Page 5 of 6 FirstFirst 123456 LastLast
Results 41 to 50 of 56

Thread: 1) Slow computer, error messages

  1. #41
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Topic reopened.

    Please tell me whats happening on the computer now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #42
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default

    Computer sometimes is extremely slow. Here is the FRST log:

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    (Lenovo.) C:\Windows\System32\ibmpmsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    (Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
    (AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
    () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
    (AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\XmppAuth.exe
    (Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Lenovo.) C:\Windows\System32\TpShocks.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    (Lenovo) C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
    (Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
    (AVG Technologies, Inc.) C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    (SAMSUNG Electornics Co., Ltd.) C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    (AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    (Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
    () C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2009-11-27] (Lenovo.)
    HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
    HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
    HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [ACWLIcon] => C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe [181608 2009-11-26] (Lenovo)
    HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [435560 2009-11-26] (Lenovo)
    HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
    HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM\...\Run: [AVG CloudCare] => C:\Program Files\AVG\CloudCare\AvgTrayApp.exe [108312 2014-11-03] (AVG Technologies, Inc.)
    HKLM\...\Run: [racontrol] => C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1403360 2014-08-14] (AVG Technologies, Inc.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
    HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: D - D:\setup.exe
    HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {06113c30-fef8-11e3-8c7b-78dd08b37ded} - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\MountPoints2: {cd33b098-e596-11e2-9fb9-00262dfc1d87} - E:\VZW_Software_upgrade_assistant.exe
    IFEO\isuspm.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    IFEO\natspeak.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
    Lsa: [Notification Packages] scecli ACGina
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
    ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
    Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
    HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
    SearchScopes: HKLM -> {5C8E242B-D9CA-487E-BCF8-56FAB52B4D3A} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://10.0.0.26:85/HiDvrOcx.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\v9mtrg9w.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2701720504-2077786656-4262629455-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Bruce\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27]

    Chrome:
    =======
    CHR HomePage: Default -> CF2A1B5DAB7B5315E55715EF8EC5133FC9F72ED56902A51959CDB1A61A4E382D
    CHR StartupUrls: Default -> "https://search.yahoo.com/?type=523482&fr=yo-yhp-ch"
    CHR DefaultSearchKeyword: Default -> yahoo.com Search
    CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
    CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
    CHR Plugin: (Skype Toolbars) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Skype Click to Call) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-08]
    CHR Extension: (Google Wallet) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-07]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2009-11-26] (Lenovo)
    R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [255336 2009-11-26] (Lenovo)
    R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [948736 2011-08-08] (Intel Corporation)
    R2 AvgApiWrapper; C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe [152856 2014-11-03] (AVG Technologies, Inc.)
    R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
    R2 AvgRemote; C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe [54752 2014-08-28] (AVG Technologies, Inc.)
    R2 AvgUpgrade; C:\Program Files\AVG\CloudCare\AvgUpgrade.exe [78616 2014-11-03] (AVG Technologies, Inc.)
    R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
    R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [102672 2011-06-03] (Intel(R) Corporation)
    R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
    R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
    R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-07-27] (Lenovo Group Limited)
    R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
    S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-01-31] (Intuit) [File not signed]
    S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
    R2 raserver; C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe [1403360 2014-08-14] (AVG Technologies, Inc.)
    R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
    S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
    S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
    R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35640 2014-07-14] (AVG)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
    R2 XmppAuth; C:\Program Files\AVG\CloudCare\XmppAuth.exe [285976 2014-11-03] (AVG Technologies, Inc.)
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
    S4 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2012-12-17] (Oak Technology Inc.) [File not signed]
    R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
    S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-27] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-09-18] (TuneUp Software)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
    S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-27 08:41 - 2015-01-27 08:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-25 22:19 - 2015-01-25 22:19 - 00569960 _____ (TODO: <Company name>) C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe
    2015-01-21 19:03 - 2015-01-21 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG CloudCare
    2015-01-21 19:03 - 2015-01-21 19:03 - 00000000 ____D () C:\Program Files\Common Files\Windows Microsoft Shared
    2015-01-19 13:10 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-01-19 09:34 - 2015-01-28 08:12 - 00000000 ____D () C:\Users\Bruce\Desktop\FRST-OlderVersion
    2015-01-17 16:04 - 2015-01-17 16:04 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(3).exe
    2015-01-16 20:56 - 2015-01-16 20:56 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-01-16 19:27 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-01-16 19:27 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-01-16 19:27 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-01-16 19:27 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-01-16 19:27 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-01-16 19:18 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-16 19:18 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-16 19:18 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-01-16 19:18 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-01-16 19:18 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-01-16 19:18 - 2014-11-21 18:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-01-16 19:18 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-01-16 19:18 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-01-16 19:18 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-01-16 19:18 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-01-16 19:18 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-01-16 19:18 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-01-16 19:18 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-01-16 19:18 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-01-16 19:18 - 2014-11-21 17:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-01-16 19:18 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-01-16 19:18 - 2014-11-21 17:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-01-16 19:18 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-01-16 19:18 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-01-16 19:18 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-01-16 19:18 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-01-16 19:18 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-01-16 19:18 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-01-16 19:18 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-01-16 19:18 - 2014-11-21 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-01-16 19:18 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-01-16 19:18 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-01-16 19:18 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-01-16 19:18 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-01-16 19:18 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-01-16 19:18 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-01-16 19:18 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-01-16 19:18 - 2014-10-13 17:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-01-16 19:18 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-01-16 19:18 - 2014-10-13 17:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-01-16 19:18 - 2014-10-13 17:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-01-16 19:18 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-01-16 19:18 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-01-16 19:18 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-01-16 19:18 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2015-01-16 19:18 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-01-16 19:18 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2015-01-16 19:18 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2015-01-16 19:18 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-01-16 19:18 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-01-16 19:18 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-01-16 19:18 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-01-16 19:18 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-01-16 19:18 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-01-16 19:17 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-16 19:17 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-16 19:17 - 2014-12-11 09:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-16 19:17 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-16 19:17 - 2014-12-03 20:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-01-16 19:17 - 2014-12-03 20:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-01-16 19:17 - 2014-12-03 20:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-01-16 19:17 - 2014-12-03 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-01-16 19:17 - 2014-12-03 20:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-01-16 19:17 - 2014-12-03 20:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-01-16 19:17 - 2014-12-03 20:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-01-16 19:17 - 2014-12-01 15:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-01-16 19:17 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-01-16 19:17 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-01-16 19:17 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-01-16 19:17 - 2014-11-10 17:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-01-16 19:17 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-01-16 19:17 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2015-01-16 19:17 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-01-16 19:17 - 2014-10-09 16:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-01-16 19:17 - 2014-10-02 17:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-16 19:17 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-16 19:17 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-16 19:17 - 2014-10-02 17:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-16 19:17 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-16 19:17 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-01-16 19:17 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-01-16 19:17 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2015-01-16 18:44 - 2012-05-30 13:30 - 00471360 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
    2015-01-16 18:01 - 2015-01-16 18:01 - 00347816 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\MicrosoftFixit.wu.RNP.Run.exe
    2015-01-16 15:25 - 2015-01-16 15:25 - 00000000 ____D () C:\MoTemp
    2015-01-16 14:35 - 2015-01-16 14:35 - 00000000 ____D () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio
    2015-01-16 14:33 - 2015-01-16 14:34 - 07876439 _____ () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio.zip
    2015-01-16 14:17 - 2015-01-16 14:17 - 00003288 _____ () C:\bootsqm.dat
    2015-01-16 13:16 - 2015-01-16 13:16 - 01346048 _____ (Indigo Rose Corporation) C:\Users\Bruce\Desktop\uninstall.exe
    2015-01-16 13:16 - 2015-01-16 13:16 - 00325960 _____ () C:\Users\Bruce\Desktop\lua5.1.dll
    2015-01-16 13:16 - 2015-01-16 13:16 - 00001386 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\Uninstall
    2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\repairs_info
    2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\files
    2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\Users\Bruce\Desktop\color_presets
    2015-01-16 13:16 - 2015-01-16 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-16 13:14 - 2015-01-16 13:15 - 09817304 _____ () C:\Users\Bruce\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2015-01-16 13:07 - 2015-01-16 13:07 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(2).exe
    2015-01-16 09:42 - 2015-01-16 09:43 - 00002241 _____ () C:\Users\Bruce\Desktop\FSS.txt
    2015-01-16 09:11 - 2015-01-16 09:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2015-01-16 08:52 - 2015-01-16 08:53 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bruce\Desktop\tdsskiller.exe
    2015-01-16 08:52 - 2015-01-16 08:52 - 00415232 _____ (Farbar) C:\Users\Bruce\Desktop\FSS.exe
    2015-01-15 16:01 - 2015-01-15 16:01 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\PCDr
    2015-01-15 16:00 - 2015-01-15 16:00 - 00000000 ____D () C:\ProgramData\PCDr
    2015-01-15 14:36 - 2015-01-15 14:36 - 00001731 _____ () C:\Users\Bruce\Desktop\JRT.txt
    2015-01-15 14:30 - 2015-01-15 14:30 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-15 14:27 - 2015-01-15 14:27 - 01707939 _____ (Thisisu) C:\Users\Bruce\Desktop\JRT(1).exe
    2015-01-15 14:25 - 2015-01-15 14:25 - 00236344 _____ () C:\Users\Bruce\Desktop\JRT.exe
    2015-01-15 14:03 - 2015-01-15 14:13 - 00000000 ____D () C:\AdwCleaner
    2015-01-15 14:00 - 2015-01-15 14:01 - 02191360 _____ () C:\Users\Bruce\Desktop\AdwCleaner.exe
    2015-01-15 14:00 - 2015-01-15 14:00 - 00002192 _____ () C:\Users\Bruce\Documents\reply.txt
    2015-01-15 10:39 - 2015-01-15 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-01-15 10:36 - 2015-01-15 11:03 - 00000000 ____D () C:\Users\Bruce\Desktop\mbar
    2015-01-15 10:35 - 2015-01-15 10:36 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Bruce\Downloads\mbar-1.08.2.1001.exe
    2015-01-15 10:02 - 2015-01-21 11:06 - 00055635 _____ () C:\Users\Bruce\Desktop\Addition.txt
    2015-01-15 10:00 - 2015-01-28 08:13 - 00026194 _____ () C:\Users\Bruce\Desktop\FRST.txt
    2015-01-15 10:00 - 2015-01-28 08:12 - 01121792 _____ (Farbar) C:\Users\Bruce\Desktop\FRST.exe
    2015-01-13 16:14 - 2015-01-13 16:14 - 00002214 _____ () C:\Users\Bruce\Desktop\aswMBR.txt
    2015-01-13 16:14 - 2015-01-13 16:14 - 00000512 _____ () C:\Users\Bruce\Desktop\MBR.dat
    2015-01-13 14:10 - 2015-01-13 14:11 - 05198336 _____ (AVAST Software) C:\Users\Bruce\Desktop\aswMBR.exe
    2015-01-13 13:46 - 2015-01-13 13:47 - 00051749 _____ () C:\Users\Bruce\Desktop\oldAddition.txt
    2015-01-13 13:43 - 2015-01-28 08:12 - 00000000 ____D () C:\FRST
    2015-01-13 13:37 - 2015-01-13 13:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BRUCE-LENOVO-Microsoft-Windows-7-Professional-(32-bit).dat
    2015-01-13 13:36 - 2015-01-13 13:36 - 00000000 ____D () C:\RegBackup
    2015-01-13 13:35 - 2015-01-13 13:35 - 00002196 _____ () C:\Users\Bruce\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-13 13:35 - 2015-01-13 13:35 - 00000000 ____D () C:\Program Files\Tweaking.com
    2015-01-13 13:32 - 2015-01-13 13:32 - 04215584 _____ () C:\Users\Bruce\Downloads\tweaking.com_registry_backup_setup.exe
    2015-01-13 13:06 - 2015-01-13 13:06 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate(1).exe
    2015-01-09 20:00 - 2015-01-27 18:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-09 19:59 - 2015-01-15 10:39 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-09 19:59 - 2015-01-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-09 19:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-09 19:58 - 2015-01-09 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
    2015-01-09 10:01 - 2015-01-21 19:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG
    2015-01-09 10:01 - 2015-01-09 10:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG
    2015-01-09 09:28 - 2015-01-09 09:00 - 08994813 _____ () C:\Users\Admin\Documents\CBS.txt.log
    2015-01-09 09:18 - 2015-01-09 09:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2014
    2015-01-09 09:17 - 2015-01-09 09:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2014
    2015-01-09 09:17 - 2015-01-09 09:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
    2015-01-02 12:53 - 2015-01-07 10:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
    2015-01-02 12:53 - 2015-01-02 12:53 - 00000000 ____D () C:\ProgramData\Intel.sav
    2015-01-02 12:47 - 2015-01-02 12:47 - 00000000 ____D () C:\ProgramData\IntelDLM
    2015-01-02 12:43 - 2015-01-02 12:43 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Intel
    2015-01-02 12:42 - 2015-01-02 12:42 - 00001139 _____ () C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk
    2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
    2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 ____D () C:\Program Files\Intel Driver Update Utility
    2015-01-02 12:41 - 2015-01-02 12:41 - 02333416 _____ (Intel) C:\Users\Bruce\Downloads\Intel Driver Update Utility Installer.exe
    2015-01-02 12:26 - 2015-01-02 12:26 - 00159144 _____ (Microsoft Corporation) C:\Users\Bruce\Downloads\WindowsActivationUpdate.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 08:10 - 2010-06-23 05:46 - 01586172 _____ () C:\Windows\WindowsUpdate.log
    2015-01-28 08:10 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 08:10 - 2009-07-13 20:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 08:07 - 2011-11-01 07:44 - 00000000 ____D () C:\ProgramData\MFAData
    2015-01-28 08:04 - 2013-10-17 08:35 - 00000000 ____D () C:\ProgramData\AVGRemoteIT
    2015-01-28 08:04 - 2011-05-03 15:00 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
    2015-01-28 08:04 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-28 08:04 - 2009-07-13 20:39 - 00192875 _____ () C:\Windows\setupact.log
    2015-01-27 22:58 - 2010-07-21 11:01 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook Files
    2015-01-27 22:58 - 2010-06-24 18:18 - 00000000 ____D () C:\Users\braley\Outlook
    2015-01-27 22:42 - 2012-04-08 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-27 09:01 - 2011-04-08 18:25 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-27 08:57 - 2009-10-02 05:41 - 00000000 ____D () C:\Users\Bruce\Documents\Health
    2015-01-27 08:47 - 2011-01-24 16:51 - 00000000 ____D () C:\Users\Bruce\Documents\investment
    2015-01-27 08:14 - 2009-07-13 20:33 - 03896504 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-25 12:42 - 2012-04-08 09:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-01-25 12:42 - 2011-05-26 08:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-01-25 10:56 - 2009-07-20 21:30 - 00800182 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-21 19:09 - 2013-06-30 12:23 - 00000000 ____D () C:\TEMP
    2015-01-20 09:08 - 2010-06-24 23:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-01-19 19:22 - 2010-06-23 06:28 - 00000000 ____D () C:\Users\Bruce
    2015-01-19 19:17 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\wfp
    2015-01-19 19:16 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin
    2015-01-19 19:16 - 2010-06-22 18:22 - 00000000 ____D () C:\Users\braley
    2015-01-19 19:15 - 2011-04-08 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-19 19:15 - 2010-06-23 06:21 - 00000000 ____D () C:\ProgramData\Lenovo
    2015-01-19 19:15 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
    2015-01-19 19:15 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-01-19 19:13 - 2011-03-25 10:40 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Mozilla Firefox
    2015-01-19 19:13 - 2010-06-22 15:53 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\Mozilla
    2015-01-16 23:21 - 2010-06-23 06:31 - 00462888 _____ () C:\Users\Bruce\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-16 20:56 - 2014-07-09 11:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-01-16 20:56 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
    2015-01-16 19:41 - 2013-08-17 09:12 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-16 18:38 - 2010-06-23 05:44 - 00000000 ____D () C:\swshare
    2015-01-16 17:40 - 2013-01-09 04:02 - 00000000 ____D () C:\Users\Bruce\Documents\Technical
    2015-01-16 15:12 - 2010-06-23 05:42 - 01868734 _____ () C:\Windows\PFRO.log
    2015-01-16 15:12 - 2010-06-23 05:34 - 00000000 ____D () C:\Windows\CSC
    2015-01-16 14:32 - 2013-07-18 16:22 - 00001734 _____ () C:\Users\Bruce\Desktop\settings.ini
    2015-01-15 13:20 - 2014-04-03 21:57 - 00000000 ____D () C:\Users\Outlook
    2015-01-13 12:59 - 2011-05-03 15:00 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2015-01-11 00:56 - 2010-10-02 07:35 - 00000000 ____D () C:\Users\Bruce\Documents\Politics
    2015-01-10 09:59 - 2009-07-13 20:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-09 19:59 - 2011-11-01 13:12 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
    2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-09 19:59 - 2010-06-22 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2015-01-09 09:18 - 2012-05-06 10:50 - 00462888 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-09 09:17 - 2012-05-06 10:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
    2015-01-07 11:01 - 2013-12-14 10:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-01-07 10:39 - 2010-06-24 23:49 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Microsoft Help
    2015-01-07 10:19 - 2014-06-21 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-01-07 10:19 - 2011-11-09 01:58 - 00000000 ____D () C:\ProgramData\Intel
    2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Common Files\Intel
    2015-01-07 10:18 - 2011-11-09 01:57 - 00000000 ____D () C:\Program Files\Cisco
    2015-01-07 10:18 - 2010-06-23 05:39 - 00000000 ____D () C:\Program Files\Intel
    2015-01-02 12:54 - 2013-11-18 07:58 - 00000000 ____D () C:\Users\TEMP
    2014-12-31 13:15 - 2010-06-22 22:55 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2014-06-14 12:48 - 2014-06-14 12:48 - 6103040 _____ () C:\Program Files\GUT3266.tmp
    2012-04-26 10:24 - 2012-05-07 16:17 - 0022616 _____ () C:\Users\Bruce\AppData\Roaming\Comma Separated Values (Windows).ADR
    2012-02-15 12:01 - 2014-03-03 21:01 - 0002235 _____ () C:\Users\Bruce\AppData\Roaming\SAS7_000.DAT
    2014-02-23 13:04 - 2014-02-23 13:04 - 0000000 _____ () C:\Users\Bruce\AppData\Roaming\SharedSettings.ccs
    2011-11-07 10:10 - 2012-05-02 12:01 - 0172925 _____ () C:\Users\Bruce\AppData\Local\ars.cache
    2011-11-07 10:10 - 2012-05-02 12:01 - 0417386 _____ () C:\Users\Bruce\AppData\Local\census.cache
    2012-11-20 09:16 - 2012-11-20 09:16 - 0005632 _____ () C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-12-24 10:08 - 2010-12-24 10:08 - 0000036 _____ () C:\Users\Bruce\AppData\Local\housecall.guid.cache
    2011-01-10 08:10 - 2011-01-10 08:10 - 0004096 ____H () C:\Users\Bruce\AppData\Local\keyfile3.drm
    2010-09-15 08:47 - 2014-09-17 21:48 - 0007604 _____ () C:\Users\Bruce\AppData\Local\resmon.resmoncfg
    2011-04-08 18:24 - 2011-04-08 18:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2013-02-21 15:28 - 2013-02-21 17:19 - 0000034 _____ () C:\ProgramData\IpAndPort.fig
    2013-02-21 15:28 - 2013-09-13 22:30 - 0000225 _____ () C:\ProgramData\RmUserCfg.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-15 16:45

    ==================== End Of Log ============================

  3. #43
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Can you post the Addition.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

    Backup Chrome Bookmarks

    After the above please uninstall Google Chrome,

    Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on Google Chrome
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • when the built-in uninstaller is finished click on Next.
    • Once the program has searched for leftovers click Next.
    • Check/tick the bolded items only on the list then click Delete
    • when prompted click on Yes and then on next.
    • put a check on any folders that are found and select delete
    • when prompted select yes then on next
    • Once done click Finish.



    and reinstall from http://www.google.com/chrome/

    ~~~~~~~
    Go here to download HJT
    http://www.bleepingcomputer.com/download/hijackthis/
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


    ~~~~~~~~~~

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.


    *************************************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #44
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default

    Here's Addition.txt
    Will run Hijack and post it
    I'm not using Chrome - using Firefox - I do have it on the machine and will uninstall
    Thanks

    ======================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: AVG CloudCare AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG CloudCare AntiVirus 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
    Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Connect Add-in (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Adobe Connect Add-in) (Version: - )
    Adobe Creative Suite 5 Production Premium (HKLM\...\{53BC789D-073D-47B6-AA9F-DE05990AF07A}) (Version: 5.0 - Adobe Systems Incorporated)
    Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Amazon Kindle) (Version: - Amazon)
    Amazon MP3 Downloader 1.0.10 (HKLM\...\Amazon MP3 Downloader) (Version: - )
    AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.6 - Vantage Software Technologies)
    AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
    AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
    AVG CloudCare (HKLM\...\AVG CloudCare) (Version: 3.2.3 - AVG Technologies)
    AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
    AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
    AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
    AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.9 - AVG Technologies) Hidden
    Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
    Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
    Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
    Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version: - )
    Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
    Canon MX870 series User Registration (HKLM\...\Canon MX870 series User Registration) (Version: - )
    Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: - )
    Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
    Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
    Corel DVD MovieFactory (Version: 7.0.0 - Corel Corporation) Hidden
    Corel DVD MovieFactory 7 Lenovo Edition (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    DeLorme Street Atlas USA 2009 (HKLM\...\{AEB95804-A937-49E6-940A-37A606C16D5D}) (Version: 9.00.0000 - DeLorme Publishing)
    Digital Picture Recovery (HKLM\...\Digital Picture Recovery) (Version: 2.1.2.8 - dtidata.com)
    Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
    Dragon NaturallySpeaking 10 (HKLM\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
    Free File Opener v2011.6.0.4 (HKLM\...\Free File Opener_is1) (Version: 2011.6.0.4 - Free File Opener, LLC)
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
    Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    HD Writer AE 3.0 (HKLM\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation)
    HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
    HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
    HTC Sync (HKLM\...\{7A3FFA58-876F-489C-B6CF-0503916224DF}) (Version: 3.0.5617 - HTC Corporation)
    Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
    Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
    Intel(R) Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
    Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.157 - InterVideo Inc.)
    InterVideo WinDVD 8 (Version: 8.0.20.157 - InterVideo Inc.) Hidden
    Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche Studios)
    K-Lite Codec Pack 6.0.4 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
    Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
    Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
    Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
    Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
    Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
    Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0002.00 - Lenovo)
    Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version: - )
    Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
    Mobile Broadband Connect (HKLM\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
    NetViewer 2.1.584.0 (HKLM\...\NetViewer) (Version: 2.1.584.0 - )
    NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12130 - NVIDIA Corporation)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
    PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
    Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
    Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (HKLM\...\Adobe_1b5a11fde44351ae0f4c7fd0e4daadc) (Version: 4.4.0 - Adobe Systems Incorporated)
    Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5 (Version: 4.4.0 - Adobe Systems Incorporated) Hidden
    PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
    QuickBooks (Version: 19.0.4011.705 - Intuit Inc.) Hidden
    QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4011.705 - Intuit Inc.)
    Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.3.7 - Intuit)
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
    Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
    RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
    Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
    Search Protection (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\Search Protection) (Version: 10.7.0.1 - Spigot, Inc.) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    Steam (HKLM\...\Steam) (Version: - Valve Corporation)
    SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
    SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
    The Print Shop 22 (HKLM\...\{E34351A4-4B10-4DFF-96BC-84C642D9C625}) (Version: 22.00.0000 - Broderbund Software)
    ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
    ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
    ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
    ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.10a - )
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
    ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
    ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.50 - Lenovo)
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.42 - Lenovo)
    Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
    Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
    Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
    WebEx (HKU\S-1-5-21-2701720504-2077786656-4262629455-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
    Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
    Windows Driver Package - Intel (e1kexpress) Net (11/19/2009 11.5.5.0) (HKLM\...\A140D730315E230942517BDDAEC2B1B5FCC45A3F) (Version: 11/19/2009 11.5.5.0 - Intel)
    Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
    Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
    Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
    Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
    Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
    Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1026\atucfobj.dll (Cisco WebEx LLC)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
    CustomCLSID: HKU\S-1-5-21-2701720504-2077786656-4262629455-1001_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

    ==================== Restore Points =========================

    02-01-2015 12:41:54 Intel® Driver Update Utility
    02-01-2015 12:49:03 Intel® PROSet/Wireless Software
    15-01-2015 16:52:24 Scheduled Checkpoint
    16-01-2015 19:19:34 Windows Update
    16-01-2015 23:24:04 Windows Update
    19-01-2015 13:11:04 Windows Update
    19-01-2015 18:25:10 Restore Operation

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:04 - 2015-01-19 12:39 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {08C60E9B-4AD4-495A-8EC7-40CF1EE8811B} - System32\Tasks\InstallShield Software online update program => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-16] (InstallShield Software Corporation)
    Task: {0D98184E-32AB-4002-B42B-183B6EDE33C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {0F989BE7-FEE9-4162-AE5A-F0A7A78DE8B6} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
    Task: {19BCC457-29AA-430F-93C8-C6B770EE7692} - System32\Tasks\{A90682E6-3795-4060-AEF9-00A2150BFA68} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl"
    Task: {1B29FD60-61DE-403F-897E-94F774D856AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {1BB0418C-9C6A-40D2-8683-CA6D7982BECB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
    Task: {209C7C6C-CBC2-41FC-A757-DE2A25B80416} - System32\Tasks\{CE78F2F9-EEDA-49CB-A1BD-08DE7DE8C0E5} => E:\Setup.exe
    Task: {24F6D86F-A55F-4B4E-9D48-6068FF00C60A} - System32\Tasks\{C2405C53-C542-458F-9782-7D4BB17E147C} => E:\ace\SINGLE\SETUP.EXE
    Task: {259A12A9-FBB3-4479-A1F1-FE533ABCCBF8} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
    Task: {259B58CC-1CC0-4F60-8FD4-184FE3DFCE1D} - System32\Tasks\{1540E941-4CD6-4941-B170-D0D20F45E0EA} => E:\autorun.exe
    Task: {29A590F7-ED48-4A5D-8364-F25C8A2B21D1} - System32\Tasks\Message Center plus => C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
    Task: {365039BA-D056-4548-A4C1-AFB67518136C} - System32\Tasks\{641FAB8B-0345-4BF5-B407-89A82A9DF934} => pcalua.exe -a "C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\\tssmpm.cpl"
    Task: {4E2708E9-4E2B-4EBA-88BE-87E01CF4C422} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
    Task: {573C700B-BFB7-4B2D-82E0-C295EA4664E8} - System32\Tasks\{C7870018-95CD-49A1-8511-2FA7DD647873} => E:\ace\SINGLE\SETUP.EXE
    Task: {5FA52832-1814-4100-AA81-EB64BEC12DAF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
    Task: {5FBD5FCB-2122-4448-9B82-830D2108807B} - System32\Tasks\LaunchCSS => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-26] (Lenovo Group Limited)
    Task: {62D0B3DA-2018-48B9-962C-482771543418} - System32\Tasks\{B746EDA9-1EA4-4B66-BAC3-5BF8C299A8A9} => E:\autorun.exe
    Task: {693133C6-59A9-4F14-A5B4-E9E8F49197D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {7307B735-7772-49FD-BE2F-36BF96E0ECAB} - System32\Tasks\{8CE865C7-79CA-44DE-B8AE-9993D0236C60} => D:\install.exe
    Task: {7A317081-074A-4C61-95C8-6A2DDA1B2437} - System32\Tasks\{35A9C21D-65FC-45D5-9472-346495408226} => E:\ace\SINGLE\SETUP.EXE
    Task: {7B925F22-0399-476E-AFE5-C75552BD7A16} - System32\Tasks\AdobeAAMUpdater-1.0-Bruce-Lenovo-Bruce => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {83952255-1DDD-4BDB-920F-A1DFF0AC08DD} - System32\Tasks\{10F11F3A-58FF-4BBC-8168-6105E14410B6} => E:\setup.exe
    Task: {897B4F6E-FDF0-43CB-AE03-04E312300C23} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-11-26] (Lenovo Group Limited)
    Task: {9314E8F0-AD1C-478B-A2C5-6137608B6FDD} - System32\Tasks\InstallShield Software update service => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16] (InstallShield Software Corporation)
    Task: {998D0A65-D9FE-4D67-BFED-C8F4819732F0} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
    Task: {A5F8BFAD-B368-437F-B7AD-456939861D20} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
    Task: {A954044F-9745-4724-8204-3743B7F5AEDF} - System32\Tasks\{56A271B6-B527-4A59-AF05-1682CC725F72} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {B3500B58-8693-4A86-8951-F362C64A5553} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {B400A4B7-0DE1-49DA-83D9-D646D73CCA92} - System32\Tasks\{84AE0A25-3344-4110-87F8-F39AE4C1A56B} => pcalua.exe -a C:\SWTools\skype\Skype_Setup.exe -d C:\SWTools\skype
    Task: {B9C075ED-2906-4D73-9811-23DFA22104F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {BBBE9FE9-89F6-460F-B3C8-201CFCCEB524} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
    Task: {CD4068ED-893C-4AA9-99B9-7E5A262B9E32} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG)
    Task: {D811F944-863A-4423-803A-C4E084E2332A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-12-20] ()
    Task: {D9293844-F489-4397-8BB9-488ACE94A14F} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
    Task: {DA3AEC2B-0BB5-45D9-9C97-879863A2D03B} - System32\Tasks\{2E88491F-1A5F-4A22-B292-ACEA4ED9DC0B} => pcalua.exe -a C:\Users\Bruce\Downloads\MediaToolsProfessional5.1.exe -d C:\Users\Bruce\Downloads
    Task: {DF844C5B-A434-4CA2-A6A9-75A739EF1328} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {F50085CF-F530-4CBB-99B3-2DBE91056D68} - System32\Tasks\{76A69476-6ADD-4A19-91A6-0EF971717ED4} => E:\setup.exe
    Task: {FF0EB834-16BF-4947-9A96-236DF606E5FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
    Task: {FF7B19BC-F590-446A-B3CB-AE8A5C665E10} - System32\Tasks\TVT\LaunchRnR => C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
    Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-04-04 08:35 - 2013-10-28 14:48 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2009-11-26 17:48 - 2009-11-26 17:48 - 00006656 _____ () C:\Program Files\Lenovo\Access Connections\ACNewBiosHelper.dll
    2013-10-17 08:35 - 2014-11-03 13:34 - 00059160 _____ () C:\Program Files\AVG\CloudCare\ZlibStream.dll
    2013-10-17 08:35 - 2014-11-03 13:34 - 00073496 _____ () C:\Program Files\AVG\CloudCare\UpdateProxy.dll
    2015-01-21 19:03 - 2014-08-28 07:20 - 00170464 _____ () C:\Program Files\AVG\CloudCare\AvgRemote\VIPTunnelDll.dll
    2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2012-01-31 18:13 - 2010-08-24 18:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll
    2014-07-14 02:26 - 2014-07-14 02:26 - 00585528 _____ () C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll
    2014-07-14 02:26 - 2014-07-14 02:26 - 00357176 _____ () C:\Program Files\AVG\AVG PC TuneUp\tuavgx.dll
    2013-12-14 10:59 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2013-12-14 10:59 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2013-12-14 10:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2013-12-14 10:59 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2013-12-14 10:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-06-23 05:43 - 2009-11-26 10:10 - 00032768 _____ () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
    2009-11-26 17:50 - 2009-11-26 17:50 - 00274432 _____ () C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgRemote => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\raserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\XmppAuth => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Admin (S-1-5-21-2701720504-2077786656-4262629455-1006 - Administrator - Enabled) => C:\Users\Admin
    Administrator (S-1-5-21-2701720504-2077786656-4262629455-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2701720504-2077786656-4262629455-1009 - Limited - Enabled)
    braley (S-1-5-21-2701720504-2077786656-4262629455-1003 - Limited - Enabled) => C:\Users\braley
    Bruce (S-1-5-21-2701720504-2077786656-4262629455-1001 - Administrator - Enabled) => C:\Users\Bruce
    Guest (S-1-5-21-2701720504-2077786656-4262629455-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2701720504-2077786656-4262629455-1005 - Limited - Enabled)
    Sean (S-1-5-21-2701720504-2077786656-4262629455-1007 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/27/2015 04:26:39 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (8008) Asapi: (16:26:39:6300)(8008) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>200D87A54ADF90C2</RequestId><HostId>x7KKA5jzUbAmhoxRlxx5lD2Aywg2mymFJshSYER2yUnqJbfehwCH317oxeC/w0iSsbsmBWY7xOc=</HostId></Error>

    Error: (01/27/2015 08:29:36 AM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (6692) Asapi: (08:29:36:1520)(6692) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8A14547A2BCDB74C</RequestId><HostId>5kb6OcQUfRO8Yolglw2SiOQ/IGG1bZUV6msrCy+B9fkITYfBpsTsR48Ck3hPH7Je</HostId></Error>

    Error: (01/25/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (01/25/2015 04:00:46 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (6852) Asapi: (16:00:46:2120)(6852) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8FE08459BB4D06F0</RequestId><HostId>lkZa6aNEIigJ7ZrKyqm5qxZcNmcFrAm3P3hf/6QuNWkCvIF45nk59RPEQxC/u/od</HostId></Error>

    Error: (01/25/2015 11:08:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (8060) Asapi: (11:08:07:1720)(8060) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

    Error: (01/25/2015 11:08:04 AM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (8060) Asapi: (11:08:04:7540)(8060) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>0A6B63953DEB69A3</RequestId><HostId>vd7F9hPJzePvSgBC0gHy2vIwiXMjXixOayIL1pHfUBlFtNxWa2aPmSJlhe4elEnV</HostId></Error>

    Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:21:18:1790)(1908) ManagedThread - Fatal -- 24 Uncaught unknown exception thrown from thread: PullThread (id: 6680)

    Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:21:17:9920)(1908) ClientMessageHandler - Error -- 419 UpdatesProviderToEngineToUI -- before property change observer: 163432864 threw unknown exception

    Error: (01/22/2015 04:00:29 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:00:29:5520)(1908) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

    Error: (01/22/2015 04:00:20 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:00:20:5040)(1908) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>AF485BDFF6FCC59D</RequestId><HostId>w2RvEhu1wgKkwaAyUUpRdXDjatbdvZta0s6klBYTRkRRP5PExO1iE8EtkpVa54wq</HostId></Error>


    System errors:
    =============
    Error: (01/28/2015 08:06:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (01/28/2015 08:05:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
    %%1053

    Error: (01/28/2015 08:05:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

    Error: (01/28/2015 08:05:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (01/28/2015 08:05:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (01/27/2015 10:53:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (01/27/2015 10:43:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (01/27/2015 10:33:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (01/27/2015 10:23:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (01/27/2015 10:13:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


    Microsoft Office Sessions:
    =========================
    Error: (01/27/2015 04:26:39 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (8008) Asapi: (16:26:39:6300)(8008) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>200D87A54ADF90C2</RequestId><HostId>x7KKA5jzUbAmhoxRlxx5lD2Aywg2mymFJshSYER2yUnqJbfehwCH317oxeC/w0iSsbsmBWY7xOc=</HostId></Error>

    Error: (01/27/2015 08:29:36 AM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (6692) Asapi: (08:29:36:1520)(6692) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8A14547A2BCDB74C</RequestId><HostId>5kb6OcQUfRO8Yolglw2SiOQ/IGG1bZUV6msrCy+B9fkITYfBpsTsR48Ck3hPH7Je</HostId></Error>

    Error: (01/25/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

    Error: (01/25/2015 04:00:46 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (6852) Asapi: (16:00:46:2120)(6852) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>8FE08459BB4D06F0</RequestId><HostId>lkZa6aNEIigJ7ZrKyqm5qxZcNmcFrAm3P3hf/6QuNWkCvIF45nk59RPEQxC/u/od</HostId></Error>

    Error: (01/25/2015 11:08:07 AM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (8060) Asapi: (11:08:07:1720)(8060) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

    Error: (01/25/2015 11:08:04 AM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (8060) Asapi: (11:08:04:7540)(8060) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>0A6B63953DEB69A3</RequestId><HostId>vd7F9hPJzePvSgBC0gHy2vIwiXMjXixOayIL1pHfUBlFtNxWa2aPmSJlhe4elEnV</HostId></Error>

    Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:21:18:1790)(1908) ManagedThread - Fatal -- 24 Uncaught unknown exception thrown from thread: PullThread (id: 6680)

    Error: (01/22/2015 04:21:18 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:21:17:9920)(1908) ClientMessageHandler - Error -- 419 UpdatesProviderToEngineToUI -- before property change observer: 163432864 threw unknown exception

    Error: (01/22/2015 04:00:29 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:00:29:5520)(1908) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

    Error: (01/22/2015 04:00:20 PM) (Source: PC-Doctor) (EventID: 1) (User: )
    Description: (1908) Asapi: (16:00:20:5040)(1908) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>AF485BDFF6FCC59D</RequestId><HostId>w2RvEhu1wgKkwaAyUUpRdXDjatbdvZta0s6klBYTRkRRP5PExO1iE8EtkpVa54wq</HostId></Error>


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3059.69 MB
    Available physical RAM: 1320.98 MB
    Total Pagefile: 6117.66 MB
    Available Pagefile: 4150.08 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1921.46 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:673.37 GB) (Free:393.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Premiere Pro CS5 CIB) (CDROM) (Total:4.12 GB) (Free:0 GB) UDF
    Drive q: (Lenovo_Recovery) (Fixed) (Total:24.09 GB) (Free:18.96 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B729D094)
    Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=673.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=24.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  5. #45
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:46:20 PM, on 1/28/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17496)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\TpShocks.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
    C:\Program Files\Lenovo\Access Connections\ACTray.exe
    C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
    C:\Program Files\AVG\AVG2014\avgui.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
    C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Users\Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe
    O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
    O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [AVG CloudCare] C:\Program Files\AVG\CloudCare\AvgTrayApp.exe
    O4 - HKLM\..\Run: [racontrol] "C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe" -controlservice -slave
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Startup: Verizon Wireless Software Utility Application for Android – Samsung.lnk = Bruce\AppData\Roaming\Verizon\UA_ar\UA.exe
    O4 - Global Startup: HD Writer.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted IP range: http://10.0.0.26
    O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} (HiDvrOcx Control) - http://10.0.0.26:85/HiDvrOcx.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
    O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: AVG CloudCare - AvgApiWrapper (AvgApiWrapper) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgApiWrapper.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
    O23 - Service: AVG Remote (AvgRemote) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgRemote\AvgRemote.exe
    O23 - Service: AVG CloudCare - AvgUpgrade (AvgUpgrade) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgUpgrade.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: AVG Remote IT Server (raserver) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\AvgRemote\raserver.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
    O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: AVG CloudCare - XmppAuth (XmppAuth) - AVG Technologies, Inc. - C:\Program Files\AVG\CloudCare\XmppAuth.exe

    --
    End of file - 16771 bytes

  6. #46
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please continue with the ESET.

    Malwarebytes Anti-Rootkit
    • Download Malwarebytes Anti-Rootkit
    • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
    • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
    • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
    • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
    • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
    • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
    • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.



    • Please click by the introduction screen on the Next button to continue.




    • Next you will see the Update Database screen.
    • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.




    • When the update has finished, click on the Next button.



    • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
    • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.




    • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
    • Make sure everything is selected and that the option to create a restore point is checked.
    • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
    • Click on Yes button to restart your computer.

    • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
    • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
      • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.

    • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #47
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please continue with the two scans as instructed then

    These are valid entries, but are classified as 'not required'.

    Typically, these entries are infrequently used tasks that can be started manually, if necessary.


    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    Now reboot the computer to set the registry.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #48
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default ESET log

    C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
    C:\Users\Bruce\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
    C:\Users\Bruce\Downloads\winzip18-pp.exe a variant of Win32/InstallCore.TL potentially unwanted application

  9. #49
    Member
    Join Date
    Feb 2007
    Posts
    40

    Default

    Malwarebytes anti rootkit came up clean
    Fixed the entries in Hijackthis

  10. #50
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
    start
    CloseProcesses:
    C:\Users\Bruce\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe
    C:\Users\Bruce\Downloads\U-0131-01-P_AVERY1_.exe
    C:\Users\Bruce\Downloads\winzip18-pp.exe
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    How long have you had Trend Micro\RUBotted\RUBottedGUI.exe on the machine?

    Also I noticed you have AVG Internet security package. Have these 2 packages worked well together in the past?

    After running the above script, please give me an update how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •