Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked and multiple viruses


  • Please log in to reply

#1
Lisa Huffman

Lisa Huffman

    Member

  • Member
  • PipPip
  • 98 posts

I would really appreciate it if someone could look at my OTL log.  My computer got some nasty infections and my browsers seem to be hijacked.  Someone ran AVG but it hasn't really cleared anything.

 

OTL logfile created on: 7/17/2014 1:38:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Amigo\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 35.90% Memory free
9.68 Gb Paging File | 6.69 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): c:\pagefile.sys 5947 8500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.15 Gb Total Space | 178.03 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive E: | 121.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 9.77 Gb Total Space | 2.69 Gb Free Space | 27.50% Space Free | Partition Type: NTFS
 
Computer Name: AMIGO-THINK | User Name: Amigo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/17 13:38:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amigo\Downloads\OTL.exe
PRC - [2014/06/22 09:52:48 | 000,416,544 | ---- | M] (Wajamu) -- C:\Program Files\V-bates\notifier.exe
PRC - [2014/06/22 09:52:48 | 000,128,800 | ---- | M] (Wajamu) -- C:\Program Files\V-bates\guardsvc.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/28 14:21:56 | 000,424,760 | ---- | M] (Smart PC Solutions) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
PRC - [2013/12/30 15:57:24 | 005,908,768 | ---- | M] (E-Z BIS, Inc.) -- C:\EZBIS\REPORT.EXE
PRC - [2013/12/30 15:57:22 | 005,966,112 | ---- | M] (E·Z BIS, Inc.) -- C:\EZBIS\FILING.EXE
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/17 12:30:00 | 002,455,840 | ---- | M] (E·Z BIS, Inc.) -- C:\EZBIS\WORD.EXE
PRC - [2013/12/17 12:30:00 | 001,415,456 | ---- | M] (E·Z BIS, Inc.) -- C:\EZBIS\POPUPS.EXE
PRC - [2013/12/17 12:29:58 | 001,894,688 | ---- | M] (E·Z BIS, Inc.) -- C:\EZBIS\EZBIS.EXE
PRC - [2012/01/13 15:27:32 | 001,216,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/01/13 15:22:40 | 000,348,160 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2011/11/15 18:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2011/10/18 09:01:24 | 002,678,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/18 16:35:14 | 000,221,184 | ---- | M] (Visioneer Inc.) -- C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2010/03/15 16:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/03/05 02:06:49 | 000,064,064 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2010/03/05 02:05:47 | 000,072,256 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/01/27 15:49:38 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2010/01/21 18:42:50 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
PRC - [2010/01/21 18:42:02 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/11/12 14:56:36 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/10/15 20:43:42 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
PRC - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/06/10 17:20:02 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/08 08:18:04 | 014,663,856 | ---- | M] () -- C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
MOD - [2014/06/22 09:52:48 | 000,388,896 | ---- | M] () -- C:\Program Files\V-bates\libredir2.dll
MOD - [2014/06/22 09:52:48 | 000,287,520 | ---- | M] () -- C:\Program Files\V-bates\libinject2.dll
MOD - [2014/06/22 09:52:48 | 000,188,704 | ---- | M] () -- C:\Program Files\V-bates\libapi2hook.dll
MOD - [2014/06/22 09:52:48 | 000,087,840 | ---- | M] () -- C:\Program Files\V-bates\libwinhook.dll
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/16 12:31:53 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359e693030a92977455667e67fb74267\Microsoft.VisualBasic.ni.dll
MOD - [2014/05/16 09:10:06 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/16 09:09:59 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 10:44:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/13 10:43:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 10:43:54 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2014/02/13 10:43:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 10:43:48 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll
MOD - [2014/02/13 10:43:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 10:43:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 10:43:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 10:43:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/12/30 15:57:02 | 000,025,888 | ---- | M] () -- C:\EZBIS\EZRANGE.DLL
MOD - [2013/10/03 14:32:08 | 000,026,112 | ---- | M] () -- C:\EZBIS\DOCTOR.DLL
MOD - [2010/01/27 15:48:40 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2010/01/27 15:48:38 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2010/01/27 15:48:12 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2010/01/27 15:48:04 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2010/01/27 15:48:02 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2010/01/27 15:47:52 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2010/01/27 15:47:48 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2010/01/27 15:47:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 20:44:46 | 000,067,128 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
MOD - [2009/10/15 20:44:24 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
MOD - [2009/10/15 20:44:06 | 000,969,784 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
MOD - [2009/10/15 20:43:56 | 000,140,856 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll
MOD - [2009/10/15 20:43:10 | 000,240,128 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMMapperObjects.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\V-bates\ExtensionUpdaterService.exe -- (V-bates Updater)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
SRV:64bit: - [2014/06/22 09:52:48 | 000,128,800 | ---- | M] (Wajamu) [Auto | Running] -- C:\Program Files\V-bates\guardsvc.exe -- (Mext Guard)
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/19 12:21:14 | 002,179,056 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/11 18:05:40 | 000,362,296 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV:64bit: - [2010/05/04 13:47:42 | 000,137,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe -- (Sks8821)
SRV:64bit: - [2010/04/29 21:10:40 | 000,127,800 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2014/07/14 10:05:22 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/23 16:02:51 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/06/23 16:02:51 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/06/07 12:20:59 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/06/07 12:20:49 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/05 08:07:04 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe -- (NewPlayerUpdaterService)
SRV - [2014/03/14 10:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/11/15 18:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/09/16 19:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/18 16:35:14 | 000,221,184 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2010/03/15 16:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/03/05 02:05:47 | 000,072,256 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/01/21 18:42:50 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/01/21 18:42:02 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/11/12 14:56:36 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/16 16:28:33 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/06/07 12:20:50 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/25 12:52:10 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2012/09/10 09:02:14 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/09/10 09:02:12 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 19:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 19:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 09:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/04/28 19:49:50 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV:64bit: - [2009/12/17 23:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 05:45:06 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/01 22:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/16 17:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 17:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV - [2013/05/31 12:10:34 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=3449555e2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=3449555e2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{8E151BF1-ED99-464C-81D6-D70B7DED96AF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=3449555e2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{8E151BF1-ED99-464C-81D6-D70B7DED96AF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=3449555e2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.48searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...BCA795151&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49191;https=127.0.0.1:49191
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Amigo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amigo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amigo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX [2014/06/23 16:29:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox [2014/06/23 16:29:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E5D74966-C83B-F036-984D-6B47BC9CEB9B}: C:\Program Files (x86)\-ViewPassword-soft\174.xpi [2014/06/23 16:02:19 | 000,011,328 | ---- | M] ()
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Amigo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HQPro-1.9 = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.76_0\
CHR - Extension: Facebook Video Downloader By Usman = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iammfideaeemcfkbamikekhjghodldid\1.5.0_0\
CHR - Extension: Secure Mail for Gmail (by Streak) = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn\1.6_0\
CHR - Extension: Google Wallet = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HQPro-1.9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQPro-1.9\HQPro-1.9-bho64.dll File not found
O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll ()
O2 - BHO: (HQPro-1.9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQPro-1.9\HQPro-1.9-bho.dll File not found
O2 - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll ()
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll File not found
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (ViewPassword) - {5F95D827-A772-6741-2E39-3C11BEBC4080} - C:\Program Files (x86)\-ViewPassword-soft\174.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet M2727 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M2727\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Skd8821] C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe (LITE-ON TECHNOLOGY CORP.)
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4:64bit: - HKLM..\Run: [V-bates] C:\Program Files\V-bates\notifier.exe (Wajamu)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [fst_us_118] "C:\Program Files (x86)\fst_us_118\fst_us_118.exe" File not found
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Power Manager Power Agenda] C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader 64] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon64.exe File not found
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [ContentExplorer] C:\Users\Amigo\AppData\Roaming\ContentExplorer\ContentExplorer.exe (ContentExplorer)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - Startup: C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: alait.com ([blueserver] * in Trusted sites)
O15:64bit: - ..Trusted Domains: alait.com|67.159.139.29 ([blueserver] * in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC83DDF-AA49-4DA0-95D5-976CB0465C71}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{293cdfa6-483f-11e1-be9d-c89cdc393415}\Shell - "" = AutoRun
O33 - MountPoints2\{293cdfa6-483f-11e1-be9d-c89cdc393415}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{a991886c-b214-11e0-895b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a991886c-b214-11e0-895b-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 17:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\Shell - "" = AutoRun
O33 - MountPoints2\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{ef28af3f-567f-11e2-b581-c89cdc393415}\Shell - "" = AutoRun
O33 - MountPoints2\{ef28af3f-567f-11e2-b581-c89cdc393415}\Shell\AutoRun\command - "" = D:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/15 15:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2014/07/15 15:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TightVNC
[2014/07/15 15:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2014/06/28 09:28:04 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/28 09:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/28 09:27:42 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/28 09:27:42 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/28 09:27:42 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/28 09:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/28 09:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/28 09:24:27 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\SearchProtect
[2014/06/28 09:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/06/28 09:21:41 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/23 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates
[2014/06/23 16:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Media Converter
[2014/06/23 16:29:32 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\SmartMediaConverter
[2014/06/23 16:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartMediaConverter
[2014/06/23 16:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
[2014/06/23 16:16:06 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\fst_us_118
[2014/06/23 16:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_us_118
[2014/06/23 16:08:31 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\com
[2014/06/23 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\Amigo\Documents\PC Speed Maximizer
[2014/06/23 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\PC Speed Maximizer
[2014/06/23 16:07:42 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\newplayer
[2014/06/23 16:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[2014/06/23 16:06:57 | 000,000,000 | ---D | C] -- C:\Users\Amigo\Documents\Optimizer Pro
[2014/06/23 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\Optimizer Pro
[2014/06/23 16:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/06/23 16:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/06/23 16:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/06/23 16:06:24 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\SupTab
[2014/06/23 16:06:21 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\Programs
[2014/06/23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/06/23 16:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/06/23 16:06:02 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/06/23 16:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
[2014/06/23 16:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/06/23 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\VOPackage
[2014/06/23 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/06/23 16:02:53 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\globalUpdate
[2014/06/23 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/06/23 16:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2014/06/23 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax
[2014/06/23 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQPro-1.9
[2014/06/23 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
[2014/06/23 16:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVM Player
[2014/06/23 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2014/06/23 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\ContentExplorer
[2014/06/23 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\IAC
[2014/06/23 16:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\-ViewPassword-soft
[2014/06/23 15:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/17 13:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000UA.job
[2014/07/17 13:38:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2014/07/17 13:38:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2014/07/17 13:35:27 | 000,008,893 | ---- | M] () -- C:\Users\Amigo\AppData\Roaming\EZUser.ini
[2014/07/17 13:30:51 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 13:30:51 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 13:29:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C}.job
[2014/07/17 13:21:16 | 000,003,448 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-11.job
[2014/07/17 13:21:09 | 000,002,766 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-3.job
[2014/07/17 13:21:07 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/07/17 13:20:49 | 000,001,374 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-7.job
[2014/07/17 13:20:49 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ViewPassword_wd.job
[2014/07/17 13:20:48 | 000,002,368 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-4.job
[2014/07/17 13:20:48 | 000,001,436 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-1.job
[2014/07/17 13:20:48 | 000,001,432 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-6.job
[2014/07/17 13:20:48 | 000,001,402 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-5.job
[2014/07/17 13:20:48 | 000,001,314 | ---- | M] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-2.job
[2014/07/17 13:20:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/17 13:19:26 | 3118,391,296 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/16 18:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/16 18:04:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/07/16 18:04:00 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2014/07/16 16:28:33 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/16 16:26:49 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/07/14 15:04:13 | 000,395,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/14 10:12:59 | 000,001,102 | ---- | M] () -- C:\Users\Amigo\Desktop\Continue VuuPC Installation.lnk
[2014/07/02 10:07:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000Core1cf95ff5ace2c1.job
[2014/06/28 09:27:49 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/23 16:29:53 | 000,000,045 | ---- | M] () -- C:\user.js
[2014/06/23 16:29:35 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Smart Media Converter.lnk
[2014/06/23 16:29:15 | 000,001,219 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk
[2014/06/23 16:06:03 | 000,001,144 | ---- | M] () -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/23 09:04:02 | 000,000,038 | ---- | M] () -- C:\Users\Amigo\AppData\Roaming\WB.CFG
 
========== Files Created - No Company Name ==========
 
[2014/07/02 10:07:56 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000Core1cf95ff5ace2c1.job
[2014/06/28 09:27:49 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/23 16:54:54 | 000,001,102 | ---- | C] () -- C:\Users\Amigo\Desktop\Continue VuuPC Installation.lnk
[2014/06/23 16:29:58 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C}.job
[2014/06/23 16:29:53 | 000,000,045 | ---- | C] () -- C:\user.js
[2014/06/23 16:29:35 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Smart Media Converter.lnk
[2014/06/23 16:29:15 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk
[2014/06/23 16:06:03 | 000,001,144 | ---- | C] () -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/23 16:04:40 | 000,001,402 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-5.job
[2014/06/23 16:04:15 | 000,001,314 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-2.job
[2014/06/23 16:04:09 | 000,001,436 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-1.job
[2014/06/23 16:04:06 | 000,002,368 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-4.job
[2014/06/23 16:03:45 | 000,001,374 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-7.job
[2014/06/23 16:03:44 | 000,001,432 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-6.job
[2014/06/23 16:03:35 | 000,003,448 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-11.job
[2014/06/23 16:03:03 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/06/23 16:02:58 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/06/23 16:02:53 | 000,002,766 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-3.job
[2014/06/23 16:02:20 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\ViewPassword_wd.job
[2014/04/23 09:27:07 | 000,000,093 | ---- | C] () -- C:\ProgramData\SAH_Install.ini
[2013/10/10 09:37:48 | 000,000,456 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/09 09:40:26 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\TX16_IC.INI
[2013/10/09 09:40:25 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\SERVANY.EXE
[2013/07/29 09:04:01 | 000,000,038 | ---- | C] () -- C:\Users\Amigo\AppData\Roaming\WB.CFG
[2013/07/05 13:04:02 | 000,000,005 | ---- | C] () -- C:\Users\Amigo\AppData\Roaming\WBPU-TTL.DAT
[2013/05/28 12:52:14 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/05/28 12:52:14 | 000,000,024 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/05/28 12:46:52 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/01/23 18:39:54 | 000,003,584 | ---- | C] () -- C:\Users\Amigo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/04 11:13:52 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\mvusbews.dll
[2012/09/10 09:02:14 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/09/10 09:02:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/11/17 08:48:56 | 000,008,893 | ---- | C] () -- C:\Users\Amigo\AppData\Roaming\EZUser.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/15 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\ContentExplorer
[2013/05/31 14:15:28 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\ControlCenter4
[2011/11/17 08:45:01 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\DesktopPwrMgr
[2014/02/12 10:04:12 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\DigitalSites
[2013/07/05 12:04:11 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\DSite
[2011/11/17 08:45:06 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\Leadertech
[2013/05/28 12:43:31 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\Nuance
[2012/12/29 13:19:52 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\OneTouch 4.0
[2014/06/23 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\Optimizer Pro
[2014/06/23 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\PC Speed Maximizer
[2011/11/17 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\PCDr
[2014/04/23 09:27:04 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\ShopAtHome
[2014/06/23 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\SmartMediaConverter
[2014/06/23 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\SupTab
[2014/07/15 10:26:48 | 000,000,000 | ---D | M] -- C:\Users\Amigo\AppData\Roaming\VOPackage
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
 
Thanks!

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I see you have Malwarebytes installed have you run that? If not please do so and post the log.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post:

    1- AdwCleaner log
    2- JRT Log
    3- Malwarebytes log.

    Thanks
    Joe :)


    If you completed the above tasks without any issues and posted the log reports, then please continue with instructions below:


    We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\V-bates\ExtensionUpdaterService.exe -- (V-bates Updater)
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\pcmax\pcmax.exe -- (pcmaxservice)
    SRV:64bit: - [2014/06/22 09:52:48 | 000,128,800 | ---- | M] (Wajamu) [Auto | Running] -- C:\Program Files\V-bates\guardsvc.exe -- (Mext Guard)
    SRV - [2014/03/14 10:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=3449555e2
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=3449555e2
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=3449555e2
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=3449555e2
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.48searchengines.com/?op [Binary data over 200 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...BCA795151&SSPV=
    IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
    IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.tb.ask...r={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49191;https=127.0.0.1:49191
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
    O2:64bit: - BHO: (HQPro-1.9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQPro-1.9\HQPro-1.9-bho64.dll File not found
    O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll ()
    O2 - BHO: (HQPro-1.9) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQPro-1.9\HQPro-1.9-bho.dll File not found
    O2 - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll ()
    O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
    O4:64bit: - HKLM..\Run: [V-bates] C:\Program Files\V-bates\notifier.exe (Wajamu)
    O4 - HKLM..\Run: [fst_us_118] "C:\Program Files (x86)\fst_us_118\fst_us_118.exe" File not found
    O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe File not found
    O4 - HKCU..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
    O4 - Startup: C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) -  File not found
    O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) -  File not found
    O33 - MountPoints2\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\Shell - "" = AutoRun
    O33 - MountPoints2\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\Shell\AutoRun\command - "" = D:\Autorun.exe
    O33 - MountPoints2\{ef28af3f-567f-11e2-b581-c89cdc393415}\Shell - "" = AutoRun
    O33 - MountPoints2\{ef28af3f-567f-11e2-b581-c89cdc393415}\Shell\AutoRun\command - "" = D:\SISetup.exe
    [2014/06/28 09:24:27 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\SearchProtect
    [2014/06/28 09:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2014/06/28 09:21:41 | 000,000,000 | ---D | C] -- C:\temp
    [2014/06/23 16:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates
    2014/06/23 16:16:06 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\fst_us_118
    [2014/06/23 16:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fst_us_118
    [2014/06/23 16:08:31 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\com
    [2014/06/23 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\Amigo\Documents\PC Speed Maximizer
    [2014/06/23 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\PC Speed Maximizer
    [2014/06/23 16:07:42 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\newplayer
    [2014/06/23 16:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
    [2014/06/23 16:06:57 | 000,000,000 | ---D | C] -- C:\Users\Amigo\Documents\Optimizer Pro
    [2014/06/23 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\Optimizer Pro
    [2014/06/23 16:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2014/06/23 16:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
    [2014/06/23 16:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
    [2014/06/23 16:06:24 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\SupTab
    [2014/06/23 16:06:21 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\Programs
    [2014/06/23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
    [2014/06/23 16:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
    [2014/06/23 16:06:02 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    [2014/06/23 16:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
    [2014/06/23 16:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
    [2014/06/23 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\VOPackage
    [2014/06/23 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    [2014/06/23 16:02:53 | 000,000,000 | ---D | C] -- C:\Users\Amigo\AppData\Local\globalUpdate
    [2014/06/23 16:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
    [2014/06/23 16:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
    [2014/06/23 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax
    [2014/06/23 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQPro-1.9
    [2014/06/23 16:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
    [2014/06/23 16:29:53 | 000,000,045 | ---- | M] () -- C:\user.js
    [2014/06/23 16:29:35 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Smart Media Converter.lnk
    [2014/06/23 16:29:15 | 000,001,219 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk
    [2014/06/23 16:06:03 | 000,001,144 | ---- | M] () -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    [2014/06/23 09:04:02 | 000,000,038 | ---- | M] () -- C:\Users\Amigo\AppData\Roaming\WB.CFG
    2014/06/23 16:29:53 | 000,000,045 | ---- | C] () -- C:\user.js
    [2014/06/23 16:29:35 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Smart Media Converter.lnk
    [2014/06/23 16:29:15 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk
    [2014/06/23 16:06:03 | 000,001,144 | ---- | C] () -- C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    [2014/06/23 16:04:40 | 000,001,402 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-5.job
    [2014/06/23 16:04:15 | 000,001,314 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-2.job
    [2014/06/23 16:04:09 | 000,001,436 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-1.job
    [2014/06/23 16:04:06 | 000,002,368 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-4.job
    [2014/06/23 16:03:45 | 000,001,374 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-7.job
    [2014/06/23 16:03:44 | 000,001,432 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-6.job
    [2014/06/23 16:03:35 | 000,003,448 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-11.job
    [2014/06/23 16:03:03 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
    [2014/06/23 16:02:58 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
    [2014/06/23 16:02:53 | 000,002,766 | ---- | C] () -- C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-3.job
    [2014/06/23 16:02:20 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\ViewPassword_wd.job 
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
    
    :Files
    netsh int ip reset c:\resetlog.txt /c
    ipconfig /flushdns /c
    ipconfig /release /c
    ipconfig /renew /c 
    C:\Program Files\V-bates\notifier.exe
    C:\Program Files\V-bates\guardsvc.exe
    C:\Program Files\V-bates\libredir2.dll
    C:\Program Files\V-bates\libinject2.dll
    C:\Program Files\V-bates\libapi2hook.dll
    C:\Program Files\V-bates\libwinhook.dll
    C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    C:\Users\Amigo\AppData\Roaming\Optimizer Pro
    C:\Users\Amigo\AppData\Roaming\PC Speed Maximizer
    C:\Users\Amigo\AppData\Roaming\ShopAtHome
    C:\Users\Amigo\AppData\Roaming\SmartMediaConverter
    C:\Users\Amigo\AppData\Roaming\SupTab
    C:\Users\Amigo\AppData\Roaming\VOPackage
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
    In your next reply:

    1-Post the OTL Fix Log, that will pop up in front of you after fix is run, if not find it here C:\_OTL\Moved Files
    2-Post a new OTL Log after quick scan.

  • 0

#3
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Here is the JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Amigo on Wed 07/23/2014 at 12:27:21.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] 70e6ca8c 
Successfully deleted: [Service] 70e6ca8c 
Successfully stopped: [Service] backupstack 
Successfully deleted: [Service] backupstack 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc speed maximizer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0053172.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0053172.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0053172.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0053172.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511311172}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522312272}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550555315572}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566316672}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544314472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511311172}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220522312272}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550555315572}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660566316672}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544314472}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0053172.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0053172.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0053172.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0053172.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550555315572}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660566316672}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544314472}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\dsite.job
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Amigo\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Amigo\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Amigo\AppData\Roaming\pc speed maximizer"
Successfully deleted: [Folder] "C:\Users\Amigo\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Failed to delete: [Folder] "C:\Program Files (x86)\pc speed maximizer"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\Users\Amigo\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Users\Amigo\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Amigo\appdata\local\{21E10FE2-3F33-48EC-AA7E-9A32429FD4A9}
Successfully deleted: [Empty Folder] C:\Users\Amigo\appdata\local\{25C67605-E04E-4ED2-BA6D-54C0C90BF363}
Successfully deleted: [Empty Folder] C:\Users\Amigo\appdata\local\{4BDD534E-A770-4FD7-B4CB-5132725E0317}
Successfully deleted: [Empty Folder] C:\Users\Amigo\appdata\local\{754CDEF0-8CA6-4AAD-A0FD-340FE2F9CFC6}
Successfully deleted: [Empty Folder] C:\Users\Amigo\appdata\local\{EC06CF62-B638-4853-BB4B-55B7B33B00D3}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/23/2014 at 12:37:27.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Here is the Ad Cleaner log
# AdwCleaner v3.216 - Report created 23/07/2014 at 12:16:30
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Amigo - AMIGO-THINK
# Running from : C:\Users\Amigo\Downloads\adwcleaner_3.216.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : 70e6ca8c
Service Found : BackupStack
Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : IePluginServices
Service Found : Mext Guard
Service Found : NewPlayerUpdaterService
Service Found : servervo
Service Found : V-bates Updater
Service Found : ViewPassword
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Found : C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Amigo\Desktop\Continue VuuPC Installation.lnk
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-1
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-11
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-2
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-3
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-4
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-5
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-6
File Found : C:\Windows\System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-7
File Found : C:\Windows\System32\Tasks\Digital Sites
File Found : C:\Windows\System32\Tasks\DSite
File Found : C:\Windows\System32\Tasks\FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C}
File Found : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Found : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Found : C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
File Found : C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
File Found : C:\Windows\System32\Tasks\ViewPassword_wd
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-1.job
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-11.job
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-2.job
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-3.job
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-4.job
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-5.job
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-6.job
File Found : C:\Windows\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-7.job
File Found : C:\Windows\Tasks\Digital Sites.job
File Found : C:\Windows\Tasks\DSite.job
File Found : C:\Windows\Tasks\FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C}.job
File Found : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Found : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Found : C:\Windows\Tasks\ViewPassword_wd.job
Folder Found : C:\Program Files (x86)\FLVM Player
Folder Found : C:\Program Files (x86)\fst_us_118
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\HQPro-1.9
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\NewPlayer
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\PC Speed Maximizer
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\SmartMediaConverter
Folder Found : C:\Program Files (x86)\SupTab
Folder Found : C:\Program Files (x86)\-ViewPassword-soft
Folder Found : C:\Program Files\V-bates
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Media Converter
Folder Found : C:\Users\Amigo\AppData\Local\fst_us_118
Folder Found : C:\Users\Amigo\AppData\Local\globalUpdate
Folder Found : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Folder Found : C:\Users\Amigo\AppData\Local\iac
Folder Found : C:\Users\Amigo\AppData\Local\NewPlayer
Folder Found : C:\Users\Amigo\AppData\Local\SearchProtect
Folder Found : C:\Users\Amigo\AppData\LocalLow\iac
Folder Found : C:\Users\Amigo\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Amigo\AppData\Roaming\DSite
Folder Found : C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Folder Found : C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\Amigo\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\Amigo\AppData\Roaming\PC Speed Maximizer
Folder Found : C:\Users\Amigo\AppData\Roaming\SmartMediaConverter
Folder Found : C:\Users\Amigo\AppData\Roaming\SupTab
Folder Found : C:\Users\Amigo\AppData\Roaming\VOPackage
Folder Found : C:\Users\Amigo\Documents\Optimizer Pro
Folder Found : C:\Users\Amigo\Documents\PC Speed Maximizer
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\HQPro-1.9
Key Found : HKCU\Software\AppDataLow\Software\ViewPassword
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\FreeSoftToday
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\pc speed maximizer
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\FreeSoftToday
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\pc speed maximizer
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Found : HKLM\Software\HQPro-1.9
Key Found : HKLM\Software\installedbrowserextensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35410b81-d917-4b44-a4f5-2448986dcb96}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35410b81-d917-4b44-a4f5-2448986dcb96}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35410b81-d917-4b44-a4f5-2448986dcb96}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{566b2cef-8e5d-42f0-9f4b-dd16025f91cb}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{566b2cef-8e5d-42f0-9f4b-dd16025f91cb}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{566b2cef-8e5d-42f0-9f4b-dd16025f91cb}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_us_118_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQPro-1.9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\Software\NewPlayer
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SupDp
Key Found : HKLM\Software\SupTab
Key Found : HKLM\Software\Tutorials
Key Found : HKLM\Software\V9Software
Key Found : HKLM\Software\V-bates
Key Found : HKLM\Software\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35410b81-d917-4b44-a4f5-2448986dcb96}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35410b81-d917-4b44-a4f5-2448986dcb96}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35410b81-d917-4b44-a4f5-2448986dcb96}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{566b2cef-8e5d-42f0-9f4b-dd16025f91cb}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{566b2cef-8e5d-42f0-9f4b-dd16025f91cb}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{566b2cef-8e5d-42f0-9f4b-dd16025f91cb}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : [x64] HKLM\SOFTWARE\V-bates
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_us_118]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader 64]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3324863&octid=EB_ORIGINAL_CTID&ISID=MA8B787D4-7EA7-46E2-BAB4-F40A4B3CF909&SearchSource=55&CUI=&UM=5&UP=SP86391C6F-2E12-4235-BEA8-2CEBCA795151&SSPV=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com/?type=hp&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.v9.com/web/?type=ds&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com/?type=hp&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.v9.com/web/?type=ds&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.v9.com/web/?type=ds&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com/?type=hp&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.v9.com/?type=hp&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.v9.com/web/?type=ds&ts=1403553942&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3449555e2&q={searchTerms}
 
-\\ Google Chrome v
 
[ File : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Homepage] : hxxp://www.v9.com/?type=hppp&ts=1404306066&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3450819b4
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : deghekbbihbapplmbffglehkdhkeibbm
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
 
*************************
 
AdwCleaner[R0].txt - [19613 octets] - [23/07/2014 12:16:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19674 octets] ##########
 
For some reason Malawarebytes won't run and there isn't a previous history of a scan being done.
 

  • 0

#4
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

I am not sure if you had wanted the OTL log after I ran the run fix so here it is.  Also sorry it took me so long to get back to you.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named V-bates Updater was found to stop!
Service\Driver key V-bates Updater not found.
File C:\Program Files\V-bates\ExtensionUpdaterService.exe not found.
Error: No service named pcmaxservice was found to stop!
Service\Driver key pcmaxservice not found.
File C:\Program Files\pcmax\pcmax.exe not found.
Error: No service named Mext Guard was found to stop!
Service\Driver key Mext Guard not found.
File C:\Program Files\V-bates\guardsvc.exe not found.
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files (x86)\MyPC Backup\BackupStack.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ not found.
File C:\Program Files\V-bates\Extension64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ not found.
File C:\Program Files\V-bates\Extension32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg not found.
File C:\Program Files\pcmax\service.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\V-bates not found.
File C:\Program Files\V-bates\notifier.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_118 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg not found.
File C:\Program Files\pcmax\service.exe not found.
File move failed. C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~2.DLL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~1.DLL deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3b2f7ad-657e-11e2-aa4b-c89cdc393415}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef28af3f-567f-11e2-b581-c89cdc393415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef28af3f-567f-11e2-b581-c89cdc393415}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef28af3f-567f-11e2-b581-c89cdc393415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef28af3f-567f-11e2-b581-c89cdc393415}\ not found.
File D:\SISetup.exe not found.
C:\Users\Amigo\AppData\Local\SearchProtect\UI\rep folder moved successfully.
C:\Users\Amigo\AppData\Local\SearchProtect\UI folder moved successfully.
C:\Users\Amigo\AppData\Local\SearchProtect folder moved successfully.
Folder C:\Program Files (x86)\SearchProtect\ not found.
Folder C:\temp\ not found.
Folder C:\Program Files\V-bates\ not found.
Folder C:\Program Files (x86)\fst_us_118\ not found.
Folder C:\Users\Amigo\AppData\Local\com\ not found.
Folder C:\Users\Amigo\Documents\PC Speed Maximizer\ not found.
Folder C:\Users\Amigo\AppData\Roaming\PC Speed Maximizer\ not found.
Folder C:\Users\Amigo\AppData\Local\newplayer\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer\ not found.
Folder C:\Users\Amigo\Documents\Optimizer Pro\ not found.
Folder C:\Users\Amigo\AppData\Roaming\Optimizer Pro\ not found.
Folder C:\ProgramData\TEMP\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\ not found.
Folder C:\Program Files (x86)\Optimizer Pro\ not found.
Folder C:\Users\Amigo\AppData\Roaming\SupTab\ not found.
Folder C:\Users\Amigo\AppData\Local\Programs\ not found.
Folder C:\ProgramData\IePluginServices\ not found.
Folder C:\Program Files (x86)\SupTab\ not found.
Folder C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\ not found.
Folder C:\Program Files (x86)\NewPlayer\ not found.
Folder C:\Program Files (x86)\MyPC Backup\ not found.
Folder C:\Users\Amigo\AppData\Roaming\VOPackage\ not found.
Folder C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\ not found.
Folder C:\Users\Amigo\AppData\Local\globalUpdate\ not found.
Folder C:\Program Files (x86)\globalUpdate\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer\ not found.
Folder C:\Program Files\pcmax\ not found.
Folder C:\Program Files (x86)\HQPro-1.9\ not found.
Folder C:\Program Files (x86)\PC Speed Maximizer\ not found.
File C:\user.js not found.
File C:\Users\Public\Desktop\Smart Media Converter.lnk not found.
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk not found.
File C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Users\Amigo\AppData\Roaming\WB.CFG not found.
File C:\Users\Public\Desktop\Smart Media Converter.lnk not found.
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk not found.
File C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-5.job not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-2.job not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-1.job not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-4.job not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-7.job not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-6.job not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-11.job not found.
File C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-3.job not found.
File C:\Windows\tasks\ViewPassword_wd.job not found.
Unable to delete ADS C:\ProgramData\TEMP:373E1720 .
========== FILES ==========
< netsh int ip reset c:\resetlog.txt /c >
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Amigo\Downloads\cmd.bat deleted successfully.
C:\Users\Amigo\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Amigo\Downloads\cmd.bat deleted successfully.
C:\Users\Amigo\Downloads\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Ethernet adapter Local Area Connection 2:
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::91f3:91a1:3dc0:b240%14
   Default Gateway . . . . . . . . . : 
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
Tunnel adapter isatap.wp.comcast.net:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:40:23a5:f5fe:f5f2
   Link-local IPv6 Address . . . . . : fe80::40:23a5:f5fe:f5f2%11
   Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{949C7F0A-539B-458F-8B5F-A9C38BA5046E}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
C:\Users\Amigo\Downloads\cmd.bat deleted successfully.
C:\Users\Amigo\Downloads\cmd.txt deleted successfully.
< ipconfig /renew /c  >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Ethernet adapter Local Area Connection 2:
   Connection-specific DNS Suffix  . : wp.comcast.net
   Link-local IPv6 Address . . . . . : fe80::91f3:91a1:3dc0:b240%14
   IPv4 Address. . . . . . . . . . . : 10.1.10.13
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.10.1
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:30e8:1d6a:f5fe:f5f2
   Link-local IPv6 Address . . . . . : fe80::30e8:1d6a:f5fe:f5f2%11
   Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{949C7F0A-539B-458F-8B5F-A9C38BA5046E}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
C:\Users\Amigo\Downloads\cmd.bat deleted successfully.
C:\Users\Amigo\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files\V-bates\notifier.exe not found.
File\Folder C:\Program Files\V-bates\guardsvc.exe not found.
File\Folder C:\Program Files\V-bates\libredir2.dll not found.
File\Folder C:\Program Files\V-bates\libinject2.dll not found.
File\Folder C:\Program Files\V-bates\libapi2hook.dll not found.
File\Folder C:\Program Files\V-bates\libwinhook.dll not found.
File\Folder C:\Program Files (x86)\MyPC Backup\BackupStack.exe not found.
File\Folder C:\Users\Amigo\AppData\Roaming\Optimizer Pro not found.
File\Folder C:\Users\Amigo\AppData\Roaming\PC Speed Maximizer not found.
File\Folder C:\Users\Amigo\AppData\Roaming\ShopAtHome not found.
File\Folder C:\Users\Amigo\AppData\Roaming\SmartMediaConverter not found.
File\Folder C:\Users\Amigo\AppData\Roaming\SupTab not found.
File\Folder C:\Users\Amigo\AppData\Roaming\VOPackage not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Amigo
->Temp folder emptied: 5890826 bytes
->Temporary Internet Files folder emptied: 1684 bytes
->Google Chrome cache emptied: 17257151 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 537252 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 23.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07232014_162008
 
Files\Folders moved on Reboot...
File\Folder C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
C:\Users\Amigo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Amigo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello,

You have missed something in adwCleaner, you ran a scan, now you need to clean it.

In the adwCleaner tool in post #2

Click on the Clean button follow the prompts. All you did is a scan, click the clean button to remove the threats.

Post the log
Tell me how the computer is ?

Thanks
Joe
  • 0

#6
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Whoops, lol.  

 

Since cleaning on ad cleaner the computer is now running much faster. Yay, I don't have the pesky pop ups coming up every two seconds.  It seems like I still have an advert called "ContentExplorerX" running on my web pages. It's weird because it doesn't show up on all pages.  Looks like Cnn.com for now.  I wonder if that is not malware and just an advertisement. I mainly use chrome.

 

# AdwCleaner v3.216 - Report created 28/07/2014 at 11:51:24
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Amigo - AMIGO-THINK
# Running from : C:\Users\Amigo\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : IePluginServices
[#] Service Deleted : NewPlayerUpdaterService
[#] Service Deleted : servervo
[#] Service Deleted : ViewPassword
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Media Converter
Folder Deleted : C:\Program Files (x86)\FLVM Player
Folder Deleted : C:\Program Files (x86)\SmartMediaConverter
Folder Deleted : C:\Program Files (x86)\-ViewPassword-soft
Folder Deleted : C:\Users\Amigo\AppData\Local\iac
Folder Deleted : C:\Users\Amigo\AppData\Local\fst_us_118
Folder Deleted : C:\Users\Amigo\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Folder Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
File Deleted : C:\Users\Amigo\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\Digital Sites.job
File Deleted : C:\Windows\System32\Tasks\Digital Sites
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
File Deleted : C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
File Deleted : C:\Windows\System32\Tasks\ViewPassword_wd
File Deleted : C:\Windows\Tasks\FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C}.job
File Deleted : C:\Windows\System32\Tasks\FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C}
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader 64]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ViewPassword
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\NewPlayer
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\V-bates
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_us_118_is1
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\V-bates
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Homepage] : hxxp://www.v9.com/?type=hppp&ts=1404306066&from=tugs&uid=WDCXWD3200AAJS-08L7A0_WD-WMAV2JJ1219812198&i=psd&t=3450819b4
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : deghekbbihbapplmbffglehkdhkeibbm
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
 
*************************
 
AdwCleaner[R0].txt - [19927 octets] - [23/07/2014 12:16:30]
AdwCleaner[R1].txt - [7506 octets] - [28/07/2014 11:50:50]
AdwCleaner[S0].txt - [7297 octets] - [28/07/2014 11:51:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7357 octets] ##########

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Please download Malwarebytes Anti-Malware to your desktop. Looks like you already have it installed. So you may need to just run a scan and post the log report for me, When you get a chance.
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop

Post that log

Thanks
Joe :)
  • 0

#8
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Joe,

 

I tried uninstalling and reinstalling Malwarebytes from the link you posted.  I am still getting an error message that says it has stopped working upon attempting to open the program :-(

 

Just to update you on how the computer is running-every time I click on a link a new tab opens to an "opensoftwareupdater" page.

 

Thanks for all your help!

 

Lisa


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello Lisa,

Lets see if we can fix Malwarebytes for you. We will want to use a tool to completely remove Malwarebytes and reinstall it. The tool is called MBAM Clean and can be found Here. download the MBAM Clean and run it, then try reinstalling Malwarebytes and running it.

Question for you..What browser are you getting the opensoftwareupdater" page.

Thanks
Joe :)
  • 0

#10
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

I tried the cleaner and reinstalled to no avail :-(

 

Lisa


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello,

I'm not sure what is going on with Malwarebytes, I'll need to look into that for you.
 

Just to update you on how the computer is running-every time I click on a link a new tab opens to an "opensoftwareupdater" page.

What browser is that happening in?

I'd also when you get time like to see another scan.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
In your next reply post:
1-FRST.txt
2-Addition.txt
  • 0

#12
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Amigo (administrator) on AMIGO-THINK on 01-08-2014 18:35:16
Running from C:\Users\Amigo\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Update\GoogleUpdate.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ContentExplorer) C:\Users\Amigo\AppData\Roaming\ContentExplorer\ContentExplorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
(E·Z BIS, Inc.) C:\EZBIS\POPUPS.EXE
(E·Z BIS, Inc.) C:\EZBIS\FILING.EXE
(E·Z BIS, Inc.) C:\EZBIS\WORD.EXE
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrrealtime.p5x
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Google Inc.) C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrharddrive.p5x
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [384000 2010-06-01] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [HP LaserJet M2727 MFP Series Fax] => C:\Program Files (x86)\HP\hp LaserJet M2727\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [72256 2010-03-05] ()
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [IdeaNotesUser] => C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-06-10] (Digital Delivery Networks, Inc.)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-01-27] (HP)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-01-13] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\Run: [Google Update] => C:\Users\Amigo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-17] (Google Inc.)
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\Run: [ContentExplorer] => C:\Users\Amigo\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2421488 2014-06-23] (ContentExplorer)
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {293cdfa6-483f-11e1-be9d-c89cdc393415} - D:\LaunchU3.exe -a
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {a991886c-b214-11e0-895b-806e6f6e6963} - Q:\LenovoQDrive.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49191;https=127.0.0.1:49191
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {8E151BF1-ED99-464C-81D6-D70B7DED96AF} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: ViewPassword -> {5F95D827-A772-6741-2E39-3C11BEBC4080} -> C:\Program Files (x86)\-ViewPassword-soft\174.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Amigo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Amigo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Amigo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKCU\...\Firefox\Extensions: [{E5D74966-C83B-F036-984D-6B47BC9CEB9B}] - C:\Program Files (x86)\-ViewPassword-soft\174.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Amigo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Facebook Video Downloader By Usman) - C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iammfideaeemcfkbamikekhjghodldid [2012-07-19]
CHR Extension: (Secure Mail for Gmail (by Streak)) - C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn [2013-09-09]
CHR Extension: (Google Wallet) - C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR StartMenuInternet: Google Chrome - C:\Users\Amigo\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-11-12] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-12] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [221184 2010-10-18] (Visioneer Inc.) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [137216 2010-05-04] () [File not signed]
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-03-15] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-31] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-01 18:35 - 2014-08-01 18:38 - 00019765 _____ () C:\Users\Amigo\Downloads\FRST.txt
2014-08-01 18:33 - 2014-08-01 18:35 - 00000000 ____D () C:\FRST
2014-08-01 18:32 - 2014-08-01 18:32 - 02094080 _____ (Farbar) C:\Users\Amigo\Downloads\FRST64.exe
2014-07-31 19:57 - 2014-07-31 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 19:56 - 2014-07-31 19:56 - 00001149 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-31 19:56 - 2014-07-31 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 19:56 - 2014-07-31 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 19:56 - 2014-07-31 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-31 19:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 19:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-31 19:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 19:55 - 2014-07-31 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amigo\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-31 19:40 - 2014-07-31 19:40 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Amigo\Downloads\mbam-clean-2.1.1.1001 (2).exe
2014-07-31 19:34 - 2014-07-31 19:34 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Amigo\Downloads\mbam-clean-2.1.1.1001 (1).exe
2014-07-31 19:33 - 2014-07-31 19:33 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Amigo\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-29 10:42 - 2014-07-29 10:42 - 00533718 _____ () C:\Users\Amigo\Desktop\gene 001.tif
2014-07-29 10:42 - 2014-07-29 10:42 - 00000000 ____D () C:\Users\Amigo\Desktop\2014-07-29 gene
2014-07-29 10:12 - 2014-07-29 10:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amigo\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-23 12:45 - 2014-07-23 12:45 - 00000000 ____D () C:\_OTL
2014-07-23 12:37 - 2014-07-23 12:37 - 00007889 _____ () C:\Users\Amigo\Desktop\JRT.txt
2014-07-23 12:27 - 2014-07-23 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 12:25 - 2014-07-23 12:25 - 01016261 _____ (Thisisu) C:\Users\Amigo\Downloads\JRT.exe
2014-07-23 12:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-23 12:15 - 2014-07-28 11:51 - 00000000 ____D () C:\AdwCleaner
2014-07-23 12:15 - 2014-07-23 12:15 - 01354223 _____ () C:\Users\Amigo\Downloads\adwcleaner_3.216.exe
2014-07-17 13:59 - 2014-07-17 13:59 - 00001221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-17 13:59 - 2014-07-17 13:59 - 00001209 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-17 13:59 - 2014-07-17 13:59 - 00000000 ____D () C:\Users\Amigo\AppData\Roaming\TeamViewer
2014-07-17 13:59 - 2014-07-17 13:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-17 13:58 - 2014-07-17 13:58 - 06226040 _____ (TeamViewer GmbH) C:\Users\Amigo\Downloads\TeamViewer_Setup_en-ckj.exe
2014-07-17 13:50 - 2014-07-17 13:50 - 00071464 _____ () C:\Users\Amigo\Downloads\Extras.Txt
2014-07-17 13:48 - 2014-07-23 17:18 - 00093196 _____ () C:\Users\Amigo\Downloads\OTL.Txt
2014-07-17 13:38 - 2014-07-17 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\Amigo\Downloads\OTL.exe
2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\ProgramData\TightVNC
2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\Program Files\TightVNC
2014-07-15 15:25 - 2014-07-15 15:25 - 02367488 _____ () C:\Users\Amigo\Downloads\tightvnc-2.7.10-setup-64bit.msi
2014-07-14 09:59 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-14 09:59 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-14 09:59 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-14 09:59 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-14 09:59 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-14 09:59 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-14 09:59 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-14 09:59 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-14 09:59 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-14 09:59 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-14 09:59 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-14 09:59 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-14 09:59 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-14 09:59 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-14 09:59 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-14 09:59 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-14 09:59 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-14 09:59 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-14 09:59 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-14 09:59 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-14 09:59 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-14 09:59 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-14 09:58 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-14 09:58 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-14 09:58 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-14 09:58 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-14 09:58 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-14 09:58 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-14 09:58 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-14 09:58 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-14 09:58 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-14 09:58 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-14 09:58 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-14 09:58 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-14 09:58 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-14 09:58 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-14 09:58 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-14 09:58 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-14 09:58 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-14 09:58 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-14 09:58 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-14 09:58 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-14 09:58 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-14 09:58 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-14 09:58 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-14 09:58 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-14 09:58 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-14 09:58 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-14 09:58 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-14 09:58 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-14 09:58 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-14 09:58 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-14 09:58 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-14 09:58 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-14 09:58 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-14 09:58 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-14 09:58 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-14 09:58 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-14 09:58 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-14 09:58 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-14 09:58 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-14 09:58 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-14 09:58 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-14 09:58 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-14 09:58 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-14 09:58 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-14 09:58 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-14 09:58 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-14 09:58 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-14 09:58 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-14 09:58 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-14 09:58 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-14 09:58 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-14 09:58 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-14 09:58 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-14 09:58 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-14 09:58 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-14 09:58 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-14 09:58 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-14 09:58 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-14 09:58 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-02 10:07 - 2014-07-02 10:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000Core1cf95ff5ace2c1.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-01 18:38 - 2014-08-01 18:35 - 00019765 _____ () C:\Users\Amigo\Downloads\FRST.txt
2014-08-01 18:35 - 2014-08-01 18:33 - 00000000 ____D () C:\FRST
2014-08-01 18:32 - 2014-08-01 18:32 - 02094080 _____ (Farbar) C:\Users\Amigo\Downloads\FRST64.exe
2014-08-01 18:30 - 2011-11-17 08:41 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-01 18:28 - 2011-11-17 08:41 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-01 18:28 - 2011-11-17 08:41 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-01 18:24 - 2011-11-17 08:48 - 00008899 _____ () C:\Users\Amigo\AppData\Roaming\EZUser.ini
2014-08-01 18:17 - 2011-11-18 19:25 - 00000000 ____D () C:\Users\Amigo\Documents\insurance rebuttles
2014-08-01 18:05 - 2012-04-01 13:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 17:42 - 2011-11-17 08:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000UA.job
2014-08-01 16:59 - 2011-11-16 18:35 - 00000000 ____D () C:\EZBIS
2014-08-01 15:51 - 2011-12-03 16:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-01 13:51 - 2014-06-23 16:02 - 00000000 ____D () C:\Users\Amigo\AppData\Roaming\ContentExplorer
2014-08-01 12:59 - 2011-07-19 10:44 - 02001545 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 19:57 - 2014-07-31 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 19:56 - 2014-07-31 19:56 - 00001149 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-31 19:56 - 2014-07-31 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 19:56 - 2014-07-31 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 19:56 - 2014-07-31 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-31 19:55 - 2014-07-31 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amigo\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-31 19:49 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 19:49 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 19:43 - 2014-01-29 10:00 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-31 19:43 - 2014-01-29 10:00 - 00001035 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-31 19:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 19:41 - 2009-07-14 00:51 - 00095816 _____ () C:\Windows\setupact.log
2014-07-31 19:40 - 2014-07-31 19:40 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Amigo\Downloads\mbam-clean-2.1.1.1001 (2).exe
2014-07-31 19:40 - 2010-11-20 23:47 - 00183198 _____ () C:\Windows\PFRO.log
2014-07-31 19:34 - 2014-07-31 19:34 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Amigo\Downloads\mbam-clean-2.1.1.1001 (1).exe
2014-07-31 19:33 - 2014-07-31 19:33 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Amigo\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 19:25 - 2011-11-17 08:44 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA7037F2-1A8A-4ABC-B0BA-A8F04968D34C}
2014-07-29 10:42 - 2014-07-29 10:42 - 00533718 _____ () C:\Users\Amigo\Desktop\gene 001.tif
2014-07-29 10:42 - 2014-07-29 10:42 - 00000000 ____D () C:\Users\Amigo\Desktop\2014-07-29 gene
2014-07-29 10:12 - 2014-07-29 10:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Amigo\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-28 11:53 - 2013-05-27 12:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 11:52 - 2013-05-27 12:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 11:51 - 2014-07-23 12:15 - 00000000 ____D () C:\AdwCleaner
2014-07-24 03:02 - 2013-05-27 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 17:18 - 2014-07-17 13:48 - 00093196 _____ () C:\Users\Amigo\Downloads\OTL.Txt
2014-07-23 15:51 - 2009-07-14 00:45 - 00395184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-23 12:45 - 2014-07-23 12:45 - 00000000 ____D () C:\_OTL
2014-07-23 12:37 - 2014-07-23 12:37 - 00007889 _____ () C:\Users\Amigo\Desktop\JRT.txt
2014-07-23 12:27 - 2014-07-23 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 12:25 - 2014-07-23 12:25 - 01016261 _____ (Thisisu) C:\Users\Amigo\Downloads\JRT.exe
2014-07-23 12:15 - 2014-07-23 12:15 - 01354223 _____ () C:\Users\Amigo\Downloads\adwcleaner_3.216.exe
2014-07-22 12:00 - 2011-12-03 16:52 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-07-22 12:00 - 2011-12-03 16:52 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-07-22 12:00 - 2011-12-03 16:52 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-07-22 12:00 - 2011-12-03 16:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-21 13:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-17 14:04 - 2011-11-17 08:42 - 00095608 _____ () C:\Users\Amigo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 13:59 - 2014-07-17 13:59 - 00001221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-17 13:59 - 2014-07-17 13:59 - 00001209 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-17 13:59 - 2014-07-17 13:59 - 00000000 ____D () C:\Users\Amigo\AppData\Roaming\TeamViewer
2014-07-17 13:59 - 2014-07-17 13:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-17 13:58 - 2014-07-17 13:58 - 06226040 _____ (TeamViewer GmbH) C:\Users\Amigo\Downloads\TeamViewer_Setup_en-ckj.exe
2014-07-17 13:50 - 2014-07-17 13:50 - 00071464 _____ () C:\Users\Amigo\Downloads\Extras.Txt
2014-07-17 13:45 - 2011-07-19 10:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-17 13:38 - 2014-07-17 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\Amigo\Downloads\OTL.exe
2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\ProgramData\TightVNC
2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2014-07-15 15:28 - 2014-07-15 15:28 - 00000000 ____D () C:\Program Files\TightVNC
2014-07-15 15:25 - 2014-07-15 15:25 - 02367488 _____ () C:\Users\Amigo\Downloads\tightvnc-2.7.10-setup-64bit.msi
2014-07-14 15:02 - 2014-05-07 18:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 15:02 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 15:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-14 15:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-14 13:12 - 2013-08-14 18:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 13:10 - 2012-04-06 01:57 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-14 13:10 - 2011-11-18 19:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 10:05 - 2012-04-01 13:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-14 10:05 - 2011-11-16 20:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-02 10:07 - 2014-07-02 10:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000Core1cf95ff5ace2c1.job
 
Some content of TEMP:
====================
C:\Users\Amigo\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-29 18:58
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Amigo at 2014-08-01 18:39:08
Running from C:\Users\Amigo\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Brother MFL-Pro Suite MFC-8910DW (HKLM-x32\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 1.0.0.0 - ContentExplorer.net)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CutePDF Writer 2.5 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DIBS (x32 Version: 1.7.0 - DDNI) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
FLV Player (remove only) (HKLM-x32\...\FLVM Player) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP LaserJet M2727 MFP Series 5.2 (HKLM\...\{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}) (Version: 5.2 - HP)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{43C4BDBB-0FA3-4E79-8E9F-6ACF0F2FC0A4}) (Version: 1.0.12 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
hppFaxDrvM2727 (x32 Version: 003.100.00001 - Hewlett-Packard) Hidden
hppFaxUtility (x32 Version: 001.001.00017 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00056 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.200.00001 - Hewlett-Packard) Hidden
hppLJM2727 (x32 Version: 000.102.00101 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (x32 Version: 001.003.00073 - Hewlett-Packard) Hidden
hppManualsM2727 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden
hppScanTo (x32 Version: 003.103.00004 - Hewlett-Packard) Hidden
hppSendFaxM2727 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM2727 (x32 Version: 001.005.00009 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (x32 Version: 1.0.0.2 - Hewlett-Packard) Hidden
hppusgM2727 (x32 Version: 000.000.00006 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
hpzTLBXFX (x32 Version: 005.009.00181 - Hewlett-Packard) Hidden
HQPro-1.9 (HKLM-x32\...\HQPro-1.9) (Version: 1.34.6.10 - HQ-1.9)
Hypertext 4.0 (HKLM-x32\...\{3AC4529A-0237-4F1F-8558-2BF24867B5E5}) (Version: 1.00.0 - Spine Research Institute of San Diego)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabTech Agent Service (x32 Version: 4.1.1 - LabTech Software) Hidden
Lenovo Central (HKLM-x32\...\Lenovo Central) (Version: 1.7.5.10 - DDNI)
Lenovo Idea Notes (HKLM-x32\...\{C0C17EF3-83ED-4956-8638-7354EBE7FFFF}) (Version: 1.6.0.0 - DDNI)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo Slim USB Keyboard (HKLM\...\{494D80C4-3557-4D73-A153-65FE4B3ECDC3}) (Version: 1.05 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\{67708668-13ED-4CB3-B01F-EEE6155020A7}) (Version: 1.7.5.10 - DDNI)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version:  - Lenovo)
LogMeIn (HKLM-x32\...\{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}) (Version: 4.1.1890 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Product_Min_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SlimComputer (HKLM-x32\...\{2865A2D7-64EC-45C7-81DB-6BDC279AA966}) (Version: 1.3.17636 - SlimWare Utilities, Inc.)
SmartMediaConverter (HKLM-x32\...\SmartMediaConverter) (Version: 1.0.22.0 - Applon)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0032 - Lenovo)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.02.0015 - Lenovo Group Limited)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
ViewPassword (HKLM-x32\...\685D63E8-A1A8-59CC-CE7C-F1425E9E71D5) (Version:  - ViewPassword-software) <==== ATTENTION
WE6.0 Pro (HKLM-x32\...\{6CA199AA-06F4-47E7-84D9-CBA8CD00E452}) (Version: 1.00.0000 - Spine Research Institute of San Diego)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Driver Package - Intel Corporation (igfx) Display  (12/18/2009 8.15.10.2025) (HKLM\...\6F990E6891C30B876DC65CD55006B38F2CA7A292) (Version: 12/18/2009 8.15.10.2025 - Intel Corporation)
Windows Driver Package - Realtek (RTL8167) Net  (11/27/2009 7.011.1127.2009) (HKLM\...\4A6263828F32211742974C677F066151C53114B7) (Version: 11/27/2009 7.011.1127.2009 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/12/2010 6.0.1.6024) (HKLM\...\456D70BDB547B334625B4BDDCAFAD194FC8DAD93) (Version: 01/12/2010 6.0.1.6024 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/12/2010 6.0.1.6024) (HKLM\...\BD9DEB93FCF1F953DA0A954F8C17AB5C6BFDBF1C) (Version: 01/12/2010 6.0.1.6024 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Xerox DocuMate 3220 Driver (HKLM-x32\...\{BCFCA9AB-FB14-44CE-9E69-DF69ECFF15E1}) (Version: 4.6.10291 - Visioneer Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-144739551-2177794648-3174304158-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Amigo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-144739551-2177794648-3174304158-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-144739551-2177794648-3174304158-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Amigo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-144739551-2177794648-3174304158-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amigo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-144739551-2177794648-3174304158-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Amigo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
23-06-2014 15:55:34 Windows Update
28-06-2014 13:35:10 Windows Update
28-06-2014 14:16:24 Windows Update
14-07-2014 13:45:45 Windows Update
14-07-2014 17:08:41 Windows Update
15-07-2014 19:27:55 Installed TightVNC
21-07-2014 16:12:42 Windows Update
23-07-2014 16:46:02 OTL Restore Point - 7/23/2014 12:46:02 PM
23-07-2014 20:20:20 OTL Restore Point - 7/23/2014 4:20:20 PM
24-07-2014 07:00:10 Windows Update
27-07-2014 17:08:26 Windows Update
31-07-2014 14:20:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-07-23 16:20 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0752B261-E1B7-420D-9DD3-FA5C1231AE8B} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-2 => C:\Program Files (x86)\HQPro-1.9\2a3d5829-f724-43d6-9875-efed2b690d7d-2.exe
Task: {1D22DD03-5172-4D2B-B4F7-0F1FDCE22664} - \Digital Sites No Task File <==== ATTENTION
Task: {1D6B5BE2-B3C1-4662-835B-3D6882C42E3B} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {23EF7A6D-0F02-47D0-BAD7-BFB00B903775} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {4865492C-B6BE-4B83-A652-182E3C7B86BD} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {66A75EC8-6A40-472A-9D47-AF28BE310F03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {6D2C07E8-6EA0-4FF6-8688-13586CC319F9} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-6 => C:\Program Files (x86)\HQPro-1.9\HQPro-1.9-novainstaller.exe
Task: {6E6E6372-8F8C-4E97-A56F-220CDEC596AF} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-03-05] (Lenovo Group Limited)
Task: {6F372C97-6C15-4350-926A-8BB58E5261A2} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {85ABA8F4-931A-49D5-8A0D-B27DD9EC330B} - \ViewPassword_wd No Task File <==== ATTENTION
Task: {98F05962-3EFE-422F-91CB-2FDECEFAE86F} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {A0BB6197-2190-403E-B3AB-A2E6E5E3CC01} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {A162ACF0-D108-4DEE-A96C-D5AC041CD5B9} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-7 => C:\Program Files (x86)\HQPro-1.9\HQPro-1.9-nova.exe
Task: {A3057C52-48E0-4CC0-AC52-EBF25192C35A} - System32\Tasks\realtekHDAudio => c:\program files\realtek\audio\hda\rthdvcpl.exe
Task: {AEB9464B-78FB-420B-B230-706337A99081} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
Task: {C0C23727-3242-41F2-9A96-9F84A84566E2} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-3 => C:\Program Files (x86)\HQPro-1.9\2a3d5829-f724-43d6-9875-efed2b690d7d-3.exe
Task: {C33703B7-52BF-4102-8BB3-F4A4F160B769} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {C9F5DE95-7C4F-487C-B27E-7924C388FE9D} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {D5C646AA-55AE-420E-A625-3F7F07F42508} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-5 => C:\Program Files (x86)\HQPro-1.9\2a3d5829-f724-43d6-9875-efed2b690d7d-5.exe
Task: {D67D3518-A235-4EDC-B812-74499CF0BB6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000UA => C:\Users\Amigo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)
Task: {E369909F-84D0-4B6A-BF38-F765656C68DD} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-11 => C:\Program Files (x86)\HQPro-1.9\2a3d5829-f724-43d6-9875-efed2b690d7d-11.exe
Task: {E919F5BE-B6E2-48D9-BE92-C8A090AE0DF3} - \FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C} No Task File <==== ATTENTION
Task: {ED65BBFB-50C8-4595-8CE8-F4F92B0A82F0} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-1 => C:\Program Files (x86)\HQPro-1.9\HQPro-1.9-codedownloader.exe
Task: {F67C0AB0-C44E-4274-B5BE-D133E05F6B3A} - System32\Tasks\2a3d5829-f724-43d6-9875-efed2b690d7d-4 => C:\Program Files (x86)\HQPro-1.9\2a3d5829-f724-43d6-9875-efed2b690d7d-4.exe
Task: {FFB972F8-50B6-4A4E-AC37-99B1637C6BC4} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000Core1cf95ff5ace2c1.job => C:\Users\Amigo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-144739551-2177794648-3174304158-1000UA.job => C:\Users\Amigo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-06-04 14:19 - 2005-10-30 17:48 - 00077312 _____ () C:\Windows\System32\cpwmon64.dll
2013-01-04 11:11 - 2010-03-31 13:51 - 00407040 _____ () C:\Windows\System32\HPM1210LM.DLL
2013-01-04 11:13 - 2010-03-31 13:51 - 00074240 ____N () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.DLL
2010-05-04 13:47 - 2010-05-04 13:47 - 00137216 ____N () C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
2009-05-28 01:09 - 2009-05-28 01:09 - 00049976 ____N () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2011-07-19 10:46 - 2010-03-03 13:02 - 00029184 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-03-31 18:06 - 2011-03-31 18:06 - 00502352 ____N () C:\Program Files\PC-Doctor\libAsapiCSharp.dll
2011-03-31 18:06 - 2011-03-31 18:06 - 00100944 ____N () C:\Program Files\PC-Doctor\libCSharpCommonCS.dll
2011-03-31 18:06 - 2011-03-31 18:06 - 00018512 ____N () C:\Program Files\PC-Doctor\libGapiCSharp.dll
2011-03-31 18:06 - 2011-03-31 18:06 - 00043600 ____N () C:\Program Files\PC-Doctor\libDataStoreCSharp.dll
2011-03-31 18:06 - 2011-03-31 18:06 - 00088656 ____N () C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll
2011-03-31 18:06 - 2011-03-31 18:06 - 00031824 ____N () C:\Program Files\PC-Doctor\pcdcsharpcommon.dll
2012-09-25 12:52 - 2012-09-25 12:52 - 00082944 _____ () C:\Windows\system32\mvusbews.DLL
2013-05-28 12:46 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-13 15:05 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 15:05 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 15:05 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 15:05 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 15:05 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\Amigo\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-14 09:59 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Amigo\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
2011-11-16 18:35 - 2013-12-30 15:57 - 00025888 _____ () C:\EZBIS\EZRange.DLL
2011-11-16 18:35 - 2013-10-03 14:32 - 00026112 _____ () C:\EZBIS\Doctor.DLL
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 ____N () C:\Windows\SysWOW64\msjetoledb40.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/01/2014 06:28:53 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:53:6970)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:53 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:53:6970)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:53 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:53:6960)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:53 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:53:6950)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:35 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:35:4470)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:35 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:35:4470)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:35 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:35:4460)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:35 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:35:4450)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:35 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:35:4390)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
Error: (08/01/2014 06:28:35 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3984) Asapi: (18:28:35:4380)(3984) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
 
 
System errors:
=============
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (12/31/1999 08:00:00 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2012-09-20 20:49:05.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-08-26 13:40:28.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-08-24 06:21:10.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-25 12:52:03.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-08 21:58:07.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-15 13:16:44.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-12 18:47:39.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-09 19:38:11.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-06 01:52:47.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-03 18:42:27.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 3965.24 MB
Available physical RAM: 2410.72 MB
Total Pagefile: 9910.42 MB
Available Pagefile: 7295.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:202.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: DC5A3D1A)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#13
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

I have been using chrome, but my friend was using Internet Explorer I think when the infection happened.


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello Lisa,

When you get a chance please

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Amigo (administrator) on AMIGO-THINK on 01-08-2014 18:35:16
Running from C:\Users\Amigo\Downloads


Please move Farbar scan to the desktop, Yours is running from the downloads folder, open the downloads folder and drag it to the desktop..


Did you install PCDoctor? I don't see it in the programs list, but it's all over the log file and is causing errors too. I'd like to include it in the fix and get rid of the what appears to be left over PCDoctor files.

Joe
  • 0

#15
Lisa Huffman

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

I didn't install PC doctor.  I am thinking that is part of the infection.  I have moved the FRscan to the desktop.  Did you want me to run another scan?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP