Jump to content

Infected please help! Safesaver ads and popups


Recommended Posts

Hi all,

i got some virus that creates links to advertisements on specific words in my web pages. Also, I've had some virus called Imminent but i have no idea what it is / if i've gotten rid of it. please help! :x

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Chris at 15:37:52 on 2014-01-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.5103 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl_v1 Toolbar: {49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - C:\Program Files (x86)\uTorrentControl_v1\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v1 Toolbar: {49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - C:\Program Files (x86)\uTorrentControl_v1\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
TB: uTorrentControl_v1 Toolbar: {49C795C2-604A-4D18-AEB1-B3EBA27E5EA2} - C:\Program Files (x86)\uTorrentControl_v1\prxtbuTor.dll
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\262716E646569637F5F60756E6 : DHCPNameServer = 129.64.99.205 129.64.100.205
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\37E616B65686960737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\4423E43393 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\7343452374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\74F624573756370225966756273796465602642756560275966496 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~3\intere~1\intere~1.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: NewSaVer: {714AE2F7-3F93-D39B-233D-DF832BC65347} - 
x64-BHO: NetaoiCoupoeN: {86BBCF2A-A280-4F59-65A9-87B97077F52E} - 
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\qzyb7hb9.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\Windows\System32\drivers\fbfmon.sys [2012-8-1 57952]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-18 16152]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-8-1 39008]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 NSD;NSD;C:\Windows\System32\drivers\nsd.sys [2012-8-1 24160]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-8-1 30016]
R1 BPntDrv;BPntDrv;C:\Windows\System32\drivers\BPntDrv.sys [2012-8-1 13408]
R1 Nsdfltr;Nsdfltr;C:\Windows\System32\drivers\Nsdfltr.sys [2012-8-1 59488]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 0c632643;Interenet Optimizer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-8-1 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-8-1 615976]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-8-1 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-29 31088]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-12 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-18 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-18 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 vm331avs;Digital Camera 1;C:\Windows\System32\drivers\vm331avs.sys [2012-8-1 952832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 NSDSvc;Fast boot service of lenovo;C:\Windows\System32\NSDSvc.exe [2012-8-1 120160]
S2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe --> C:\Windows\System32\dmwu.exe [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 ESEADriver2;ESEADriver2;C:\Users\Chris\AppData\Local\Temp\ESEADriver2.sys [2013-8-5 121552]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-26 173656]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-24 25928]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
S4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
S4 CLKMSVC10_3A60B698;CyberLink Product - 2012/08/01 13:09:48;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S4 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-1 13592]
S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-1 161560]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-24 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-24 701512]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-2 120728]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-3 65657]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-1 363800]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
.
=============== Created Last 30 ================
.
2014-01-03 04:16:37 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F09D0F8-BCA3-4E8A-B6B2-AF6C5C2DAAB7}\gapaengine.dll
2014-01-03 04:16:34 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B7E4E97-D8A5-43B2-8E92-5500DECAEF3C}\mpengine.dll
2014-01-03 04:15:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-01-03 04:15:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-01-03 04:13:36 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-12-31 22:21:18 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB95EE7D-F253-45CB-88E8-0537242C78DC}\mpengine.dll
2013-12-31 06:37:14 -------- d-----w- C:\Users\Chris\AppData\Local\Packages
2013-12-31 06:37:14 -------- d-----w- C:\ProgramData\NetaoiCoupoeN
2013-12-31 06:37:14 -------- d-----w- C:\ProgramData\nembdpbcbmjofldclndgelpcjbhoaaje
2013-12-31 06:37:02 -------- d-----w- C:\ProgramData\NewSaVer
2013-12-26 23:24:56 -------- d-----w- C:\ProgramData\Oracle
2013-12-26 23:24:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-26 21:37:03 -------- d-----w- C:\ProgramData\Interenet Optimizer
2013-12-24 02:13:59 -------- d-----w- C:\Users\Chris\SILVER LININGS DVDRIP EDAW2013
2013-12-12 08:16:07 -------- d-----w- C:\Users\Chris\AppData\Local\FluxSoftware
2013-12-12 08:04:02 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:04:02 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:04:01 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:04:00 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 02:29:35 -------- d-----w- C:\Users\Chris\2005 - Life in the Undergrowth
2013-12-11 12:28:31 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 12:28:20 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 12:28:18 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 12:28:18 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 12:28:16 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 12:28:07 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-06 06:50:16 -------- d-----w- C:\Users\Chris\Baraka_1992_DVDrip_Xvid-Ekolb
.
==================== Find3M  ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-19 03:19:36 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 15:38:27.84 ===============
 

attach.txt

Link to post
Share on other sites

Hi and   :welcome:


Please read the following and post back the requested logs.
 
General P2P/Piracy Warning:
 
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 



Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVDexternal drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

 

 

Step 1
 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 2

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Step 3

 

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)


Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

Link to post
Share on other sites

Ok,
 
Select and copy the text inside the CODE. Open Notepad and paste the copied.
 
Then save the desktop with the name of Fixlist.txt
 
 

startHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENNSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENNBHO: NewSaVer - {714AE2F7-3F93-D39B-233D-DF832BC65347} - C:\ProgramData\NewSaVer\DUMlQdk.x64.dll No FileBHO: NetaoiCoupoeN - {86BBCF2A-A280-4F59-65A9-87B97077F52E} - C:\ProgramData\NetaoiCoupoeN\fVKd4t72qG.x64.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONTask: {55B3D7C5-D05D-40EA-B70B-2793B2CA4FA2} - \AmiUpdXp No Task FileTask: {BF83D3F8-355F-4706-8182-C4D933F7987E} - System32\Tasks\Updater21804.exe => C:\Users\Chris\AppData\Local\Updater21804\Updater21804.exe <==== ATTENTIONend

 
Run FRST64 click the  Fix button.
 
Wait and end the Fixlog.txt log will be saved to your desktop.
 
Select, copy and paste the contents of this log in your next reply.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014

Ran by Chris at 2014-01-03 16:30:06 Run:1

Running from C:\Users\Chris\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN

BHO: NewSaVer - {714AE2F7-3F93-D39B-233D-DF832BC65347} - C:\ProgramData\NewSaVer\DUMlQdk.x64.dll No File

BHO: NetaoiCoupoeN - {86BBCF2A-A280-4F59-65A9-87B97077F52E} - C:\ProgramData\NetaoiCoupoeN\fVKd4t72qG.x64.dll No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Task: {55B3D7C5-D05D-40EA-B70B-2793B2CA4FA2} - \AmiUpdXp No Task File

Task: {BF83D3F8-355F-4706-8182-C4D933F7987E} - System32\Tasks\Updater21804.exe => C:\Users\Chris\AppData\Local\Updater21804\Updater21804.exe <==== ATTENTION

end

*****************

 

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.

HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{714AE2F7-3F93-D39B-233D-DF832BC65347} => Key deleted successfully.

HKCR\CLSID\{714AE2F7-3F93-D39B-233D-DF832BC65347} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86BBCF2A-A280-4F59-65A9-87B97077F52E} => Key deleted successfully.

HKCR\CLSID\{86BBCF2A-A280-4F59-65A9-87B97077F52E} => Key deleted successfully.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55B3D7C5-D05D-40EA-B70B-2793B2CA4FA2} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B3D7C5-D05D-40EA-B70B-2793B2CA4FA2} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF83D3F8-355F-4706-8182-C4D933F7987E} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF83D3F8-355F-4706-8182-C4D933F7987E} => Key deleted successfully.

C:\Windows\System32\Tasks\Updater21804.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater21804.exe => Key deleted successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

chris92,


 


Download Zoek (By Smeenk) and save that file to your Desktop.


http://www.hijackthi...220813/zoek.zip


 


Double click zip file and extract to your  Desktop:


 


Select these lines inside CODE, right click on the selection and choose Copy.



autoclean;
emptyclsid;
installedprogs;
emptyfolderscheck;
standardsearch;

Right click on any white part of Zoek and select the paste option.


 


Click the button [Run Script]


 


Wait for the scan. At the end of the report will be generated C: \ zoek-results.txt


 

Copy your content and post in your next response.

 

NOTE1: If Zoek find files that you can not remove, you may have to restart your PC. Do this immediately, when asked whether to restart the PC.

 

NOTE2: This script has been prepared only for this computer, according to the files and keys present.

Link to post
Share on other sites

got it to work!

 

 
Zoek.exe v5.0.0.0 Updated 02-Januari-2014
Tool run by Chris on Fri 01/03/2014 at 19:58:17.28.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Chris\Desktop\zoek\zoek.com    [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
1/3/2014 8:01:10 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Barnes & Noble
C:\PROGRA~2\Pando Networks
C:\Program Files\ESEA
C:\Program Files\Google
C:\ProgramData\AVAST Software
C:\ProgramData\Oracle
C:\Users\Chris\AppData\Local\Apps
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3463020229-888863118-3733327912-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-3463020229-888863118-3733327912-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-3463020229-888863118-3733327912-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C6C700-2184-57AE-324E-C602AB2F2C7B} deleted successfully
HKEY_USERS\S-1-5-21-3463020229-888863118-3733327912-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C6C700-2184-57AE-324E-C602AB2F2C7B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11C6C700-2184-57AE-324E-C602AB2F2C7B} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
æTorrent  
64 Bit HP CIO Components Installer  
Adobe Flash Player 11 ActiveX  
Adobe Flash Player 11 Plugin  
Adobe Reader X (10.1.1)  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Bonjour  
BPM Counter 1.6.0.0  
BufferChm  
C4700  
CambridgeSoft Activation Client  
CambridgeSoft BioAssay 12.0  
CambridgeSoft ChemBioOffice Ultra 2010  
CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0  
CambridgeSoft ChemScript 12.0  
CambridgeSoft Desktop Inventory 12.0  
CambridgeSoft ENotebook 12.02  
CCleaner  
Counter-Strike: Global Offensive - SDK  
Counter-Strike: Global Offensive  
Counter-Strike: Source  
Counter-Strike: Source Beta  
D3DX10  
Destinations  
DeviceDiscovery  
Dota 2  
Electric Sheep 2.7b34c  
Energy Management  
eReg  
f.lux  
Facebook Video Calling 1.2.0.287  
FL Studio 10  
foobar2000 v1.1.18  
Google Chrome  
Google Talk Plugin  
Google Update Helper  
GPBaseService2  
Heroes of Newerth  
HP Imaging Device Functions 14.0  
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6  
HP Solution Center 14.0  
HPPhotoGadget  
HPProductAssistant  
IL Shared Libraries  
Intel PROSet Wireless  
Intel® Control Center  
Intel® Management Engine Components  
Intel® OpenCL CPU Runtime  
Intel® Processor Graphics  
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed  
Intel® Rapid Storage Technology  
Intel® USB 3.0 eXtensible Host Controller Driver  
Intel® WiDi  
Intel® Wireless Display  
Intel® Wireless Music device driver  
Intelligent Touchpad  
Intelr PROSet/Wireless WiFi Software  
Intelr Trusted Connect Service Client  
Interenet Optimizer  
iTunes  
Java 7 Update 45  
Java Auto Updater  
JMicron Flash Media Controller Driver  
Junk Mail filter update  
K-Lite Codec Pack 9.4.0 (Full)  
League of Legends  
Left 4 Dead 2  
Lenovo Bluetooth with Enhanced Data Rate Software  
Lenovo EasyCamera  
Lenovo EE Boot Optimizer  
Lenovo OneKey Recovery  
Lenovo PowerDVD10  
Lenovo Registration  
Lenovo Welcome  
Lenovo YouCam  
LockKey  
Logitech SetPoint 6.52  
Logitech Unifying Software 2.10  
Malwarebytes Anti-Malware version 1.75.0.1300  
Mesh Runtime  
MestReNova LITE 5.2.5-5780  
Microsoft .NET Framework 4 Client Profile  
Microsoft .NET Framework 4 Extended  
Microsoft Application Error Reporting  
Microsoft Office 2010  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft SQL Server 2005  
Microsoft SQL Server 2005 (CSSQL05)  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft SQL Server 2005 Tools  
Microsoft SQL Server Native Client  
Microsoft SQL Server Setup Support Files (English)  
Microsoft SQL Server VSS Writer  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
MilkDrop for Winamp 2x (remove only)  
MotoCast  
Motorola Device Manager  
Motorola Device Software Update  
MOTOROLA MEDIA LINK  
Motorola Mobile Drivers Installation 5.9.0  
Mozilla Firefox 22.0 (x86 en-US)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT_amd64  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MSXML 4.0 SP3 Parser  
MSXML 4.0 SP3 Parser (KB2721691)  
MSXML 4.0 SP3 Parser (KB2758694)  
Mumble 1.2.4  
Native Instruments Traktor 2  
Network64  
Nsd  
NVIDIA Control Panel 295.93  
NVIDIA Graphics Driver 295.93  
NVIDIA Install Application  
NVIDIA Optimus 1.7.12  
NVIDIA PhysX  
NVIDIA PhysX System Software 9.11.1111  
NVIDIA Update 1.7.12  
NVIDIA Update Components  
Onekey Theater  
OpenOffice.org 3.4.1  
Pioneer DDJ Driver  
Power2Go  
PS_AIO_06_C4700_SW_Min  
Python 2.5  
QuickTransfer  
Realtek High Definition Audio Driver  
Scan  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)  
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)  
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)  
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)  
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)  
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)  
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)  
SkypeT 5.10  
SolutionCenter  
StarCraft II  
STATISTICA 8.0.725.0 CS  
STATISTICA CambridgeSoft Integration  
STATNOVAPDF (novaPDF Professional Server 5.4  printer)  
Status  
Steam  
SugarSync Manager  
SUPERAntiSpyware  
Synaptics Pointing Device Driver  
Toolbox  
TrayApp  
Unity Web Player  
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)  
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)  
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)  
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)  
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)  
Update for Microsoft .NET Framework 4 Extended (KB2468871)  
Update for Microsoft .NET Framework 4 Extended (KB2533523)  
Update for Microsoft .NET Framework 4 Extended (KB2600217)  
Update for Microsoft .NET Framework 4 Extended (KB2836939)  
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)  
UserGuide  
Ventrilo Client for Windows x64  
VeriFace  
WebReg  
Winamp  
Winamp Detector Plug-in  
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Mail  
Windows Live Mesh  
Windows Live Mesh ActiveX Control for Remote Connections  
Windows Live Messenger  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live Remote Client  
Windows Live Remote Client Resources  
Windows Live Remote Service  
Windows Live Remote Service Resources  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
WinRAR 4.20 (32-bit)  
 
==== Running Processes ======================
 
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\qzyb7hb9.default
 
user.js not found
---- Lines iminent modified from prefs.js ----
 
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{F003DA68-8256-4b37-A6C4-350FA04494DF}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20140103_0812_.backup
 
==== Deleting Files \ Folders ======================
 
"C:\Windows\Installer\1c78bc.msi" not found
C:\Users\Chris\AppData\LocalLow\{714AE2F7-3F93-D39B-233D-DF832BC65347} deleted
C:\Users\Chris\AppData\LocalLow\{86BBCF2A-A280-4F59-65A9-87B97077F52E} deleted
C:\Users\Chris\AppData\Local\Packages\windows_ie_ac_001\AC\{714AE2F7-3F93-D39B-233D-DF832BC65347} deleted
C:\Users\Chris\AppData\Local\Packages\windows_ie_ac_001\AC\{86BBCF2A-A280-4F59-65A9-87B97077F52E} deleted
C:\ProgramData\NewSaVer deleted
C:\PROGRA~2\Ss.Helper deleted
C:\Users\Chris\AppData\Roaming\Mestrelab Research S.L deleted
C:\ProgramData\InstallMate deleted
C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE} deleted
C:\Users\Chris\Downloads\wssetup.exe deleted
C:\Users\Chris\Downloads\HDvideo-v4.exe deleted
C:\Users\Chris\Downloads\firstrowsportapp_setup(31).exe deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\qzyb7hb9.default\jetpack deleted
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8095 MB
CPU Info: Intel® Core i7-3610QM CPU @ 2.30GHz
CPU Speed: 2328.5 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | NVIDIA GeForce GTX 660M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel® Centrino® Wireless-N 2200 | Bluetooth Device (Personal Area Network)
CD / DVD Drives: 1x (F: | ) F: HL-DT-STBD-RE BT20N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  420.6GB | D:  25.5GB
Hard Disks - Free: C:  129.8GB | D:  21.7GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 06/26/12 | LENOVO - 1
Time Zone: Eastern Standard Time
Motherboard *: LENOVO Product Name
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 31.0.1650.63
Internet Explorer Version: 11.0.9600.16476 
Mozilla Firefox version: 22.0 (x86 en-US)
Google Chrome version: 31.0.1650.63
Adobe Reader version: 10.1.1.33
Sun Java version: 1.7.0_45 (32-bit) 
Flash Player version: 11.4.402.265
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2014-01-03 04:15:43 2A66E81AE941E54A237490FC35D387C8 1945 ----a-w- C:\Windows\epplauncher.mif
====== C:\Users\Chris\AppData\Local\Temp ====
2014-01-03 20:56:05 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
2013-12-26 23:25:35 95EA7CF71EA8677F77F3F064CC857311 79 ----a-w- C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\6b0e2e95-6.0.lap
2013-12-26 23:43:07 C3DA2B97E8125C9CBB457AD2FBDC94AF 79 ----a-w- C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7a647b5a-6.0.lap
2013-12-26 23:43:07 1AD25858B8B7E37BD4B23937225B1819 33717 ----a-w- C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\2b99d735-463c4b3f
2013-12-26 23:25:35 1AD25858B8B7E37BD4B23937225B1819 33717 ----a-w- C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\44d9da79-40b3cff1
====== C:\Windows\SysWOW64 =====
2013-12-26 23:24:47 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe
2013-12-26 23:24:43 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe
2013-12-26 23:24:43 9B0B14B405E0EDF76B5F5E31A49EB753 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-26 23:24:43 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\Windows\SysWOW64\java.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-12-11 12:27:45 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys
2013-12-11 12:27:45 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
====== C:\Windows\Tasks ======
2014-01-04 00:57:17 3A3A7D090B6006558B6C1DC388FA91D8 3120 ----a-w- C:\Windows\Sysnative\Tasks\{2D00FEC8-BCB4-40DF-B9D5-D0B256D2E040}
2014-01-04 00:55:27 CB633AAC33D9ABD33A6536D1D4009F65 3128 ----a-w- C:\Windows\Sysnative\Tasks\{02C661CB-7B64-42D7-8746-48EA39748B1E}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-12-26 23:24:53 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Chris\AppData\Roaming ======
2013-12-31 06:37:14 -------- d-----w- C:\Users\Chris\AppData\Local\Packages
2013-12-13 07:08:25 -------- d-----w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-12-12 08:16:07 -------- d-----w- C:\Users\Chris\AppData\Local\FluxSoftware
====== C:\Users\Chris ======
2014-01-04 00:58:38 9B6158521550B55E691851CD764CAE06 1281024 ----a-w- C:\Users\Chris\Desktop\Z-Analyse.exe
2014-01-03 21:04:55 10B8C307F1FD9DB5C638C1557B49064A 1931750 ----a-w- C:\Users\Chris\Desktop\FRST64.exe
2014-01-03 20:54:39 5C2217C2FCA1F87DDD4FAB6C65BC7142 1036305 ----a-w- C:\Users\Chris\Desktop\JRT.exe
2014-01-03 20:54:19 5C2217C2FCA1F87DDD4FAB6C65BC7142 1036305 ----a-w- C:\Users\Chris\Downloads\JRT.exe
2014-01-03 20:49:43 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Chris\Downloads\AdwCleaner (1).exe
2014-01-03 20:49:23 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Chris\Desktop\AdwCleaner.exe
2014-01-03 04:26:50 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Chris\Downloads\dds (2).com
2014-01-03 04:26:42 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Chris\Downloads\dds (1).com
2014-01-03 04:26:13 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Chris\Downloads\dds.com
2014-01-03 04:11:30 D2F12B426A7DC6848AD91ADE1FAB2B52 13670584 ----a-w- C:\Users\Chris\Downloads\mseinstall.exe
2013-12-31 06:37:14 -------- d-----w- C:\ProgramData\nembdpbcbmjofldclndgelpcjbhoaaje
2013-12-26 23:24:56 -------- d-----w- C:\ProgramData\Oracle
2013-12-26 23:24:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2013-12-26 23:23:12 15D87D5EAD5FA2C59640FD55A69C2370 915368 ----a-w- C:\Users\Chris\Downloads\chromeinstall-7u45.exe
2013-12-26 23:03:50 1D11461768C1B908367DBC2682530F1A 398408 ----a-w- C:\Users\Chris\Downloads\VzSpeedOptimizer100.exe
2013-12-26 21:37:03 -------- d-----w- C:\ProgramData\Interenet Optimizer
2013-12-24 02:13:59 -------- d-----w- C:\Users\Chris\SILVER LININGS DVDRIP EDAW2013
2013-12-12 02:29:35 -------- d-----w- C:\Users\Chris\2005 - Life in the Undergrowth
2013-12-06 06:50:16 -------- d-----w- C:\Users\Chris\Baraka_1992_DVDrip_Xvid-Ekolb
 
====== C: exe-files ==
2014-01-04 00:58:38 9B6158521550B55E691851CD764CAE06 1281024 ----a-w- C:\Users\Chris\Desktop\Z-Analyse.exe
2014-01-04 00:42:09 389BE27DCE1D5E8F4AC509FC8B241B06 257448 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
2014-01-04 00:42:07 0943C18D979E2179292EE66AEDE34613 108032 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\vtex.exe
2014-01-04 00:39:27 87B25B7EFF3B360B7BB0F8C3AA6E5AD0 735744 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\dmxconvert.exe
2014-01-04 00:39:27 78D2AA722C8E35CB64CCD53247B50711 8506880 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\studiomdl.exe
2014-01-04 00:39:27 05E896BABBBC0211801EC1E397E5C7F0 2757632 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\hlmv.exe
2014-01-03 21:30:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKHI6A0M\FRST64[1].exe
2014-01-03 21:04:55 10B8C307F1FD9DB5C638C1557B49064A 1931750 ----a-w- C:\Users\Chris\Desktop\FRST64.exe
2014-01-03 20:56:05 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-03 20:54:39 5C2217C2FCA1F87DDD4FAB6C65BC7142 1036305 ----a-w- C:\Users\Chris\Desktop\JRT.exe
2014-01-03 20:54:19 5C2217C2FCA1F87DDD4FAB6C65BC7142 1036305 ----a-w- C:\Users\Chris\Downloads\JRT.exe
2014-01-03 20:49:43 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Chris\Downloads\AdwCleaner (1).exe
2014-01-03 20:49:23 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Chris\Desktop\AdwCleaner.exe
2014-01-03 04:11:30 D2F12B426A7DC6848AD91ADE1FAB2B52 13670584 ----a-w- C:\Users\Chris\Downloads\mseinstall.exe
2014-01-03 03:53:37 AD2EF8CAB44C1CF813260A5E65246DF9 597224 ----a-w- C:\Users\Chris\AppData\Local\FluxSoftware\Flux\update\setup.exe
=== C: other files ==
2014-01-04 00:58:27 D65D7A925A54FF9AF153C127354B212D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3463020229-888863118-3733327912-1001\$I91WG5N.com
2014-01-04 00:56:39 B91204079A3E9D4C3B7A9E5E2C6F76E2 1409177 ----a-w- C:\$Recycle.Bin\S-1-5-21-3463020229-888863118-3733327912-1001\$R91WG5N.com
2014-01-04 00:56:01 42142D1488F3429CAF525FF49404D22D 2545620 ----a-w- C:\Users\Chris\Downloads\Z-Analyse.zip
2014-01-04 00:54:05 996654D0B884ED2C05D47AD1DD9CB355 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3463020229-888863118-3733327912-1001\$I56N1E7.com
2014-01-03 20:56:06 5AE02A64902F01126AAB2E5020357BD2 159 ----a-w- C:\Users\Chris\AppData\Local\Temp\uac.vbs
2014-01-03 20:56:04 DABF8DE82A47FA9BD95CCD37FA2A2B41 10261 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\JRT.bat
2014-01-03 20:56:04 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\modules.bat
2014-01-03 20:56:04 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\chrome.bat
2014-01-03 20:56:04 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\firefox.bat
2014-01-03 20:56:04 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\FWPolicy.bat
2014-01-03 20:56:04 B7D46D5BC21F69EFEEFFC15060E423AC 154167 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\misc.bat
2014-01-03 20:56:04 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\ask.bat
2014-01-03 20:56:04 A6CC6D343828E5003C52323B20F0F8D8 16063 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\get.bat
2014-01-03 20:56:04 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\ev_clear.bat
2014-01-03 20:56:04 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\iexplore.bat
2014-01-03 20:56:04 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\runvalues.bat
2014-01-03 20:56:04 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\delorphans.bat
2014-01-03 20:56:04 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\prelim.bat
2014-01-03 20:56:04 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\searchlnk.bat
2014-01-03 20:56:04 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\TDL4.bat
2014-01-03 20:56:04 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\medfos.bat
2014-01-03 20:56:04 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Chris\AppData\Local\Temp\jrt\delfolders.bat
2014-01-03 04:27:08 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\$Recycle.Bin\S-1-5-21-3463020229-888863118-3733327912-1001\$R56N1E7.com
2014-01-03 04:26:50 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Chris\Downloads\dds (2).com
2014-01-03 04:26:42 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Chris\Downloads\dds (1).com
2014-01-03 04:26:13 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Chris\Downloads\dds.com
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-3463020229-888863118-3733327912-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-3463020229-888863118-3733327912-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-21-3463020229-888863118-3733327912-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll c:\\progra~3\\intere~1\\intere~1.dll"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll C:\\PROGRA~3\\INTERE~1\\INTERE~2.DLL"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\331BigDog]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="331BigDog"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\USB Camera\\VM331_STI.EXE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BDRegion"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Cyberlink\\Shared files\\brs.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Energy Management]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Energy Management"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Lenovo\\Energy Management\\Energy Management.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EnergyUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EnergyUtility"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Lenovo\\Energy Management\\Utility.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EvtMgr6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EvtMgr6"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\SetPointP\\SetPoint.exe /launchGaming"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F.lux]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="f.lux"
"hkey"="HKCU"
"command"="\"C:\\Users\\Chris\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Chris\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Chris\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAStorIcon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Intel\\Intel® Rapid Storage Technology\\IAStorIcon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iminent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Iminent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Iminent\\Iminent.exe /warmup \"F77F87E5-A6BD-4922-A530-EDF63D7E9F8C\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IminentMessenger"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Iminent\\Iminent.Messengers.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lenovo EE Boot Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lenovo EE Boot Optimizer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Lenovo\\Boot Optimizer\\PopWnd.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lenovo Registration]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lenovo Registration"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Lenovo Registration\\LenovoReg.exe /boot"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LockKey]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LockKey"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\LockKey\\LockKey.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logitech Download Assistant"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\System32\\LogiLDA.dll,LogiFetch"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Media Finder"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Media Finder\\Media Finder.exe\" /opentotray"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MotoCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotoCast"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Motorola Mobility\\MotoCast\\MotoLauncher.lnk\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OnekeyStudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OnekeyStudio"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Lenovo\\Onekey Theater\\OnekeyStudio.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl10"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Lenovo\\PowerDVD10\\PDVD10Serv.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RESTART_STICKY_NOTES]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RESTART_STICKY_NOTES"
"hkey"="HKCU"
"command"="C:\\Windows\\System32\\StikyNot.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_Dolby]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVBg_Dolby"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4 "
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynLenovoGestureMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynLenovoGestureMgr"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Synaptics\\SynTP\\SynLenovoGestureMgr.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateP2GShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Lenovo\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Lenovo\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\5.0\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePRCShortCut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdatePRCShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lenovo\\OneKey App\\OneKey Recovery\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\Lenovo\\OneKey App\\OneKey Recovery\" UpdateWithCreateOnce \"Software\\Lenovo\\OneKey App\\OneKey Recovery\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="USB3MON"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Intel\\Intel® USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VeriFaceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VeriFaceManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Lenovo\\VeriFace\\PManage.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinampAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Mirage]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YouCam Mirage"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Lenovo\\YouCam\\YCMMirage.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Tray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YouCam Tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Lenovo\\YouCam\\YouCam.exe\" /s"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"item"="Bluetooth"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\Lenovo\\BLUETO~1\\BTTray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SafeConnect.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SafeConnect.lnk"
"backup"="C:\\Windows\\pss\\SafeConnect.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\SAFECO~1\\scClient.exe "
"item"="SafeConnect"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
"item"="OpenOffice.org 3.4.1"
"path"="C:\\Users\\Chris\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.1.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.1.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\!SASCORE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMPPALR3]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BTHSSecurityMgr]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\btwdins]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CLKMSVC10_3A60B698]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DeviceMonitorService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EvtEng]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® Capability Licensing Service Interface]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LBTServ]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Motorola Device Manager]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MyWiFiDHCPDNS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PST Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RegSrvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SCManager]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ZeroConfigService]
 
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/24/2013 03:46 AM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001Core.job --a------ C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/21/2012 10:32 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001UA.job --a------ C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/21/2012 10:32 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/01/2012 03:09 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/01/2012 03:09 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001Core.job --a------ C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [08/22/2012 04:00 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001UA.job --a------ C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [08/22/2012 04:00 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001Core" [C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001UA" [C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001Core" [C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3463020229-888863118-3733327912-1001UA" [C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\MotoCast Update" ["C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Engine" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Initial Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\OFFICE2010ACT" [C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [03/15/2013 04:48 AM]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\qzyb7hb9.default
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
71B61A08992B0F895288CAAB2B43E3F7 - C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
2ED65CF5725FCD0DFD40F87782AE37D5 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll - Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
 
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[02/20/2013 08:59 PM]
koijgmjpckepioihnahbajckibehhlnj - C:\ProgramData\ADDICT-THING\koijgmjpckepioihnahbajckibehhlnj.crx[]
 
Google Docs - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
NewSaVer - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmaalfandgphfemnhcpbcokbkdlpccf
Logitech SetPoint - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
AdBlock - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Reddit Enhancement Suite - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Google Wallet - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
==== Chrome Fix ======================
 
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmaalfandgphfemnhcpbcokbkdlpccf deleted successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfmaalfandgphfemnhcpbcokbkdlpccf_0.localstorage deleted successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfmaalfandgphfemnhcpbcokbkdlpccf_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{48E539D9-41D9-18CF-9B1C-592967BCCEE8} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EFBF141F-1535-AE1D-D1DE-92A36E3838CF} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39CF693D-5270-8762-FA39-21C07435D233} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CF20B5F-E8CB-CCE3-29DE-E96FE6963346} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{998171D6-889F-B7A3-5F1D-D12B9F9749DA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\koijgmjpckepioihnahbajckibehhlnj deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES deleted successfully
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3463020229-888863118-3733327912-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3463020229-888863118-3733327912-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll c:\progra~3\intere~1\intere~1.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Fast boot service of lenovo (NSDSvc) - Unknown owner - C:\Windows\System32\NSDSvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Chris\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\qzyb7hb9.default\Cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=54 folders=25 10319740 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Chris\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Chris\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Fri 01/03/2014 at 20:22:57.44 ======================
 
Link to post
Share on other sites

Ok,

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and selectRun as Administrator from the context menu.

  • Please go here to run the scan.

    Quote

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

is this the correct text? i wasnt able to find a log in that folder

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\DownloaiD keepeR\Yq.dll.vir a variant of Win32/AdWare.MultiPlug.N application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DownloaiD keepeR\Yq.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Downoloaad ekeePPer\kTx1.dll.vir a variant of Win32/AdWare.MultiPlug.N application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Downoloaad ekeePPer\kTx1.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v1\ldrtbuTor.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v1\prxtbuTor.dll.vir Win32/Toolbar.Conduit.O application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v1\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v1\uTorrentControl_v1ToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\Conduit\CT3220467\uTorrentControl_v1AutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\uTorrentControl_v1\ldrtbuTo0.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\uTorrentControl_v1\ldrtbuTo2.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\uTorrentControl_v1\ldrtbuTor.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\uTorrentControl_v1\tbuTo0.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\uTorrentControl_v1\tbuTo2.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\uTorrentControl_v1\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\uTorrentControl_v1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A application cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/InstalleRex.L application cleaned by deleting - quarantined
C:\Users\Chris\Downloads\cbsidlm-tr1_10a-HitmanPro_3_32bit-SEO-10895604 (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Chris\Downloads\cbsidlm-tr1_10a-HitmanPro_3_32bit-SEO-10895604.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Chris\Downloads\cbsidlm-tr1_10a-HitmanPro_3_64bit-SEO-75110395.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Chris\Downloads\cbsidlm-tr1_8-Active_WebCam-SEO2-10064509.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined
C:\Users\Chris\Downloads\FL Studio 10\Setup\flstudio.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\zoek_backup\C_Users_Chris_Downloads_wssetup.exe.vir Win32/InstallMonetizer.AF application cleaned by deleting - quarantined
Link to post
Share on other sites

Definitely still have safesaver thing because i see their ads on my web pages. :x 

Thanks for helping me out thus far.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Chris at 13:49:00 on 2014-01-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.4050 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\262716E646569637F5F60756E6 : DHCPNameServer = 129.64.99.205 129.64.100.205
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\37E616B65686960737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\4423E43393 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\7343452374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E397E25-6654-4443-9571-C85812A077DC}\74F624573756370225966756273796465602642756560275966496 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~3\intere~1\intere~1.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\qzyb7hb9.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\Windows\System32\drivers\fbfmon.sys [2012-8-1 57952]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-18 16152]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-8-1 39008]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 NSD;NSD;C:\Windows\System32\drivers\nsd.sys [2012-8-1 24160]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-8-1 30016]
R1 BPntDrv;BPntDrv;C:\Windows\System32\drivers\BPntDrv.sys [2012-8-1 13408]
R1 Nsdfltr;Nsdfltr;C:\Windows\System32\drivers\Nsdfltr.sys [2012-8-1 59488]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 0c632643;Interenet Optimizer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-8-1 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-8-1 615976]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-8-1 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-29 31088]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-12 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-18 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-18 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 vm331avs;Digital Camera 1;C:\Windows\System32\drivers\vm331avs.sys [2012-8-1 952832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 NSDSvc;Fast boot service of lenovo;C:\Windows\System32\NSDSvc.exe [2012-8-1 120160]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-26 173656]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-24 25928]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
S4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
S4 CLKMSVC10_3A60B698;CyberLink Product - 2012/08/01 13:09:48;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S4 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-1 13592]
S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-1 161560]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-24 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-24 701512]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-2 120728]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-3 65657]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-1 363800]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
.
=============== Created Last 30 ================
.
2014-01-06 06:43:56 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64B30C2E-76C5-451B-81B5-B2C6EC1999F5}\mpengine.dll
2014-01-05 04:35:45 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-04 17:55:05 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-04 01:23:15 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-04 01:20:14 24064 ----a-w- C:\Windows\zoek-delete.exe
2014-01-04 01:20:14 -------- d-----w- C:\Users\Chris\AppData\Local\Temp
2014-01-04 00:49:41 -------- d-----w- C:\zoek_backup
2014-01-03 21:05:08 -------- d-----w- C:\FRST
2014-01-03 20:56:15 -------- d-----w- C:\Windows\ERUNT
2014-01-03 20:49:31 -------- d-----w- C:\AdwCleaner
2014-01-03 04:16:37 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F09D0F8-BCA3-4E8A-B6B2-AF6C5C2DAAB7}\gapaengine.dll
2014-01-03 04:15:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-01-03 04:15:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-01-03 04:13:36 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-12-31 22:21:18 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB95EE7D-F253-45CB-88E8-0537242C78DC}\mpengine.dll
2013-12-31 06:37:14 -------- d-----w- C:\Users\Chris\AppData\Local\Packages
2013-12-31 06:37:14 -------- d-----w- C:\ProgramData\nembdpbcbmjofldclndgelpcjbhoaaje
2013-12-26 23:24:56 -------- d-----w- C:\ProgramData\Oracle
2013-12-26 23:24:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-26 21:37:03 -------- d-----w- C:\ProgramData\Interenet Optimizer
2013-12-24 02:13:59 -------- d-----w- C:\Users\Chris\SILVER LININGS DVDRIP EDAW2013
2013-12-12 08:16:07 -------- d-----w- C:\Users\Chris\AppData\Local\FluxSoftware
2013-12-12 08:04:02 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:04:02 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:04:01 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:04:00 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 02:29:35 -------- d-----w- C:\Users\Chris\2005 - Life in the Undergrowth
2013-12-11 12:28:31 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 12:28:20 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 12:28:18 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 12:28:18 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 12:28:16 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 12:28:07 81408 ----a-w- C:\Windows\System32\imagehlp.dll
.
==================== Find3M  ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-19 03:19:36 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 13:49:20.52 ===============
 

Attach2.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.