697\AppData\Roaming\Systweak

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found : C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\ucvuhand.default\searchplugins\Web Search.xml
File Found : C:\Users\Steve9697\Desktop\Live PC Help.lnk
File Found : C:\windows\SysNative\roboot64.exe
File Found : C:\windows\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : Pokki

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Tune
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\SweetLabs App Platform
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tune
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Tune
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKCU\Software\SweetLabs App Platform
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A27323C-7488-11E5-828F-C03FD5964C89}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0A27323C-7488-11E5-828F-C03FD5964C89}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A27323C-7488-11E5-828F-C03FD5964C89}
Data Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0A27323C-7488-11E5-828F-C03FD5964C89}
Key Found : HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0A27323C-7488-11E5-828F-C03FD5964C89}
Data Found : HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0A27323C-7488-11E5-828F-C03FD5964C89}

***** [ Web browsers ] *****

[C:\Users\Steve9697\AppData\Roaming\Mozilla\Firefox\Profiles\ucvuhand.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename.US", "Web Search");
[C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : homepage-web.com
[C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://homepage-web.com/?s=lenovo&m=start
[C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxps://secure.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
[C:\Users\Steve9697\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://homepage-web.com/?s=lenovo&m=home

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7943 bytes] ##########

 

 

 

   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 Connected x64
Ran by Steve9697 on Sat 10/17/2015 at 4:23:39.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers



~~~ Chrome


[C:\Users\Steve9697\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Steve9697\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Steve9697\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Steve9697\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/17/2015 at 4:30:19.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by Steve9697 (2015-10-16 21:50:28) Run:1
Running from C:\Users\Steve9697\Desktop
Loaded Profiles: Steve9697 (Available Profiles: Steve9697)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={C3F74CC8-99BF-4C55-B912-E2F614A1B33F}&mid=cf7f00884b8a47d2a1e011769372a57a-e430d6d9335b746559a7e0ea3c233e391f2628d2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-12 10:47:14&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1307137307-3646667384-4218071605-1001 -> {A4A33017-9042-4A4D-8471-96CF3E1A2F6E} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-10-05] (AVG)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> => No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> => No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-02-25] (AVG Secure Search)
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
2015-10-07 14:34 - 2015-10-07 14:34 - 00000000 _____ C:\Users\Steve9697\Downloads\FYTD_Setup_2.exe
Task: {4EC22140-D8C1-4EFF-8D37-97ED27B56AF8} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\Steve9697\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION
C:\Users\Steve9697\AppData\Local\Temp\LenovoExperienceImprovement.exe
Task: {60FE1DFE-F898-4070-BADD-A01A8C722834} - \Advanced-System Protector_startup -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Steve9697\OneDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:


*****************

Processes closed successfully.
Restore point was successfully created.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4A33017-9042-4A4D-8471-96CF3E1A2F6E}" => key removed successfully
HKCR\CLSID\{A4A33017-9042-4A4D-8471-96CF3E1A2F6E} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully
HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
C:\Users\Steve9697\Downloads\FYTD_Setup_2.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EC22140-D8C1-4EFF-8D37-97ED27B56AF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EC22140-D8C1-4EFF-8D37-97ED27B56AF8}" => key removed successfully
C:\windows\System32\Tasks\Lenovo\Experience Improvement => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Experience Improvement" => key removed successfully
"C:\Users\Steve9697\AppData\Local\Temp\LenovoExperienceImprovement.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60FE1DFE-F898-4070-BADD-A01A8C722834}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60FE1DFE-F898-4070-BADD-A01A8C722834}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup => key not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\Users\Steve9697\OneDrive => ":ms-properties" ADS removed successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1307137307-3646667384-4218071605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 640.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:51:53 ====


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

In the AdwCleaner log file, it shows only a scan was done, please run the Clean option to remove the found files. That would be an SO.txt file

Next
 
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#10
aaaa44

aaaa44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

I ran MBAM and it did not detect any threats.

 

Each time I have run AdwCleaner when my computer reboots I get a popup saying "Open Office Document Recovery".  There is a button on this page that says "Click to recover document".  When I click this button the (S3).txt and (C2).txt logs pop up but no (SO).txt file.  The (SO).txt file is not in the AdwCleaner folder in "C" either.

 

I did not run AdwCleaner, JRT, or FRST "as administrator" for my previous post but just left double clicked on the icons and proceeded.  


  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello aaaa44,

Forgot to answer your questions
 

The FreeYoutubeDownload program that I believe caused these problems is still listed in my Downloads folder. Shouild I delete it? Should I run AdwCleaner and Junkware Removal Tool on a regular basis myself or only when instructed to do so by a techie when I have a problem?


You can delete that. I don't suggest running these tools on your own. We will remove them at the and of this topic.

It's always best to right click on these tools and run as administrator.

I would try running adwcleaner one more time, right click on the icon "Run as administrator" click scan let scan finish, then click log file, then click Clean.

Also

The (SO).txt file is not in the AdwCleaner folder in "C" either.

Reports are saved into C:\ directly on the c drive.

How is the computer now ?
  • 0

#12
aaaa44

aaaa44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

I ran AdwCleaner again as administrator and got the message: "AdwCleaner found no malicious programs on your computer".   I still clicked Logfile then Cleaning.  Below are the two documents that popped up after my computer restarted.  Again, no [SO].txt log was produced, only C.txt and S.txt logs.

 

When I click on my c drive I don't see any [SO].txt logs listed either individually or in the AdwCleaner folder.  There are only C.txt and S.txt logs in the AdwCleaner folder. 

 

My computer is running fine.  Firefox is my homepage.  My default search engine changed to Yahoo again, so I switched it back to Google today.  

 

 

# AdwCleaner v5.014 - Logfile created 19/10/2015 at 10:29:07
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 8.1 Connected (x64)
# Username : Steve9697 - LENOVO-PC
# Running from : C:\Users\Steve9697\Desktop\adwcleaner_5.014.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [583 bytes] ##########

 

 

 

 

 

 

# AdwCleaner v5.014 - Logfile created 19/10/2015 at 10:31:59
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 8.1 Connected (x64)
# Username : Steve9697 - LENOVO-PC
# Running from : C:\Users\Steve9697\Desktop\adwcleaner_5.014.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [647 bytes] ##########


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,
 
If there are no further issues lets remove the tools and log files using delfix;

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#14
aaaa44

aaaa44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

# DelFix v1.011 - Logfile created 20/10/2015 at 11:01:19
# Updated 18/08/2015 by Xplode
# Username : Steve9697 - LENOVO-PC
# Operating System : Windows 8.1 Connected (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Steve9697\Downloads\FRST-OlderVersion
Deleted : C:\Users\Steve9697\Desktop\adwcleaner_5.014.exe
Deleted : C:\Users\Steve9697\Desktop\Fixlog.txt
Deleted : C:\Users\Steve9697\Desktop\FRST64.exe
Deleted : C:\Users\Steve9697\Desktop\FRST64.exe.part
Deleted : C:\Users\Steve9697\Desktop\JRT(1).exe
Deleted : C:\Users\Steve9697\Desktop\JRT.exe
Deleted : C:\Users\Steve9697\Desktop\JRT.txt
Deleted : C:\Users\Steve9697\Downloads\Addition.txt
Deleted : C:\Users\Steve9697\Downloads\FRST.txt
Deleted : C:\Users\Steve9697\Downloads\FRST64 - Shortcut.lnk
Deleted : C:\Users\Steve9697\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #57 [Windows Update | 10/14/2015 12:24:37]
Deleted : RP #59 [Restore Point Created by FRST | 10/17/2015 04:50:42]
Deleted : RP #60 [Windows Update | 10/20/2015 08:25:12]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP