Jump to content

pjtroup

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

Reputation

0 Neutral
  1. pjtroup
    Does this mean you are finished with this project? If so, thanks for your efforts.
  2. pjtroup
    By the way AppRemover removed only some game application that I never heard of. There was no option for "next' or to "clean up failed uninstall". So I ran Combofix before anything really got accomplished with AppRemover. It found AVG and MalwareBytes and I didn't remove those. Do you think we are making any progress?
  3. pjtroup
    Nothing has gotten better. More programs are complaining that they cannot run. Here is the log: ComboFix 13-09-08.02 - paul 09/08/2013 20:57:39.3.8 - x64 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8048.6110 [GMT -5:00] Running from: c:\users\paul\Desktop\ComboFix.exe Command switches used :: c:\users\paul\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\GUM3B14.tmp" . . ((((((((((((((((((((((((( Files Created from 2013-08-09 to 2013-09-09 ))))))))))))))))))))))))))))))) . . 2013-09-09 01:59 . 2013-09-09 01:59 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-09-09 01:59 . 2013-09-09 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-08 17:12 . 2013-09-09 01:59 -------- d-----w- c:\users\paul\AppData\Local\temp 2013-09-08 05:16 . 2013-09-08 05:16 -------- d-----w- c:\program files (x86)\GUM3B14.tmp 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\program files\Google 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\program files (x86)\Google 2013-09-08 05:15 . 2013-09-08 05:16 -------- d-----w- c:\users\paul\AppData\Local\Google 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\users\paul\AppData\Local\Apps 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\users\paul\AppData\Local\Deployment 2013-09-08 00:41 . 2013-09-08 00:41 -------- d-----w- c:\users\paul\AppData\Roaming\AVG2013 2013-09-08 00:40 . 2013-09-08 00:40 -------- d-----w- c:\program files (x86)\AVG 2013-09-08 00:31 . 2013-09-08 00:41 -------- d-----w- c:\users\paul\AppData\Local\Avg2013 2013-09-04 08:33 . 2013-09-04 08:33 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp 2013-09-03 06:28 . 2013-09-03 06:28 -------- d-----w- c:\users\paul\AppData\Roaming\Webroot 2013-09-03 06:27 . 2013-09-03 06:28 -------- d-----w- c:\program files (x86)\Common Files\Webroot Shared 2013-09-03 06:27 . 2013-09-03 06:27 -------- d-----w- c:\program files (x86)\Webroot 2013-09-03 06:27 . 2005-05-20 20:53 486400 ----a-w- c:\windows\SysWow64\wwSecure.exe 2013-09-02 04:58 . 2013-09-02 05:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-09-01 06:02 . 2013-09-01 06:02 -------- d-----w- C:\_OTL 2013-08-28 07:31 . 2013-08-28 07:31 -------- d-----w- c:\windows\ERUNT 2013-08-26 15:49 . 2013-08-26 15:51 -------- d-----w- C:\AdwCleaner 2013-08-26 14:52 . 2013-08-27 05:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-26 14:52 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-26 06:41 . 2013-08-26 06:41 -------- d-----w- c:\users\paul\AppData\Roaming\Malwarebytes 2013-08-26 06:41 . 2013-08-26 06:41 -------- d-----w- c:\programdata\Malwarebytes 2013-08-26 06:40 . 2013-08-26 06:40 -------- d-----w- c:\users\paul\AppData\Local\Programs 2013-08-26 06:36 . 2013-08-26 06:39 -------- d-----w- c:\programdata\HitmanPro 2013-08-26 05:08 . 2013-09-02 05:02 -------- d-----w- c:\program files (x86)\Real 2013-08-26 04:58 . 2013-08-26 04:58 -------- d-----w- c:\users\paul\AppData\Roaming\Video Media Download 2013-08-17 22:40 . 2013-08-17 22:41 -------- d-----w- c:\windows\system32\MRT 2013-08-17 22:14 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-08-17 22:14 . 2013-06-01 09:24 1453568 ----a-w- c:\windows\SysWow64\mfcore.dll 2013-08-17 22:14 . 2013-06-01 09:23 1842176 ----a-w- c:\windows\SysWow64\dwmcore.dll 2013-08-17 22:14 . 2013-06-01 09:20 1527808 ----a-w- c:\windows\system32\mfcore.dll 2013-08-17 22:14 . 2013-06-01 09:20 2219520 ----a-w- c:\windows\system32\dwmcore.dll 2013-08-17 22:11 . 2012-10-12 06:13 109568 ----a-w- c:\windows\system32\dskquota.dll 2013-08-17 22:11 . 2012-10-12 05:39 82944 ----a-w- c:\windows\SysWow64\dskquota.dll 2013-08-17 22:11 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll 2013-08-17 22:07 . 2012-12-04 04:21 368640 ----a-w- c:\windows\system32\sppwinob.dll 2013-08-17 22:06 . 2012-11-06 07:33 1566432 ----a-w- c:\windows\system32\ole32.dll 2013-08-17 22:05 . 2013-07-09 06:07 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-17 22:04 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll 2013-08-17 22:04 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-17 22:04 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll 2013-08-17 22:04 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-17 22:04 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll 2013-08-17 22:04 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll 2013-08-17 22:04 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-17 22:04 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll 2013-08-17 22:04 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-17 22:40 . 2013-06-10 12:52 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-08-17 08:33 . 2013-06-30 02:51 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-07-10 06:32 . 2013-07-10 06:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-07-09 06:28 . 2013-07-09 06:28 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys 2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2013-06-27 22:04 . 2013-06-10 13:28 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2013-06-10 13:28 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-25 08:54 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-06-11 08:31 . 2013-06-11 08:31 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-09-08 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-26 508656] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088] "RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x] R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] R2 0215451370840746mcinstcleanup;McAfee Application Installer Cleanup (0215451370840746);c:\windows\TEMP\021545~1.EXE;c:\windows\TEMP\021545~1.EXE [x] R2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 NEOFLTR_7110_21187;Juniper Networks TDI Filter Driver (NEOFLTR_7110_21187);c:\windows\system32\Drivers\NEOFLTR_7110_21187.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_7110_21187.SYS [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x] S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x] S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08 05:15] . 2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-12 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-12 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-12 441888] "SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-06 13219984] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-10-29 1234064] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-09-30 11582848] "OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-01-14 17080376] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-01-14 191544] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2013-09-08 21:00:22 ComboFix-quarantined-files.txt 2013-09-09 02:00 ComboFix2.txt 2013-09-09 01:44 ComboFix3.txt 2013-09-08 17:12 . Pre-Run: 904,093,696,000 bytes free Post-Run: 904,044,154,880 bytes free . - - End Of File - - 7251B8924CC8401C6897624A3B30D366 Hopefully, things will start improving.
  4. pjtroup
    Note that icons have once again disappeared from the taskbar hidden area and the red circle with the line through it is still there IE in Manage Add Ons Toolbars and Extensions. Here is the ComboFix log: ComboFix 13-09-08.02 - paul 09/08/2013 12:08:56.1.8 - x64 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8048.6395 [GMT -5:00] Running from: c:\users\paul\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - windows: deleted 0 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming . . ((((((((((((((((((((((((( Files Created from 2013-08-08 to 2013-09-08 ))))))))))))))))))))))))))))))) . . 2013-09-08 05:16 . 2013-09-08 05:16 -------- d-----w- c:\program files (x86)\GUM3B14.tmp 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\program files\Google 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\program files (x86)\Google 2013-09-08 05:15 . 2013-09-08 05:16 -------- d-----w- c:\users\paul\AppData\Local\Google 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\users\paul\AppData\Local\Apps 2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\users\paul\AppData\Local\Deployment 2013-09-08 00:41 . 2013-09-08 00:41 -------- d-----w- c:\users\paul\AppData\Roaming\AVG2013 2013-09-08 00:40 . 2013-09-08 00:40 -------- d-----w- c:\program files (x86)\AVG 2013-09-08 00:31 . 2013-09-08 00:41 -------- d-----w- c:\users\paul\AppData\Local\Avg2013 2013-09-04 08:33 . 2013-09-04 08:33 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp 2013-09-03 06:28 . 2013-09-03 06:28 -------- d-----w- c:\users\paul\AppData\Roaming\Webroot 2013-09-03 06:27 . 2013-09-03 06:28 -------- d-----w- c:\program files (x86)\Common Files\Webroot Shared 2013-09-03 06:27 . 2013-09-03 06:27 -------- d-----w- c:\program files (x86)\Webroot 2013-09-03 06:27 . 2005-05-20 20:53 486400 ----a-w- c:\windows\SysWow64\wwSecure.exe 2013-09-02 04:58 . 2013-09-02 05:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-09-01 06:02 . 2013-09-01 06:02 -------- d-----w- C:\_OTL 2013-08-28 07:31 . 2013-08-28 07:31 -------- d-----w- c:\windows\ERUNT 2013-08-26 15:49 . 2013-08-26 15:51 -------- d-----w- C:\AdwCleaner 2013-08-26 14:52 . 2013-08-27 05:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-26 14:52 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-26 06:41 . 2013-08-26 06:41 -------- d-----w- c:\users\paul\AppData\Roaming\Malwarebytes 2013-08-26 06:41 . 2013-08-26 06:41 -------- d-----w- c:\programdata\Malwarebytes 2013-08-26 06:40 . 2013-08-26 06:40 -------- d-----w- c:\users\paul\AppData\Local\Programs 2013-08-26 06:36 . 2013-08-26 06:39 -------- d-----w- c:\programdata\HitmanPro 2013-08-26 06:14 . 2013-08-26 06:27 -------- d-----w- c:\users\paul\AppData\Local\DefineExt 2013-08-26 05:08 . 2013-09-02 05:02 -------- d-----w- c:\program files (x86)\Real 2013-08-26 04:58 . 2013-08-26 04:58 -------- d-----w- c:\users\paul\AppData\Roaming\Video Media Download 2013-08-18 03:42 . 2013-08-18 03:42 -------- d-----w- c:\users\paul\AppData\Roaming\StreamTorrent 2013-08-17 22:40 . 2013-08-17 22:41 -------- d-----w- c:\windows\system32\MRT 2013-08-17 22:14 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-08-17 22:14 . 2013-06-01 09:24 1453568 ----a-w- c:\windows\SysWow64\mfcore.dll 2013-08-17 22:14 . 2013-06-01 09:23 1842176 ----a-w- c:\windows\SysWow64\dwmcore.dll 2013-08-17 22:14 . 2013-06-01 09:20 1527808 ----a-w- c:\windows\system32\mfcore.dll 2013-08-17 22:14 . 2013-06-01 09:20 2219520 ----a-w- c:\windows\system32\dwmcore.dll 2013-08-17 22:11 . 2012-10-12 06:13 109568 ----a-w- c:\windows\system32\dskquota.dll 2013-08-17 22:11 . 2012-10-12 05:39 82944 ----a-w- c:\windows\SysWow64\dskquota.dll 2013-08-17 22:11 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll 2013-08-17 22:07 . 2012-12-04 04:21 368640 ----a-w- c:\windows\system32\sppwinob.dll 2013-08-17 22:06 . 2012-11-06 07:33 1566432 ----a-w- c:\windows\system32\ole32.dll 2013-08-17 22:05 . 2013-07-09 06:07 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-17 22:04 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll 2013-08-17 22:04 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-17 22:04 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll 2013-08-17 22:04 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-17 22:04 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll 2013-08-17 22:04 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll 2013-08-17 22:04 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-17 22:04 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll 2013-08-17 22:04 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-17 22:40 . 2013-06-10 12:52 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-08-17 08:33 . 2013-06-30 02:51 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-07-10 06:32 . 2013-07-10 06:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-07-09 06:28 . 2013-07-09 06:28 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys 2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2013-06-27 22:04 . 2013-06-10 13:28 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2013-06-10 13:28 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-25 08:54 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-06-11 08:31 . 2013-06-11 08:31 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-09-08 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-26 508656] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088] "RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x] R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] R2 0215451370840746mcinstcleanup;McAfee Application Installer Cleanup (0215451370840746);c:\windows\TEMP\021545~1.EXE;c:\windows\TEMP\021545~1.EXE [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] R2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 NEOFLTR_7110_21187;Juniper Networks TDI Filter Driver (NEOFLTR_7110_21187);c:\windows\system32\Drivers\NEOFLTR_7110_21187.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_7110_21187.SYS [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x] S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x] S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08 05:15] . 2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-12 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-12 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-12 441888] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-06 13219984] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-10-29 1234064] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-09-30 11582848] "OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-01-14 17080376] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-01-14 191544] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2013-09-08 12:12:54 ComboFix-quarantined-files.txt 2013-09-08 17:12 . Pre-Run: 905,846,198,272 bytes free Post-Run: 905,710,997,504 bytes free . - - End Of File - - D75B26ED81536F463E540E9C05549C91
  5. pjtroup
    I uninstalled AVG and the red circle with the line through it is still there IE in Manage Add Ons Toolbars and Extensions after the reboot. I reinstalled AVG after that. I'm also trying to find out what this means on my end,....I'm trying to help and I appreciate your help.
  6. pjtroup
    I found a way to do this in ie10 with win8 by creating a shortcut with the line "%ProgramFiles%\Internet Explorer\iexplore.exe" -extoff. The problem with the red circle with the line through it is still there IE Manage Add Ons Toolbars and Extensions when I run iexplore without add ons.
  7. pjtroup
    I did this and also deleted RealPlayer and exentinf class to no avail. The red circle with the line through it is still there IE Manage Add Ons Toolbars and Extensions. I apologize in advance for doing this without being instructed to do so. Would have thought resetting IE to default values would work, but I did it before I posted this problem to this forum.
  8. pjtroup
    Waiting for response.
  9. pjtroup
    The icons appear to have been restored in "show hidden icons" in the taskbar - evidence of progress!!! Unfortunately, the circle with the line is still present in IE Manage Add Ons Toolbars and Extensions.
  10. pjtroup
    Here is the OTL fix log: All processes killed ========== OTL ========== C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\windows folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\window folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\utils folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\traits folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\tabs folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\system folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\l10n folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\events folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\event folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\dom folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\content folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\addon folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\lib folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\data folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\api-utils folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\lib folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\data folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\addon-kit folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\tests folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\lib folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\data folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\a folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\resources folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\locale folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\preferences folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\defaults folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn\tmp\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn\tmp\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn\tmp\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn\tmp folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn\text-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn\props folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn\prop-base folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org\.svn folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org folder moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-573312440-3363351860-604312295-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1\ deleted successfully. C:\Program Files (x86)\FreeRide Games\npExentControl.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\paul\Downloads\cmd.bat deleted successfully. C:\Users\paul\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: paul ->Temp folder emptied: 23194017 bytes ->Temporary Internet Files folder emptied: 222807048 bytes ->Flash cache emptied: 710 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4678361 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 3191775 bytes Total Files Cleaned = 242.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09012013_010238 Files\Folders moved on Reboot... C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6Y4XVL7\index[1].htm moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6Y4XVL7\i[1] moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6Y4XVL7\xd_arbiter[1].htm moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXNDFHDA\customer-support-form-inapp[1].htm moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXNDFHDA\index[5].htm moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXNDFHDA\xd_arbiter[1].htm moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96SZXQ31\like[1].htm moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96SZXQ31\postmessageRelay[1].htm moved successfully. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56BZQGN1\fastbutton[1].htm moved successfully. File move failed. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Hopefully, this is what you were looking for.
  11. pjtroup
    Here are the files produced by OTL: OTL logfile created on: 8/31/2013 10:15:07 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paul\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.86 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 80.20% Memory free 15.86 Gb Paging File | 14.02 Gb Available in Paging File | 88.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 884.18 Gb Total Space | 831.55 Gb Free Space | 94.05% Space Free | Partition Type: NTFS Drive D: | 25.00 Gb Total Space | 22.20 Gb Free Space | 88.80% Space Free | Partition Type: NTFS Computer Name: IDEA-PC | User Name: paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/08/31 10:11:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paul\Downloads\OTL.exe PRC - [2013/08/26 00:08:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2013/08/17 03:33:02 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/30 15:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012/09/30 15:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012/07/27 14:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2012/07/27 14:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012/07/16 03:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe PRC - [2012/06/11 18:59:00 | 000,671,408 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2012/05/02 11:56:02 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE PRC - [2012/03/28 21:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2005/05/20 17:53:52 | 000,486,400 | ---- | M] (Webroot Software, Inc.) -- C:\Windows\SysWOW64\wwSecure.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcbootdelaystartsvc) SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012/09/24 19:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2012/09/24 19:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012/09/24 19:02:42 | 000,617,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012/09/24 19:02:16 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/09/13 07:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2012/08/15 20:08:14 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012/07/16 03:49:46 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2) SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel® SRV - [2013/08/17 03:33:02 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0) SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/10/12 01:38:34 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/09/30 15:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012/09/30 15:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/17 17:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 17:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/07/16 03:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012/06/25 13:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012/06/11 18:59:00 | 000,671,408 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2005/05/20 17:53:52 | 000,486,400 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\wwSecure.exe -- (wwSecSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2013/07/09 01:28:50 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa) DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2013/06/01 06:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013/06/01 06:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013/06/01 06:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/05/04 02:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/05/04 02:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/03/02 05:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/01/14 13:13:18 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2013/01/14 13:13:18 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/10/26 06:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota) DRV:64bit: - [2012/10/22 22:50:06 | 000,990,976 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vm331avs.sys -- (vm331avs) DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/10/12 01:38:17 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012/10/10 14:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2012/10/01 17:41:40 | 001,337,216 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012/10/01 17:41:38 | 000,132,480 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/09/13 07:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012/09/13 07:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012/08/26 21:52:42 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012/08/26 21:52:40 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012/08/06 14:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/09 16:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/06/19 09:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012/06/13 20:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2012/06/13 05:24:02 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2012/06/12 08:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/06/11 19:11:30 | 000,099,192 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NEOFLTR_7110_21187.SYS -- (NEOFLTR_7110_21187) DRV:64bit: - [2012/06/11 18:30:08 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2012/06/02 09:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress) DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ctxusbm.sys -- (ctxusbm) DRV - [2012/08/02 18:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys -- (X5XSEx_Pr148) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7A41A4F1-9BA1-4278-AC29-2BCCB6B52777} IE:64bit: - HKLM\..\SearchScopes\{7A41A4F1-9BA1-4278-AC29-2BCCB6B52777}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{7A41A4F1-9BA1-4278-AC29-2BCCB6B52777}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-573312440-3363351860-604312295-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-573312440-3363351860-604312295-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-573312440-3363351860-604312295-1001\..\SearchScopes,DefaultScope = {CCA73B46-36A7-42BC-BA48-0B2F6ABF63AD} IE - HKU\S-1-5-21-573312440-3363351860-604312295-1001\..\SearchScopes\{CCA73B46-36A7-42BC-BA48-0B2F6ABF63AD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-573312440-3363351860-604312295-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-573312440-3363351860-604312295-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1: C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/27 00:25:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/27 00:25:40 | 000,000,000 | ---D | M] [2013/08/26 01:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/08/27 00:26:34 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org O1 HOSTS File: ([2013/08/07 23:04:52 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\paul\AppData\Local\DefineExt\temp.dat File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [synLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) O16 - DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} https://connect.chs.net/portal/applets/,DanaInfo=birminghamhpp.chs.net+mckapprun.cab (McKesson Application Launcher Control) O16 - DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} https://connect.chs.net/portal/applets/,DSID=33b753b038759d86d269530e60d89b21,DanaInfo=birminghamhpp.chs.net,CT=java+mckntauth.ocx (Mckntauth Control) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.chs.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07D8993C-4131-4C0B-BDEA-F8579AD4B8D3}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AD5144D-029B-45C4-83F2-DB4D784C6B80}: DhcpNameServer = 0.0.0.0 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/28 02:31:52 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/08/26 10:49:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/08/26 09:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/08/26 09:52:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/08/26 09:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/08/26 01:41:30 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Malwarebytes [2013/08/26 01:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/08/26 01:40:54 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Programs [2013/08/26 01:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/08/26 01:14:39 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\DefineExt [2013/08/26 00:09:07 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\RealNetworks [2013/08/26 00:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2013/08/26 00:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013/08/26 00:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013/08/26 00:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013/08/26 00:08:27 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2013/08/26 00:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2013/08/26 00:08:08 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Real [2013/08/26 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2013/08/25 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Video Media Download [2013/08/17 22:42:04 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\StreamTorrent [2013/08/17 17:40:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT [2013/08/17 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013/08/17 17:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013/08/17 17:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013/08/17 17:06:39 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\{2A82324E-1E3C-4E88-A68A-8BA11B0417FE} [2013/08/17 17:06:36 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Wide Angle Software [2013/08/17 17:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wide Angle Software [2013/08/17 17:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TouchCopy 12 [2013/08/08 07:56:33 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Nitro PDF [2013/08/08 07:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix [2013/08/08 07:54:32 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\ICAClient [2013/08/08 07:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix [2013/08/08 07:52:57 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Citrix [2013/08/08 02:41:06 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2013/08/07 22:29:26 | 000,590,512 | ---- | C] (Juniper Networks) -- C:\windows\SysWow64\dsNcSmartCardProv.dll [2013/08/07 22:29:26 | 000,422,064 | ---- | C] (Juniper Networks) -- C:\windows\SysWow64\dsNcCredProv.dll [2013/08/07 22:24:51 | 000,099,192 | ---- | C] (Juniper Networks) -- C:\windows\SysNative\drivers\NEOFLTR_7110_21187.SYS [2013/08/07 22:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks [2013/08/07 22:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks [2013/08/07 22:24:31 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Juniper Networks [2013/08/04 14:53:50 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar [2013/08/04 14:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar [2013/08/04 02:16:27 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013/08/04 02:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013/08/04 02:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013/08/04 02:08:08 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\WinRAR [2013/08/04 02:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2013/08/04 02:07:49 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\1O1L1I1PtF1F1C1N [2013/08/04 02:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/08/04 02:07:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions [2013/08/04 02:07:28 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins ========== Files - Modified Within 30 Days ========== [2013/08/31 10:01:35 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/08/31 10:01:35 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/08/31 10:01:35 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/08/31 10:00:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/08/29 02:30:18 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\OneKey Recovery.lnk [2013/08/29 02:27:06 | 000,040,487 | ---- | M] () -- C:\Users\paul\Desktop\Manage Add Ons.jpeg [2013/08/27 01:04:41 | 000,001,108 | ---- | M] () -- C:\Users\paul\Desktop\HijackThis - Shortcut.lnk [2013/08/27 00:38:27 | 000,000,456 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_AUG2013_TB_rmv.job [2013/08/27 00:38:27 | 000,000,406 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_AUG2013_TB_rel.job [2013/08/27 00:37:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/08/27 00:37:14 | 2455,777,279 | -HS- | M] () -- C:\hiberfil.sys [2013/08/26 09:52:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/08/26 00:08:53 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/08/26 00:08:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2013/08/25 23:33:39 | 000,281,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/08/17 17:09:38 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013/08/17 17:06:21 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\TouchCopy 12.lnk [2013/08/17 03:33:02 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys [2013/08/14 08:51:52 | 000,000,119 | ---- | M] () -- C:\Users\paul\Desktop\CVA.url [2013/08/08 02:40:57 | 659,176,507 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/08/07 23:04:32 | 000,002,184 | -H-- | M] () -- C:\Users\paul\Documents\Default.rdp [2013/08/07 22:24:51 | 000,000,021 | ---- | M] () -- C:\pending.un [2013/08/04 14:53:50 | 000,001,333 | ---- | M] () -- C:\Users\paul\Desktop\PC Inspector File Recovery.lnk ========== Files Created - No Company Name ========== [2013/08/29 02:27:06 | 000,040,487 | ---- | C] () -- C:\Users\paul\Desktop\Manage Add Ons.jpeg [2013/08/27 01:04:41 | 000,001,108 | ---- | C] () -- C:\Users\paul\Desktop\HijackThis - Shortcut.lnk [2013/08/26 22:02:45 | 000,000,406 | ---- | C] () -- C:\windows\tasks\AVG-Secure-Search-Update_AUG2013_TB_rel.job [2013/08/26 22:02:44 | 000,000,456 | ---- | C] () -- C:\windows\tasks\AVG-Secure-Search-Update_AUG2013_TB_rmv.job [2013/08/26 09:52:33 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/08/26 00:08:53 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/08/25 23:33:25 | 000,281,088 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/08/17 17:14:00 | 000,386,642 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013/08/17 17:09:38 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013/08/17 17:06:21 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\TouchCopy 12.lnk [2013/08/14 08:51:34 | 000,000,119 | ---- | C] () -- C:\Users\paul\Desktop\CVA.url [2013/08/08 07:54:48 | 000,000,036 | ---- | C] () -- C:\windows\webica.ini [2013/08/08 02:40:57 | 659,176,507 | ---- | C] () -- C:\windows\MEMORY.DMP [2013/08/07 22:36:52 | 000,002,184 | -H-- | C] () -- C:\Users\paul\Documents\Default.rdp [2013/08/07 22:24:51 | 000,000,021 | ---- | C] () -- C:\pending.un [2013/08/04 14:53:50 | 000,001,333 | ---- | C] () -- C:\Users\paul\Desktop\PC Inspector File Recovery.lnk [2013/06/10 08:37:37 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2013/01/14 13:09:15 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013/01/14 12:43:01 | 000,001,678 | ---- | C] () -- C:\windows\vm331Rmv.ini [2013/01/14 12:43:01 | 000,001,678 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini [2012/10/16 20:38:03 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012/10/16 20:37:48 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/10/16 20:37:45 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 01:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 00:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/08/08 07:54:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ICAClient [2013/07/08 09:28:51 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/08/08 07:54:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ICAClient [2013/07/08 09:28:51 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/08/04 02:07:49 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\1O1L1I1PtF1F1C1N [2013/06/10 08:01:34 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\AVG2013 [2013/08/08 08:10:44 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\ICAClient [2013/08/07 22:29:27 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Juniper Networks [2013/08/08 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Nitro PDF [2013/08/17 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\StreamTorrent [2013/06/10 07:59:52 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\TuneUp Software [2013/08/25 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Video Media Download [2013/08/08 07:54:48 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData\Roaming\ICAClient ========== Purity Check ========== < End of report > _____________________________________________________________________________________________________________________________ AND OTL Extras logfile created on: 8/31/2013 10:15:07 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paul\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.86 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 80.20% Memory free 15.86 Gb Paging File | 14.02 Gb Available in Paging File | 88.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 884.18 Gb Total Space | 831.55 Gb Free Space | 94.05% Space Free | Partition Type: NTFS Drive D: | 25.00 Gb Total Space | 22.20 Gb Free Space | 88.80% Space Free | Partition Type: NTFS Computer Name: IDEA-PC | User Name: paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" () Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" () Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03A0C633-EA50-4E58-A357-093239E5DFD5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{0C939BB9-9CC3-4B4F-AE9A-DF2B3F40B64D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{16288D63-19AE-417B-9EBC-10A2C7A70193}" = lport=445 | protocol=6 | dir=in | app=system | "{1E60C418-1479-4090-8E33-1A86B200A49A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{23DFE8DE-F579-4860-87B4-D4BEA4DAEFA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{25F55683-E8A5-4D88-B1DA-E98508D2C79B}" = lport=137 | protocol=17 | dir=in | app=system | "{414FD4C0-C3F4-4D18-AB39-D917844B1294}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | "{4817E4D8-017A-42CA-BDE1-CF67A44A7A0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4F5C3103-2549-42BE-9561-1C529DB388E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{56E03BBB-6177-4203-9E2D-884F69DAA43E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7ACC33B8-21CE-4FA8-8EA7-360DF3B9018C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A2769CD8-D5A2-4660-9A1F-316BDB145F55}" = lport=139 | protocol=6 | dir=in | app=system | "{C6E715CC-F12F-40E3-8D2F-8DF30D104B27}" = rport=137 | protocol=17 | dir=out | app=system | "{C711956D-643A-41A4-B338-D5CEB7EEB0AF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CB644B23-8546-49C9-BFE5-1A817755A0CF}" = lport=138 | protocol=17 | dir=in | app=system | "{D823A4FF-8686-4F4D-9245-E7FD3C0A4F77}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E292EB76-56E8-4FB4-8CA6-D5B91D82AD2F}" = rport=445 | protocol=6 | dir=out | app=system | "{E479FC16-C565-4D9A-97D4-E1B04DD4A51E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E86493EB-9566-4328-AB4A-99D286372F84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB370630-9A87-49BD-B086-F839A2E7CCB3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F417A749-A354-4C67-8F71-795E3CF5E85C}" = rport=139 | protocol=6 | dir=out | app=system | "{F7D05B22-C121-46C3-B46E-B91759E820B5}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02278BB9-7B5B-426B-9574-17039FEC0FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{080D692B-FB30-4F92-8C22-D87D2608DC5A}" = dir=in | name=evernote | "{0B6A32C6-10D9-41F4-B99D-815A1FC6FB77}" = dir=out | name=accuweather for windows 8 | "{0F61EB36-7C08-4525-9CF6-6DE30A2784A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{103643C9-4CF2-4B93-A574-A05849F422C2}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{20540193-84A9-458F-B6F6-EE23BF38B2D3}" = dir=in | name=ebay | "{2178A7E1-9281-4BB5-8E6F-F4B043F4893D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{27717AF5-6A03-4A69-9217-E3D5BDD353B3}" = dir=in | name=skype | "{27EB1578-3B30-47C4-A9F7-C2B9C68BD490}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2978DF6F-7335-4CE4-AF7E-37CD3455F274}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{2B1C1405-F61A-4803-AAE8-B4E135A88A58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{34B33F9D-4A3F-4AD0-98E3-73219E00FABA}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | "{396FEAA0-4E31-4AFC-BE67-E6CE27A6C083}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{39F62F93-D95F-45C7-9FD1-AAC023085254}" = dir=out | name=windows_ie_ac_001 | "{3A43D8DE-7FE6-4D2A-A0DD-5D6D80D39EF0}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{3AC44FFC-000C-4C29-BD30-910570B89990}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{3C0C1F4D-89FB-4A82-ABDE-3199AEF1081B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{44D99DA0-3C78-4FCB-B707-848612099C3C}" = dir=out | name=skype | "{45DAE58F-CAB3-466A-BC3D-C001912628E3}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{49FCACE1-A605-4731-BA98-C833A790FDF5}" = dir=out | name=lenovo companion | "{4B878FE6-6728-47FE-854F-F27BE8C2BD36}" = dir=out | name=mcafee security advisor for lenovo | "{4E638CEF-3456-45C6-8E81-1BD73C54F6D3}" = dir=in | name=kindle | "{501BA727-2266-4738-B1C3-36D12DC273DF}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{54ABB748-571C-4E55-A192-095252A67BA5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{54D1643E-EEF9-447B-A957-82F44D699E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{57A053F3-72BF-40BA-BB1B-843F2722C6AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5D17F0F6-BE83-4F70-AF6E-FB851C6AF81B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{62E73DF4-D8F0-47FC-94BA-0674F278740C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{678617EF-6F05-4E7E-BA85-2EDF92C6DFC5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{73AD30FC-3173-435B-A3C8-543B318B0859}" = dir=out | name=rara.com | "{757E1E32-546A-4D3A-A3EF-BC040AF2329D}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{7C50D5EC-573D-4E49-8CA3-6ED65AE1CA5E}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{7FB4D083-B98D-421F-B1EE-BD3624706E06}" = dir=out | name=kindle | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{85C0A587-C10C-420D-AB37-0F2B3F4811D5}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{862DA4F6-5E54-4F2B-82C1-AF51AFBB48C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8761BFD3-3A7A-49CD-8041-A0203CC6C89A}" = dir=out | name=ebay | "{8C77B54F-50CE-4E38-A82F-7589C778DF90}" = dir=out | name=evernote | "{A49B23D3-D13D-4938-8ED6-F94906DCAC23}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{A63AEC1B-5376-485A-8656-FF3B76E5EFFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A94A7AEF-3DC2-479B-A31D-E1A7672ED802}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{AD6B0AB9-7ACD-45D7-AA82-3422F5366192}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{ADADF6E1-2121-4E76-A021-DFAAF192689C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{B50523DD-C500-4D3D-BF0D-ED5E68041E2B}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{B7571703-9667-4A21-8ACD-ADB763F0458C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C03731D1-7F2E-493B-9C92-297A690A1B4D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{CB53CA62-88B5-4544-821A-D7039357EF40}" = dir=out | name=powerdvd for lenovo idea | "{D5CDF7BF-BA06-47D1-BC70-D490D0BEAB9D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{D7F130B8-B12E-4294-8965-791CE907BB2B}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{D9826518-21EB-4AB3-A6EB-4AC2AEA40257}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{E2418009-506E-4FC2-B264-A8A8429193F2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{E71F5BAC-5A18-418B-B66A-075A57524462}" = dir=out | name=lenovo support | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{F971F632-B61E-4915-8A17-F840388295DC}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{FC767C3B-70CB-4F8C-96B6-9A93BA441A66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{A720392B-B4AA-43DF-82FD-CDB8DBEB2817}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe | "UDP Query User{D13143AE-6121-4798-8789-FD37D4E0BE96}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013 "{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{72D264E5-0C44-42DF-820B-621303E5C183}" = Nitro Pro 7 "{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel® PROSet/Wireless for Bluetooth® + High Speed "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) "8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) "AVG" = AVG 2013 "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web) "{1004A21B-4460-45BD-9EC2-0B73B4F6FDAF}" = TouchCopy 12 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB) "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C26A305-4549-4A8A-9F03-25719C03B0FB}" = FreeRide Games "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV) "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{DD7D6D84-93AB-48CA-A759-94324E341CBA}" = Intelligent Touchpad "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10 "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10 "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Intel AppUp(SM) center 33057" = Intel AppUp(SM) center "Juniper Network Connect 7.1.10" = Juniper Networks Network Connect 7.1.10 "Lenovo Photos" = Lenovo Photos "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager "RealPlayer 16.0" = RealPlayer "SugarSync" = SugarSync Manager "Window Washer" = Window Washer ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-573312440-3363351860-604312295-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client "Should I Remove It 1.0.4" = Should I Remove It "WinRAR Free Download Packages" = WinRAR Free Download Packages ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/28/2013 4:08:40 AM | Computer Name = idea-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error - 8/29/2013 3:15:53 AM | Computer Name = idea-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 8/29/2013 3:27:22 AM | Computer Name = idea-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error - 8/29/2013 3:50:21 AM | Computer Name = idea-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 8/29/2013 1:01:44 PM | Computer Name = idea-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error - 8/31/2013 4:33:55 AM | Computer Name = idea-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 8/31/2013 4:34:25 AM | Computer Name = idea-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. < End of report >
  12. pjtroup
    .OK. RealPlayer is now disabled, nothing else changed.
  13. pjtroup
    I'm assuming you can see the jpeg of the "Manage Add Ons" screen shot I took. If not, how can I send it to you? It has a red circle with a line through it over the gear in "Toolbars and Extensions" and it was not there before I got whatever browser hijacker malware thing that initially caused this topic to be posted. I have a new (5 monthsold) computer with Windows 8 and IE 10. I am not nearly as familiar with either of these as I was earlier versions and perhaps I just don't understand how to restore them to defaults. I feel fairly confident that things are not back to the way they were before the browser hijacker malware thing. Hopefully, you are more facile with these programs than am I.
  14. pjtroup
    You can see there apparently is some sort of conflict under Toolbars and extensions. Most of the Icons have disappeared from the taskbar. I'm not sure what else may be wrong.
  15. pjtroup
    if you are referring to Search Providers in Internet Explorer Manage Add Ons, there is no delete option and nothing happens when I click the test overlaid by the red circle with the line. The lines to the right simply have the options to enable or disable. The Jpeg below shows a little bit of what I am talking about.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.