Jump to content

ggcapsquare

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by ggcapsquare

  1. This is from the Addition.txt log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01 Ran by G470 at 2013-11-11 21:45:25 Running from D:\HH Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202) Adobe Flash Player 11 Plugin (x32 Version: 11.4.402.265) Adobe Reader X (10.1.8) (x32 Version: 10.1.8) Atheros Client Installation Program (x32 Version: 7.0) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36) AVG 2013 (Version: 13.0.3222) AVG 2013 (Version: 13.0.3426) AVG 2013 (Version: 2013.0.3426) AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.229) AVG PC TuneUp 2014 (x32 Version: 14.0.1001.229) Canon Easy-WebPrint EX (x32 Version: 1.3.5.0) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32) Canon MP Navigator EX 3.1 (x32) Canon MX340 series MP Drivers Canon Speed Dial Utility (x32) Canon Utilities Easy-PhotoPrint EX (x32) Canon Utilities My Printer (x32) Canon Utilities Solution Menu (x32) CCleaner (Version: 4.07) Celestia 1.6.1 (x32) Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0) Conexant HD Audio (Version: 8.54.4.51) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Energy Management (x32 Version: 6.0.2.0) Google Chrome (HKCU Version: 30.0.1599.101) ImgBurn (x32 Version: 2.5.8.0) Intel® Control Center (x32 Version: 1.2.1.1007) Intel® Management Engine Components (x32 Version: 7.0.0.1144) Intel® Processor Graphics (x32 Version: 8.15.10.2342) Intel® Rapid Storage Technology (x32 Version: 10.1.5.1001) Java 7 Update 25 (x32 Version: 7.0.250) Java 7 Update 7 (64-bit) (Version: 7.0.70) Java Auto Updater (x32 Version: 2.1.9.5) Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400) Lenovo EasyCamera (x32 Version: 1.10.1209.1) Lenovo OneKey Recovery (Version: 7.0.1628) Lenovo OneKey Recovery (x32 Version: 7.0.1628) Lenovo YouCam (x32 Version: 3.1.3623) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Security Client (Version: 4.3.0219.0) Microsoft Security Essentials (Version: 4.3.219.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) RealDownloader (x32 Version: 1.3.3) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0) RealPlayer (x32 Version: 16.0.3) Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10003) RealUpgrade 1.1 (x32 Version: 1.1.0) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32) Skype™ 5.10 (x32 Version: 5.10.116) Spybot - Search & Destroy (x32 Version: 1.6.2) Stellarium 0.11.4 (x32 Version: 0.11.4) Synaptics Pointing Device Driver (Version: 15.3.0.0) The KMPlayer (remove only) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32) UserGuide (x32 Version: 1.0.0.6) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1) WinRAR 4.20 (64-bit) (Version: 4.20.0) ==================== Restore Points ========================= 15-10-2013 11:38:20 Windows Update 20-10-2013 12:00:35 Windows Update 23-10-2013 02:38:13 Windows Update 27-10-2013 06:37:30 Windows Update 31-10-2013 15:23:08 Windows Update 04-11-2013 05:53:20 Windows Update 07-11-2013 09:53:38 Windows Update 10-11-2013 12:58:03 Windows Update 11-11-2013 00:43:44 Installed AVG PC TuneUp 2014 ==================== Hosts content: ========================== 2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {07C2352B-1BC6-461F-9E5D-CFDADFE4988F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink) Task: {0A4D3EC6-7335-434A-9F1F-51A34329895B} - System32\Tasks\Google Updater and Installer => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.) Task: {12A9D06B-B051-44E6-B097-BD471218E9E1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {1EEFCA68-4A4C-4F75-B719-C10FB192BE9D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2013-11-08] (RealNetworks, Inc.) Task: {21678292-B2CA-48B1-A4D1-FBA0BD32745D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {39643A6C-46CF-4E6A-A3F1-02F565192C08} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {40628B04-C97B-4858-803D-80702B6386AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.) Task: {52229667-7B9B-4465-BC80-6CE740F32723} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05] (Adobe Systems Incorporated) Task: {553BB90B-0BAA-41D6-B124-BB32478ECBBC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {57260115-5149-4EEF-91DA-B36F4EA1BC11} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {62AC3C4E-98FC-46F4-94AE-C447F362020D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {7FCF4DEE-0D43-450C-AC79-4F2CEA480434} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {93F1B5CF-2A6C-4E3B-B388-DD56442DD2BC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-427960264-612200393-1892385769-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {A2921FE9-F07B-4C8A-BA41-F2B4A5149D08} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core.job => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA.job => C:\Users\G470\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-12-20 03:20 - 2012-09-06 17:51 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-20 03:20 - 2012-09-06 17:51 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2012-09-06 16:53 - 2011-03-25 17:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-08-15 08:08 - 2013-08-15 08:08 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\563d7e5043ac090c49e50f7fc21fc1b9\IsdiInterop.ni.dll 2012-09-06 17:06 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/11/2013 07:41:36 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 04:29:20 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 10:19:46 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/11/2013 10:19:43 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (11/11/2013 09:50:54 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (11/11/2013 09:50:07 AM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (11/11/2013 05:09:57 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (11/11/2013 10:34:07 AM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (11/11/2013 09:50:11 AM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/11/2013 09:50:11 AM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (11/11/2013 09:47:30 AM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Microsoft Office Sessions: ========================= Error: (11/11/2013 07:41:36 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 04:29:20 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 10:19:46 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (11/11/2013 10:19:43 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (11/11/2013 09:50:54 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/11/2013 09:50:11 AM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (11/11/2013 09:50:07 AM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore ==================== Memory info =========================== Percentage of memory in use: 89% Total physical RAM: 1991.86 MB Available physical RAM: 207.25 MB Total Pagefile: 3983.72 MB Available Pagefile: 796.92 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:140.75 GB) (Free:86.06 GB) NTFS Drive d: (New Volume) (Fixed) (Total:323.83 GB) (Free:203.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=141 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=324 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================
  2. It not listed in my Control Panel's Add/Remove program list. It only appears in CCleaner's Tools>Uninstall list. The following is the FRST.tst log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01 Ran by G470 (administrator) on G470-PC on 11-11-2013 21:43:15 Running from D:\HH Windows 7 Home Basic Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-09-06] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2012-09-06] (Lenovo(beijing) Limited) HKLM\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2710856 2009-11-02] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-09-04] (CANON INC.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro) HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.) IMEO\bjmyprt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\bttray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\chrome.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\cnslmain.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\rnxproc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IMEO\youcam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" Startup: C:\Users\G470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2FDF9E075F96CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR DefaultSearchURL: (Web) - http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=MY&userid=6efa9573-eb2a-b9cd-565d-a8eed1b616f0&searchtype=ds&q={searchTerms}&installDate=10/11/2013 CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\G470\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\G470\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\G470\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\G470\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Google Update) - C:\Users\G470\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Extension: (Entanglement Web App) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0 CHR Extension: (Bejeweled) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0 CHR Extension: (Angry Birds) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0 CHR Extension: (YouTube) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (SnapDo) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0 CHR Extension: (Cut the Rope) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0 CHR Extension: (RealDownloader) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0 CHR Extension: (Autodesk Homestyler) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0 CHR Extension: (Cargo Bridge) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0 CHR Extension: (Planner 5D) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0 CHR Extension: (Poppit) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 CHR Extension: (Fishing Joy) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlonhgnjdlnjgalpdigmbpfpielpadmc\1.0.8.0_0 CHR Extension: (Google Wallet) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Mobialia Chess 3D) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfppohnieolpklikdmhbofoabooijm\1.2_0 CHR Extension: (Gmail) - C:\Users\G470\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.) S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-09] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-30] (AVG) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-10-30] (AVG) ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-11 21:42 - 2013-11-11 21:42 - 00000000 ____D C:\FRST 2013-11-11 19:41 - 2013-11-11 19:41 - 00000056 _____ C:\Windows\setupact.log 2013-11-11 19:41 - 2013-11-11 19:41 - 00000000 _____ C:\Windows\setuperr.log 2013-11-11 09:36 - 2013-11-11 09:36 - 00000000 ____D C:\Windows\ERUNT 2013-11-11 08:48 - 2013-10-30 18:27 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll 2013-11-11 08:48 - 2013-10-30 18:27 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll 2013-11-11 08:48 - 2013-10-30 18:27 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll 2013-11-11 08:48 - 2013-10-30 18:27 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll 2013-11-11 08:46 - 2013-10-30 18:27 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe 2013-11-11 08:42 - 2013-11-11 08:53 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-11-11 08:32 - 2013-11-11 08:32 - 00000000 ____D C:\Users\G470\AppData\Roaming\ImgBurn 2013-11-11 07:55 - 2013-11-11 21:04 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-11-11 07:54 - 2013-11-11 08:08 - 00000000 ____D C:\Program Files\CCleaner 2013-11-10 22:06 - 2013-11-10 23:05 - 00000000 ____D C:\AdwCleaner 2013-11-10 21:17 - 2013-11-10 21:17 - 00002453 _____ C:\Users\G470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2013-11-10 21:13 - 2013-11-10 21:13 - 00001865 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2013-11-10 21:13 - 2013-11-10 21:13 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2013-11-10 20:03 - 2013-11-10 20:03 - 00000000 ____D C:\Users\G470\Documents\The KMPlayer 2013-11-08 14:39 - 2013-11-08 14:39 - 00000000 ____D C:\Users\G470\AppData\Roaming\RealNetworks 2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\ProgramData\RealNetworks 2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\Program Files (x86)\RealNetworks 2013-10-31 10:19 - 2013-10-31 10:19 - 00000613 _____ C:\Users\G470\Desktop\HH - Shortcut.lnk 2013-10-29 23:15 - 2013-10-29 23:15 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu 2013-10-29 23:14 - 2013-10-29 23:14 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter 2013-10-29 23:03 - 2013-11-01 22:43 - 00000000 ____D C:\ProgramData\CanonIJPLM 2013-10-29 22:59 - 2013-10-29 22:59 - 00002039 _____ C:\Users\Public\Desktop\Canon Solution Menu.lnk 2013-10-29 22:59 - 2013-10-29 22:59 - 00000000 ____D C:\Program Files\Common Files\CANON 2013-10-29 22:56 - 2013-10-29 22:56 - 00000000 ____D C:\Program Files\Canon 2013-10-29 22:55 - 2013-10-29 22:55 - 00000000 ___HD C:\ProgramData\CanonBJ 2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkSE.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkID.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkGR.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkFI.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkTR.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkTH.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkNO.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkKR.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkDK.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkAR.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002048 _____ (Canon Inc.) C:\Windows\system32\CNCFLkTW.DLL 2013-10-29 22:54 - 2009-11-25 15:56 - 00002048 _____ (Canon Inc.) C:\Windows\system32\CNCFLkCN.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkRU.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkPT.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkPL.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkNL.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkIT.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkFR.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkES.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkDE.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkHU.DLL 2013-10-29 22:54 - 2009-11-25 15:55 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkCZ.DLL 2013-10-29 22:54 - 2009-10-22 11:30 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLkUS.DLL 2013-10-29 22:54 - 2009-10-22 11:30 - 00002560 _____ (Canon Inc.) C:\Windows\system32\CNCFLkJP.DLL 2013-10-29 22:53 - 2013-10-29 22:53 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information 2013-10-29 22:53 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMA5.DLL 2013-10-29 22:50 - 2009-10-22 11:33 - 00343552 _____ (Canon Inc.) C:\Windows\system32\CNCF2Lk.DLL 2013-10-29 22:50 - 2009-10-22 11:30 - 00182272 _____ (Canon Inc.) C:\Windows\system32\CNCFMSk.EXE 2013-10-29 22:49 - 2013-10-29 22:49 - 00000000 ___HD C:\Program Files\CanonBJ 2013-10-29 22:49 - 2011-01-06 13:09 - 01324544 _____ (CANON INC.) C:\Windows\system32\CNC340C.dll 2013-10-29 22:49 - 2011-01-06 13:09 - 00109568 _____ (CANON INC.) C:\Windows\system32\CNC340I.dll 2013-10-29 22:49 - 2011-01-06 13:07 - 00102400 _____ (CANON INC.) C:\Windows\SysWOW64\CNC340U.dll 2013-10-29 22:49 - 2009-10-19 16:30 - 00346624 _____ (CANON INC.) C:\Windows\system32\CNC340L.dll 2013-10-29 22:49 - 2009-10-19 16:29 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC340L.dll 2013-10-29 22:49 - 2009-09-10 17:00 - 00245760 _____ (CANON INC.) C:\Windows\system32\CNMIUA5.DLL 2013-10-29 22:49 - 2009-06-23 14:35 - 00014592 _____ C:\Windows\SysWOW64\CNC1741D.TBL 2013-10-29 22:49 - 2009-06-23 14:35 - 00014592 _____ C:\Windows\system32\CNC1741D.TBL 2013-10-29 22:49 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll 2013-10-29 22:49 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll 2013-10-29 22:48 - 2013-10-29 22:49 - 00000000 ____D C:\Windows\system32\STRING 2013-10-29 22:48 - 2013-10-29 22:48 - 00000000 ____D C:\Windows\system32\CHM 2013-10-29 22:48 - 2009-10-09 23:01 - 00337920 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2013-10-29 22:48 - 2009-10-09 23:01 - 00144384 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2013-10-29 22:47 - 2013-10-29 23:03 - 00000000 ____D C:\Program Files (x86)\Canon 2013-10-22 10:19 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-22 10:19 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-22 10:19 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-22 10:19 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-22 10:19 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-22 10:19 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-22 10:19 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys ==================== One Month Modified Files and Folders ======= 2013-11-11 21:42 - 2013-11-11 21:42 - 00000000 ____D C:\FRST 2013-11-11 21:04 - 2013-11-11 07:55 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-11-11 19:48 - 2009-07-14 12:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-11 19:48 - 2009-07-14 12:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-11 19:44 - 2012-09-06 16:38 - 01506414 _____ C:\Windows\WindowsUpdate.log 2013-11-11 19:41 - 2013-11-11 19:41 - 00000056 _____ C:\Windows\setupact.log 2013-11-11 19:41 - 2013-11-11 19:41 - 00000000 _____ C:\Windows\setuperr.log 2013-11-11 19:41 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-11 17:02 - 2013-06-29 19:29 - 00000000 ____D C:\ProgramData\MFAData 2013-11-11 10:33 - 2009-07-14 13:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-11 09:36 - 2013-11-11 09:36 - 00000000 ____D C:\Windows\ERUNT 2013-11-11 09:22 - 2012-09-18 14:48 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA.job 2013-11-11 09:22 - 2012-09-18 14:48 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core.job 2013-11-11 09:15 - 2013-06-29 21:06 - 00003758 _____ C:\Windows\System32\Tasks\Real Player online update program 2013-11-11 09:13 - 2012-09-18 14:48 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000UA 2013-11-11 09:13 - 2012-09-18 14:48 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-427960264-612200393-1892385769-1000Core 2013-11-11 08:54 - 2013-06-29 21:06 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program 2013-11-11 08:53 - 2013-11-11 08:42 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-11-11 08:53 - 2013-06-29 21:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler 2013-11-11 08:53 - 2013-06-29 21:01 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-11-11 08:53 - 2012-09-18 14:32 - 00000000 ____D C:\Users\G470\AppData\Local\Microsoft Help 2013-11-11 08:53 - 2012-09-06 17:51 - 00000000 ____D C:\Users\G470\AppData\Local\Downloaded Installations 2013-11-11 08:49 - 2013-06-29 21:01 - 00000000 ____D C:\ProgramData\AVG 2013-11-11 08:45 - 2013-06-29 21:02 - 00000000 ____D C:\Users\G470\AppData\Roaming\AVG 2013-11-11 08:45 - 2013-06-29 19:36 - 00000000 ____D C:\Program Files (x86)\AVG 2013-11-11 08:32 - 2013-11-11 08:32 - 00000000 ____D C:\Users\G470\AppData\Roaming\ImgBurn 2013-11-11 08:08 - 2013-11-11 07:54 - 00000000 ____D C:\Program Files\CCleaner 2013-11-11 08:01 - 2013-06-29 19:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-11-11 08:01 - 2012-09-19 22:06 - 00000000 ____D C:\Users\G470\AppData\Roaming\Media Player Classic 2013-11-11 08:00 - 2012-09-07 08:34 - 00000000 ____D C:\Windows\Panther 2013-11-10 23:05 - 2013-11-10 22:06 - 00000000 ____D C:\AdwCleaner 2013-11-10 21:17 - 2013-11-10 21:17 - 00002453 _____ C:\Users\G470\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2013-11-10 21:13 - 2013-11-10 21:13 - 00001865 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2013-11-10 21:13 - 2013-11-10 21:13 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2013-11-10 20:03 - 2013-11-10 20:03 - 00000000 ____D C:\Users\G470\Documents\The KMPlayer 2013-11-08 14:39 - 2013-11-08 14:39 - 00000000 ____D C:\Users\G470\AppData\Roaming\RealNetworks 2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\ProgramData\RealNetworks 2013-11-08 14:38 - 2013-11-08 14:38 - 00000000 ____D C:\Program Files (x86)\RealNetworks 2013-11-08 14:38 - 2013-01-01 21:18 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2013-11-08 14:38 - 2013-01-01 21:18 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2013-11-08 14:38 - 2013-01-01 21:18 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2013-11-08 14:38 - 2013-01-01 21:17 - 00000000 ____D C:\Program Files (x86)\Real 2013-11-08 14:38 - 2013-01-01 21:14 - 00000000 ____D C:\ProgramData\Real 2013-11-08 14:37 - 2013-01-01 21:18 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2013-11-08 14:37 - 2013-01-01 21:18 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2013-11-08 14:37 - 2013-01-01 21:18 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2013-11-01 22:43 - 2013-10-29 23:03 - 00000000 ____D C:\ProgramData\CanonIJPLM 2013-10-31 10:19 - 2013-10-31 10:19 - 00000613 _____ C:\Users\G470\Desktop\HH - Shortcut.lnk 2013-10-30 18:27 - 2013-11-11 08:48 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll 2013-10-30 18:27 - 2013-11-11 08:48 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll 2013-10-30 18:27 - 2013-11-11 08:48 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll 2013-10-30 18:27 - 2013-11-11 08:48 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll 2013-10-30 18:27 - 2013-11-11 08:46 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe 2013-10-29 23:15 - 2013-10-29 23:15 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu 2013-10-29 23:14 - 2013-10-29 23:14 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter 2013-10-29 23:03 - 2013-10-29 22:47 - 00000000 ____D C:\Program Files (x86)\Canon 2013-10-29 22:59 - 2013-10-29 22:59 - 00002039 _____ C:\Users\Public\Desktop\Canon Solution Menu.lnk 2013-10-29 22:59 - 2013-10-29 22:59 - 00000000 ____D C:\Program Files\Common Files\CANON 2013-10-29 22:56 - 2013-10-29 22:56 - 00000000 ____D C:\Program Files\Canon 2013-10-29 22:55 - 2013-10-29 22:55 - 00000000 ___HD C:\ProgramData\CanonBJ 2013-10-29 22:53 - 2013-10-29 22:53 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information 2013-10-29 22:50 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media 2013-10-29 22:49 - 2013-10-29 22:49 - 00000000 ___HD C:\Program Files\CanonBJ 2013-10-29 22:49 - 2013-10-29 22:48 - 00000000 ____D C:\Windows\system32\STRING 2013-10-29 22:48 - 2013-10-29 22:48 - 00000000 ____D C:\Windows\system32\CHM 2013-10-28 12:08 - 2013-06-29 19:38 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-10-23 10:48 - 2012-09-18 14:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-17 13:56 - 2009-07-14 13:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-14 15:02 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache Some content of TEMP: ==================== C:\Users\G470\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 03:57 ==================== End Of Log ============================
  3. In CCleaner, when I go to Tools>Uninstall, Snap.Do is still listed as one of the programs.
  4. Is there still a cause of concern as I am still able to see Snap.Do using CCleaner?
  5. Here's the contents of JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Home Basic x64 Ran by G470 on Mon 11/11/2013 at 9:36:40.17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 11/11/2013 at 9:41:50.63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. After opening CCleaner, I clicked on Tools>Uninstall and search for Snap.Do entries. There were three of them (2 entries for Snap.Do, and another called Snap.Do Engine). I select the entries one at a time and click "Delete Entry". One of the Snap.Do entries and the Snap.Do Engine entry can be deleted. However, the other Snap.Do entry can't be deleted, with the message prompt "Cannot delete MSI installer". A check at Control Panel > Program and Features does not contain Snap.Do anymore though.
  7. The Snap.Do can't be deleted with CCleaner as well. It states "Cannot delete MSI installer".
  8. I have just been infected with the Snap.Do virus. I had run Malwarebytes and AdwCleaner and it has done some cleanup but I am unable to uninstall the program from Control Panel > Program and Features. "Snap.Do" and "Snap.Do Engine" is still listed there and there is no response when i click on Uninstall. Please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.