Jump to content

Four instances of Pup.Optional.Conduit.A after running full scan

tillerr

By tillerr
in Resolved Malware Removal Logs

 Share

Recommended Posts

tillerr

tillerr

Posted
Posted

I ran a full scan this morning and have four instances of Pup.Optiona.Conduit.A.  I've seen others with similar items found from a scan and was hoping I could get some help/direction like they have received. The log is below.  Thank you.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.08.04
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger :: TILLER [administrator]
 
1/11/2014 12:54:32 AM
MBAM-log-2014-01-11 (08-56-40).txt
 
Scan type: Full scan (C:\|F:\|Q:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 549420
Time elapsed: 2 hour(s), 55 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Users\Roger\AppData\Local\Temp\CT3072253 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\CT3072253\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> No action taken.
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites
  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

tillerr

tillerr

Posted
  • Author
Posted

Sorry, I forgot to mention that each time I run the scan and try to remove these items Malwarebytes ends up Not Responding and has to shut down.  The first time I ran the scan these four instances were not the only items that showed up.  I then ran the removal option and everything but these four were removed.  Once the others were removed Malwarebytes became unresponsive as it does each time now.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in next reply..

 

Kevin

Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

Before I start the process I want to make sure I am following you correctly.  I have uTorrent installed but not open or running on my system currently (hasn't been for some time).  Is this sufficient or is there a more specific step to take to disable it?  I would prefer not to uninstall it but will if necessary.

 

Thank you

Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

I downloaded Junkware Removal Tool to my desk top and ran it as administrator.  I had to press enter to run it which first created a registry backup.  Then it checked startup.  Then it checked modules and said a bad module was detected and a reboot would be required to remove the module.  I choose to have it reboot my system.  After the reboot was complete a the JRT window popped up again and began scanning.  The log is pasted below.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista Home Premium x86
Ran by Roger on Sat 01/11/2014 at 15:12:22.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Roger\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/11/2014 at 15:22:17.71
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

I ran AdwCleaner and below is the logfile from clicking the report button.  Unless I'm missing something there are no files or folders to consider saving before running cleanup correct?

 

# AdwCleaner v3.016 - Report created 11/01/2014 at 15:24:34
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Roger - TILLER
# Running from : C:\Users\Roger\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [5529 octets] - [10/01/2014 14:29:33]
AdwCleaner[R1].txt - [1343 octets] - [11/01/2014 15:24:34]
AdwCleaner[s0].txt - [4941 octets] - [10/01/2014 14:31:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1463 octets] ##########
Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

Here is the AdwCleaner log file after cleaning and rebooting.

 

# AdwCleaner v3.016 - Report created 11/01/2014 at 16:17:37
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Roger - TILLER
# Running from : C:\Users\Roger\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [5529 octets] - [10/01/2014 14:29:33]
AdwCleaner[R1].txt - [1543 octets] - [11/01/2014 15:24:34]
AdwCleaner[s0].txt - [4941 octets] - [10/01/2014 14:31:05]
AdwCleaner[s1].txt - [1478 octets] - [11/01/2014 16:17:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1538 octets] ##########
Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

Here is the log from the Malwarbytes scan.  I saved it prior to clicking remove for all checked items because each time I do that the program becomes unresponsive.  I'll leave the program alone for a bit and see if it starts responding but based on the past few days I will have to close it down and when I start it back up and run a scan those same four issues will be there.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.08.04
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger :: TILLER [administrator]
 
1/11/2014 4:30:57 PM
MBAM-log-2014-01-11 (22-14-53).txt
 
Scan type: Full scan (C:\|F:\|Q:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 549230
Time elapsed: 2 hour(s), 47 minute(s), 53 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Users\Roger\AppData\Local\Temp\CT3072253 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\CT3072253\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> No action taken.
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

Just ran FRST.  Here is the first log, the second will follow in this same reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2014 03
Ran by Roger (administrator) on TILLER on 11-01-2014 22:21:56
Running from C:\Users\Roger\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\30.0.1599.56\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\30.0.1599.56\remoting_host.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(UltiDev LLC) C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Fisher-Price) C:\Program Files\Fisher-Price\iXL\iXL.Middleware.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Program Files\Bitcasa\Bitcasa.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\30.0.1599.56\remoting_host.exe
(Google Inc.) C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google Inc.) C:\Users\Roger\AppData\Local\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Eye-Fi, Inc.) C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Unified Intents AB) C:\Program Files\Unified Remote\RemoteServer.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Akamai Technologies, Inc.) C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Roger\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Users\Roger\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe [62312 2010-03-26] (Lenovo Group Limited)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [337256 2011-03-29] (Lenovo.)
HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [LPManager] - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] - C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [CameraApplicationLauncher] - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [16384 2009-02-02] ()
HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [4446784 2012-09-24] (Lenovo Group Limited)
HKLM\...\Run: [bLOG] - C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL [214576 2012-09-24] ()
HKLM\...\Run: [CreateLMBCShortCut] - C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe [36864 2009-01-21] ()
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [Message Center Plus] - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO)
HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64960 2011-07-12] (Lenovo Group Limited)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iXL_MiddleWare] - C:\Program Files\Fisher-Price\iXL\iXL.Middleware.exe [56376 2011-08-04] (Fisher-Price)
HKLM\...\Run: [tvncontrol] - "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [433248 2012-05-30] (Lenovo)
HKLM\...\Run: [ACWlIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [195680 2012-05-30] (Lenovo)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [3535360 2013-11-19] ()
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-01] (AVAST Software)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Google Update] - C:\Users\Roger\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-25] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKCU\...\Run: [8D61D16F694ECA70FC12DE3FFBEB2A9088500AC8._service_run] - C:\Users\Roger\AppData\Local\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Roger\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [PlayOn] - C:\Program Files\MediaMall\PlayOn.exe
HKCU\...\Run: [Eye-Fi] - C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
HKCU\...\Run: [unified Remote v2] - C:\Program Files\Unified Remote\RemoteServer.exe [277200 2013-10-31] (Unified Intents AB)
MountPoints2: {18ac0b84-eef4-11de-be49-001986002b48} - G:\system\viewer\FlipVideoforPC.exe
MountPoints2: {33e42d51-5a51-11de-a3ba-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {3de294d7-5a4b-11de-880a-002618385ce4} - S:\LenovoSDrive.exe
MountPoints2: {f0bfa89f-e4ba-11de-b781-001986002b48} - "F:\WD SmartWare.exe" autoplay=true
MountPoints2: {f0bfa8cd-e4ba-11de-b781-001986002b48} - G:\Click_me.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [] - 
HKU\Default\...\RunOnce: [Lenovoautosdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [] - 
HKU\Default User\...\RunOnce: [Lenovoautosdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\RunOnce: [] - 
HKU\Mcx1\...\RunOnce: [Lenovoautosdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Mcx1\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [ 2008-07-29] ()
HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Roger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
ShortcutTarget: MLB.TV NexDef Plug-in.lnk -> C:\Users\Roger\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {B462E133-8583-40A0-9CE4-7525667C3C7C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {F9AEFDDC-1811-42EC-8463-E1FEF940F744} URL = http://www.mypoints.com/emp/u/mysearch.vm?q={searchTerms}&mypoints_brw=1
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  No File
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Roger\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Roger\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Roger\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Roger\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Roger\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Roger\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Roger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Roger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Roger\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Move Streaming Media Player) - C:\Users\Roger\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-03-09]
CHR Extension: (Google Drive) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-03-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.0.5_0 [2013-12-07]
CHR Extension: (Google Cast) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.102.1.1_0 [2014-01-09]
CHR Extension: (Math Invaders) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfndgfelifpjlkcpbnjgegkbajimhmce\1.1_0 [2013-12-30]
CHR Extension: (Google Keep) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14025.1345_0 [2014-01-11]
CHR Extension: (Google Wallet) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-23]
CHR Extension: (Chrome to Phone) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0 [2013-11-29]
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0 [2013-04-10]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Roger\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-05-14]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Roger\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Roger\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ASLDRService; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] ()
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-01-01] (AVAST Software)
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\30.0.1599.56\remoting_host.exe [50128 2013-09-23] (Google Inc.)
R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [166376 2008-04-07] (Digital Delivery Networks, Inc.)
R2 HFGService; C:\Windows\System32\HFGService.dll [356864 2006-11-20] (CSR, plc)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665088 2012-09-24] (Lenovo Group Limited)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-06-06] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited)
R2 UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [49152 2007-02-07] (UltiDev LLC)
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-01] ()
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [29184 2006-11-20] (CSR, plc)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299840 2013-02-11] (EldoS Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-01-11] (Malwarebytes Corporation)
R2 mrtRate; C:\Windows\System32\Drivers\mrtRate.sys [34916 1999-08-12] (Marimba, Inc.)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [23920 2010-07-29] (MediaMall Technologies, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\A0101V32.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3486208 2009-06-11] ()
R3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479744 2007-08-31] (eMPIA Technology, Inc.)
R3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-31] (eMPIA Technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-11 22:21 - 2014-01-11 22:22 - 00028365 _____ C:\Users\Roger\Desktop\FRST.txt
2014-01-11 22:21 - 2014-01-11 22:21 - 00000000 ____D C:\FRST
2014-01-11 15:22 - 2014-01-11 15:22 - 00001167 _____ C:\Users\Roger\Desktop\JRT.txt
2014-01-11 12:39 - 2014-01-11 12:39 - 00000000 ____D C:\Users\Roger\AppData\Roaming\IDM
2014-01-11 12:38 - 2014-01-11 12:38 - 16487184 _____ C:\Users\Roger\Downloads\WidevineMediaOptimizerChrome.exe
2014-01-11 12:33 - 2014-01-11 12:34 - 01220096 _____ (Farbar) C:\Users\Roger\Desktop\FRST.exe
2014-01-10 15:07 - 2014-01-10 15:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 15:05 - 2014-01-10 15:06 - 01037068 _____ (Thisisu) C:\Users\Roger\Desktop\JRT.exe
2014-01-10 14:29 - 2014-01-11 16:17 - 00000000 ____D C:\AdwCleaner
2014-01-10 14:27 - 2014-01-10 14:27 - 01233962 _____ C:\Users\Roger\Desktop\AdwCleaner.exe
2014-01-10 13:47 - 2014-01-11 16:28 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-01-01 14:24 - 2014-01-01 14:24 - 00000000 ____D C:\Users\Roger\AppData\Local\Python Keyring
2014-01-01 14:15 - 2014-01-01 14:16 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-01 14:12 - 2014-01-01 14:13 - 30204824 _____ (Box Inc.) C:\Users\Roger\Downloads\BoxSyncSetup.exe
2013-12-14 15:06 - 2013-12-14 15:06 - 00146264 _____ C:\Windows\Minidump\Mini121413-01.dmp
2013-12-14 15:02 - 2013-12-14 15:02 - 00000000 ____D C:\Users\Roger\AppData\Roaming\AVAST Software
2013-12-14 14:15 - 2013-12-14 14:15 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-12 20:48 - 2013-12-12 20:48 - 00000000 ____D C:\Users\Roger\AppData\Local\PhotoChannel
2013-12-12 03:01 - 2013-11-14 17:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:01 - 2013-11-14 17:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:01 - 2013-11-14 17:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:01 - 2013-11-14 17:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 03:01 - 2013-11-14 17:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:01 - 2013-11-14 17:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 03:01 - 2013-11-14 17:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 03:01 - 2013-11-14 17:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:01 - 2013-11-14 17:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 03:01 - 2013-11-14 17:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:01 - 2013-11-14 17:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 03:01 - 2013-11-14 17:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:01 - 2013-11-14 17:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:00 - 2013-11-14 18:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:00 - 2013-11-14 17:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:00 - 2013-11-14 17:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
 
==================== One Month Modified Files and Folders =======
 
2014-01-11 22:22 - 2014-01-11 22:21 - 00028365 _____ C:\Users\Roger\Desktop\FRST.txt
2014-01-11 22:21 - 2014-01-11 22:21 - 00000000 ____D C:\FRST
2014-01-11 22:20 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 22:20 - 2006-11-02 07:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 22:11 - 2012-04-04 20:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 21:46 - 2010-08-25 16:03 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450559217-1565701889-1815041723-1003UA.job
2014-01-11 21:41 - 2009-06-16 03:42 - 01955788 _____ C:\Windows\WindowsUpdate.log
2014-01-11 21:29 - 2010-12-24 08:51 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 17:29 - 2010-12-24 08:51 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 16:28 - 2014-01-10 13:47 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-01-11 16:26 - 2012-04-24 17:57 - 00000000 ___RD C:\Users\Roger\Documents\Google Drive
2014-01-11 16:26 - 2012-03-30 16:47 - 00000000 ____D C:\Users\Roger\AppData\Roaming\Dropbox
2014-01-11 16:25 - 2012-03-30 18:27 - 00000000 ___RD C:\Users\Roger\Dropbox
2014-01-11 16:24 - 2013-04-04 21:02 - 00000000 ____D C:\Users\Roger\AppData\Local\Eye-Fi
2014-01-11 16:20 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 16:18 - 2009-11-09 17:31 - 00005332 _____ C:\Windows\bthservsdp.dat
2014-01-11 16:18 - 2006-11-02 08:01 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-11 16:17 - 2014-01-10 14:29 - 00000000 ____D C:\AdwCleaner
2014-01-11 15:22 - 2014-01-11 15:22 - 00001167 _____ C:\Users\Roger\Desktop\JRT.txt
2014-01-11 15:07 - 2011-05-08 19:48 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2014-01-11 12:39 - 2014-01-11 12:39 - 00000000 ____D C:\Users\Roger\AppData\Roaming\IDM
2014-01-11 12:38 - 2014-01-11 12:38 - 16487184 _____ C:\Users\Roger\Downloads\WidevineMediaOptimizerChrome.exe
2014-01-11 12:35 - 2009-08-31 20:18 - 00000000 ____D C:\Users\Roger\AppData\Roaming\uTorrent
2014-01-11 12:34 - 2014-01-11 12:33 - 01220096 _____ (Farbar) C:\Users\Roger\Desktop\FRST.exe
2014-01-11 09:46 - 2010-08-25 16:02 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450559217-1565701889-1815041723-1003Core.job
2014-01-11 08:44 - 2013-03-29 19:33 - 00000000 ____D C:\Users\Roger\AppData\Roaming\XBMC
2014-01-10 15:11 - 2008-01-20 21:47 - 00182920 _____ C:\Windows\PFRO.log
2014-01-10 15:07 - 2014-01-10 15:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 15:06 - 2014-01-10 15:05 - 01037068 _____ (Thisisu) C:\Users\Roger\Desktop\JRT.exe
2014-01-10 14:27 - 2014-01-10 14:27 - 01233962 _____ C:\Users\Roger\Desktop\AdwCleaner.exe
2014-01-09 14:51 - 2009-06-16 03:58 - 00000167 _____ C:\Windows\wininit.ini
2014-01-01 17:06 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-01 16:49 - 2009-06-18 23:15 - 00000000 ____D C:\Users\Roger
2014-01-01 15:25 - 2011-05-08 19:48 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-01-01 15:24 - 2013-08-27 09:43 - 00000000 ____D C:\Users\Roger\AppData\Roaming\Copy
2014-01-01 15:11 - 2013-03-17 16:08 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-01 15:11 - 2011-06-17 22:07 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-01 15:11 - 2010-07-10 14:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-01 15:11 - 2009-06-19 21:55 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-01 15:11 - 2009-06-19 21:55 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-01 15:11 - 2009-06-19 21:55 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-01 15:11 - 2009-06-19 21:55 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-01 15:11 - 2009-06-19 21:55 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-01-01 14:24 - 2014-01-01 14:24 - 00000000 ____D C:\Users\Roger\AppData\Local\Python Keyring
2014-01-01 14:16 - 2014-01-01 14:15 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-01 14:13 - 2014-01-01 14:12 - 30204824 _____ (Box Inc.) C:\Users\Roger\Downloads\BoxSyncSetup.exe
2013-12-30 14:45 - 2013-04-04 21:02 - 00000000 ____D C:\Users\Roger\AppData\Roaming\Eye-Fi
2013-12-30 09:33 - 2009-06-21 20:35 - 00001746 ____H C:\Users\Roger\Documents\Default.rdp
2013-12-14 15:06 - 2013-12-14 15:06 - 00146264 _____ C:\Windows\Minidump\Mini121413-01.dmp
2013-12-14 15:06 - 2009-06-20 07:04 - 00000000 ____D C:\Windows\Minidump
2013-12-14 15:05 - 2009-06-20 07:03 - 404156080 _____ C:\Windows\MEMORY.DMP
2013-12-14 15:02 - 2013-12-14 15:02 - 00000000 ____D C:\Users\Roger\AppData\Roaming\AVAST Software
2013-12-14 14:19 - 2013-03-17 16:08 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-14 14:15 - 2013-12-14 14:15 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-14 14:14 - 2006-11-02 05:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-12-14 11:30 - 2010-06-26 19:15 - 00000000 ____D C:\Program Files\Google
2013-12-12 20:48 - 2013-12-12 20:48 - 00000000 ____D C:\Users\Roger\AppData\Local\PhotoChannel
2013-12-12 05:11 - 2012-04-04 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-12 05:11 - 2011-05-14 08:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 03:29 - 2006-11-02 07:47 - 00430440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:06 - 2013-07-20 02:07 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 03:02 - 2006-11-02 05:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Roger\librtmp.dll
 
 
Some content of TEMP:
====================
C:\Users\Roger\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Roger\AppData\Local\Temp\_is460C.exe
C:\Users\Roger\AppData\Local\Temp\_isA0BE.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-11 16:29
 
==================== End Of Log ============================
 
Here is the second log requested from FRST.
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2014 03
Ran by Roger at 2014-01-11 22:23:20
Running from C:\Users\Roger\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (Version: 3.3.1.30017 - BitTorrent Inc.)
3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
AC3Filter (remove only) (Version:  - )
Access Help (Version: 2.11 - )
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (Version:  - )
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems Inc.) Hidden
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.)
Akamai NetSession Interface (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (Version: 2.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (Version: 3.0.745.0 - ATI Technologies, Inc.)
ATI MCE Encoder (Version: 10.10.0.40925 - ATI Technologies Inc.) Hidden
avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
AviSynth 2.5 (Version:  - )
Bitcasa version 1.1.4.12 (Version: 1.1.4.12 - Bitcasa Inc.)
Box Sync (Version: 4.0.4052.0 - Box Inc.) Hidden
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Camera Center (Version: 1.0.29 - Lenovo)
Carbon (Version: 1.0.0 - ClockworkMod)
Chrome Remote Desktop Host (Version: 30.0.1599.56 - Google Inc.)
Cisco EAP-FAST Module (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.0.13 - Cisco Systems, Inc.)
Client Security - Password Manager (Version: 8.21.0006.00 - Lenovo Group Limited)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (Version: 4.75.0.50 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAO 3.5 (Version:  - )
Dell B1160w Mono Laser Printer (Version:  - DELL Inc.)
DIBS (Version: 1.0.0 - DDNI) Hidden
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Drag-to-Disc (Version: 9.05 - Sonic Solutions)
DriveImage XML (Private Edition) (Version: 2.02 - Runtime Software)
Dropbox (Version: 2.0.22 - Dropbox, Inc.)
Eye-Fi Center 3.4 (Version: 3.4.26 - Eye-Fi, Inc)
Fisher-Price iXL - Batman (Version: 1.0.0.0 - Fisher-Price)
Fisher-Price iXL - Batman (Version: 1.0.0.0 - Fisher-Price) Hidden
Fisher-Price iXL - Cars 2 (Version: 1.0.0 - Fisher-Price)
Fisher-Price iXL - Cars 2 (Version: 1.0.0 - Fisher-Price) Hidden
Fisher-Price iXL - Dinosaurs (Version: 1.0.0 - Fisher-Price)
Fisher-Price iXL - Dinosaurs (Version: 1.0.0 - Fisher-Price) Hidden
Fisher-Price iXL - Green Lantern (Version: 1.0.0 - Fisher-Price)
Fisher-Price iXL - Green Lantern (Version: 1.0.0 - Fisher-Price) Hidden
Fisher-Price iXL - Handy Manny (Version: 1.0.0.0 - Fisher-Price)
Fisher-Price iXL - Handy Manny (Version: 1.0.0.0 - Fisher-Price) Hidden
Fisher-Price iXL - Toy Story (Version: 1.0.0.0 - Fisher-Price)
Fisher-Price iXL - Toy Story (Version: 1.0.0.0 - Fisher-Price) Hidden
Fisher-Price iXL Computer Software (Version: 2.0.2.8 - Fisher-Price)
Fisher-Price iXL Computer Software (Version: 2.0.2.8 - Fisher-Price) Hidden
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Drive (Version: 1.13.5782.599 - Google, Inc.)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Talk Plugin (Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.50 - Conexant Systems)
Help Center (Version: 2.00n - )
Integrated Camera (Version: 5.8.53002.0 - Sonix)
Intel® Graphics Media Accelerator Driver (Version:  - Intel Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (Version: 5.0-B11.1268 - InterVideo Inc.)
Java 7 Update 40 (Version: 7.0.400 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Lenovo Auto Scroll Utility (Version: 1.11 - )
Lenovo Care (Version: 3.00b - )
Lenovo Care Supplement (Version: 3.00b - )
Lenovo News-Shop (Version: 3.0.3.0 - DDNI)
Lenovo Patch Utility (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (Version:  - Lenovo - Leader Technologies)
Lenovo System Interface Driver (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome v1.0.24.3 (Version:  - Lenovo)
Lenovo_ATK_Package (Version: 0.00.04.0 - Lenovo)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Message Center (Version: 2.01g - )
Message Center Plus (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (Version: 2.9 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Connect (Version: 3.4.0058 - Lenovo)
Move Media Player (Version:  - Move Networks)
mSecure (Version: 3.133 - mSeven Software LLC)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MTP Porting Kit (Version: 12.0.0 - Microsoft Corp)
Music Manager (Version:  - Google, Inc.)
muvee Plugin 1.0 (Version: 1.01.100 - muvee Technologies)
Nikon Message Center 2 (Version: 2.1.0 - Nikon)
Nikon Movie Editor (Version: 2.7.0 - Nikon)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
On Screen Display (Version: 6.62.01 - )
Picasa 3 (Version: 3.9 - Google, Inc.)
Picture Control Utility (Version: 1.4.11 - Nikon)
Power Manager (Version: 6.36 - )
Presentation Director (Version: 4.08 - )
Product Recovery Disc Burning Utility (Version: 1.0.0025.00 - Lenovo Group Limited)
Quicken Basic 2000 (Version:  - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Registry patch for Windows Vista USB S3 PM Enablement (Version: 1.00 - )
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista  (Version: 1.01 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (Version: 4.21.0015.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (Version: 3.55.01 - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Small Business Edition (Version: 10.1 - Roxio)
Roxio Creator Small Business Edition (Version: 10.1.177 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype Click to Call (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.6 (Version: 6.6.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (Version: 2.0.0 - Lenovo)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Migration Assistant (Version: 6.00.0009 - Lenovo Group Limited.)
System Update (Version: 3.15.0017 - Lenovo)
ThinkPad EasyEject Utility  (Version: 2.39 - )
ThinkPad FullScreen Magnifier (Version: 2.30 - )
ThinkPad Mobility Center Customization (Version: 1.50.0000 - Lenovo)
ThinkPad Power Management Driver for SL Series (Version: 1.44 - )
ThinkPad UltraNav Driver (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (Version: 2.13.0 - Lenovo)
Thinkpad Wireless LAN Adapters Software (11a/b/g/n) (Version: 7.7.0.498b - Atheros)
ThinkVantage Access Connections (Version: 5.90 - Lenovo)
ThinkVantage Active Protection System (Version: 1.75 - Lenovo)
ThinkVantage Status Gadget (Version: 1.1.0027 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 2.00 - ) Hidden
UltiDev Cassini Web Server Explorer (Version: 1.0.4 - UltiDev LLC)
UltiDev Cassini Web Server for ASP.NET 2.0 (Version: 1.0.6 - UltiDev LLC)
Unified Remote (Version: 2.11.0.0 - Unified Remote)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
USB Video Driver (Version: 1.00 - EETI)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless BroadbandAccess Self Activation (Version: 1.3.2 - Smith Micro Software, Inc.)
ViewNX 2 (Version: 2.7.4 - Nikon)
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
Wallpapers (Version:  - ) Hidden
Widevine Media Optimizer Chrome 6.0.0 (Version: 6.0.0.12442 - Widevine Technologies)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44) (Version: 05/14/2008 1.44 - Lenovo)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0 - Microsoft Corporation)
WinImage (Version:  - )
WinRAR 5.00 (32-bit) (Version: 5.00.0 - win.rar GmbH)
XBMC (Version:  - Team XBMC)
XBMCHUB Wizard (Version: 01.00.00.00 - XBMCHUB)
Xvid 1.2.2 final uninstall (Version: 1.2 - Xvid team (Koepi))
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.5 - Inquisitive Minds, Inc) Hidden
 
==================== Restore Points  =========================
 
26-12-2013 22:36:04 Scheduled Checkpoint
28-12-2013 05:00:07 Scheduled Checkpoint
29-12-2013 05:00:10 Scheduled Checkpoint
29-12-2013 16:00:14 Windows Backup
31-12-2013 23:36:55 Windows Update
01-01-2014 19:13:51 Box Sync
01-01-2014 20:07:24 avast! antivirus system restore point
01-01-2014 20:17:24 Removed Copy
01-01-2014 21:50:15 Removed Box Sync
03-01-2014 05:00:07 Scheduled Checkpoint
04-01-2014 05:00:07 Scheduled Checkpoint
05-01-2014 05:00:06 Scheduled Checkpoint
05-01-2014 16:00:14 Windows Backup
07-01-2014 10:45:21 Windows Update
10-01-2014 18:59:40 Windows Update
11-01-2014 09:33:51 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {039967AA-F825-4A40-8659-B993586BDF00} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {45E1F8D6-1AF7-4C37-BC63-035D05D11C71} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {69F213E5-3BDF-40D9-8C90-E990979ABD57} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {6C585FFF-224A-447A-83C6-6DE3BAA8340D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {7A5FB3AD-D137-4F48-BCB6-3488349E6934} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7CC3C66E-E5E1-4947-BAB1-B89C85B19AE4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2450559217-1565701889-1815041723-1003UA => C:\Users\Roger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25] (Google Inc.)
Task: {7F745D6E-A4E1-4075-9F13-5DB73F4B2E86} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Roger => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {7F864178-D5E5-4416-B474-5441D09B5778} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {84961C2F-8912-4456-89E2-791D9BDB9A5C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C5881A0A-EFEA-466C-8329-0088F3D0178D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C809343F-58F4-4458-BF09-202098C6D316} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C92D0E10-F145-4BBC-9F70-79CD593564F8} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2012-09-24] (Lenovo Group Limited)
Task: {DDCCBCD0-83F0-4798-AB76-94D45C181A44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-14] (Google Inc.)
Task: {DF09478D-0C9B-48AF-BD29-368B30ABD9DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2450559217-1565701889-1815041723-1003Core => C:\Users\Roger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E9BE56E9-185C-4704-8146-3DF970FD3095} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {EA337777-B0EF-49FA-9ACB-E06E67110DA1} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-01-01] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450559217-1565701889-1815041723-1003Core.job => C:\Users\Roger\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450559217-1565701889-1815041723-1003UA.job => C:\Users\Roger\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-17 14:13 - 2013-11-19 00:38 - 00253440 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2013-08-17 14:13 - 2013-11-19 00:38 - 01905664 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2009-06-16 04:05 - 2012-09-24 06:36 - 00084480 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2009-06-16 03:58 - 2007-06-18 18:28 - 00056056 ____N () C:\Windows\system32\DLAAPI_W.DLL
2009-06-16 04:05 - 2012-09-24 06:36 - 00103424 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMROV.DLL
2008-06-06 16:13 - 2008-06-06 16:13 - 00139264 _____ () c:\Program Files\Common Files\Lenovo\CDRecord.dll
2009-06-16 04:04 - 2007-03-09 18:16 - 00106496 ____R () C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll
2012-05-30 15:10 - 2012-05-30 15:10 - 00086016 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll
2010-12-17 17:13 - 2010-12-17 17:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-12-14 14:19 - 2013-12-14 14:19 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2013-02-27 14:33 - 2013-02-27 14:33 - 10683392 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-02-27 14:32 - 2013-02-27 14:32 - 07741952 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-02-27 14:32 - 2013-02-27 14:32 - 02248192 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-02-27 14:33 - 2013-02-27 14:33 - 01681408 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-11-11 20:03 - 2013-11-11 20:03 - 00117248 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-11-11 20:04 - 2013-11-11 20:04 - 00231936 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-11-11 20:03 - 2013-11-11 20:03 - 00253440 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-11-11 20:05 - 2013-11-11 20:05 - 00344064 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-02-27 14:33 - 2013-02-27 14:33 - 00026624 _____ () C:\Users\Roger\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2011-12-21 21:59 - 2011-12-21 21:59 - 00133120 _____ () C:\Program Files\Eye-Fi\Helper\libexif.dll
2011-12-21 21:56 - 2011-12-21 21:56 - 00209408 _____ () C:\Program Files\Eye-Fi\Helper\libopenraw.dll
2013-03-13 15:48 - 2013-03-13 15:48 - 24978944 _____ () C:\Users\Roger\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-16 12:25 - 2011-03-16 12:25 - 00020480 _____ () C:\Users\Roger\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2011-03-16 12:25 - 2011-03-16 12:25 - 00069632 _____ () C:\Users\Roger\AppData\Local\Autobahn\rt\bin\java.dll
2011-03-16 12:25 - 2011-03-16 12:25 - 00126976 _____ () C:\Users\Roger\AppData\Local\Autobahn\rt\bin\zip.dll
2011-03-16 12:25 - 2011-03-16 12:25 - 00159744 _____ () C:\Users\Roger\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2014-01-11 16:24 - 2014-01-11 16:24 - 00098816 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32api.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00110080 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\pywintypes27.dll
2014-01-11 16:24 - 2014-01-11 16:24 - 00364544 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\pythoncom27.dll
2014-01-11 16:24 - 2014-01-11 16:24 - 00044032 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\_socket.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 01153024 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\_ssl.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00320512 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32com.shell.shell.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00711680 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\_hashlib.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 01175040 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\wx._core_.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00805888 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\wx._gdi_.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00811008 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\wx._windows_.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 01062400 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\wx._controls_.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00735232 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\wx._misc_.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00128512 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\_elementtree.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00127488 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\pyexpat.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00557056 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\pysqlite2._sqlite.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00087040 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\_ctypes.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00119808 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32file.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00108544 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32security.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00018432 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32event.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00038912 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32inet.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00122368 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\wx._wizard.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00026624 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\_multiprocessing.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00070656 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\wx._html2.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00010240 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\select.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00686080 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\unicodedata.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00025600 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32pdh.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00521680 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\windows._lib_cacheinvalidation.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00011264 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32crypt.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00024064 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32pipe.pyd
2014-01-11 16:25 - 2014-01-11 16:25 - 00035840 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32process.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00017408 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32profile.pyd
2014-01-11 16:24 - 2014-01-11 16:24 - 00022528 _____ () C:\Users\Roger\AppData\Local\Temp\_MEI44362\win32ts.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2014 10:21:08 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16ec
Start Time: 01cf0f141c0162dc
Termination Time: 10
 
Error: (01/11/2014 04:25:57 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 31.0.1650.63, time stamp 0x529e8b45, faulting module sdb2mdu.dll, version 6.4.36.24, time stamp 0x50f04f6b, exception code 0xc0000005, fault offset 0x0000a8c8,
process id 0x1ad8, application start time 0xchrome.exe0.
 
Error: (01/11/2014 04:20:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/11/2014 05:42:25 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (01/11/2014 04:27:14 PM) (Source: Service Control Manager) (User: )
Description: Windows Update
 
Error: (01/11/2014 04:23:30 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
 
Error: (01/11/2014 04:20:52 PM) (Source: Service Control Manager) (User: )
Description: tvtumon
 
Error: (01/11/2014 04:20:48 PM) (Source: Service Control Manager) (User: )
Description: SessionLauncher%%3
 
Error: (01/11/2014 03:26:16 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain
 
Error: (01/11/2014 03:25:46 PM) (Source: Service Control Manager) (User: )
Description: 30000
 
Error: (01/11/2014 03:24:46 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain
 
Error: (01/11/2014 03:24:16 PM) (Source: Service Control Manager) (User: )
Description: 30000
 
Error: (01/11/2014 03:23:37 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain
 
 
Microsoft Office Sessions:
=========================
Error: (01/11/2014 10:21:08 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.116ec01cf0f141c0162dc10
 
Error: (01/11/2014 04:25:57 PM) (Source: Application Error)(User: )
Description: chrome.exe31.0.1650.63529e8b45sdb2mdu.dll6.4.36.2450f04f6bc00000050000a8c81ad801cf0f13a5135f2c
 
Error: (01/11/2014 04:20:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-11 18:57:14.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:14.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:13.468
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:12.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:12.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:11.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:10.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:09.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:09.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-11 18:57:08.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 59%
Total physical RAM: 3036.54 MB
Available physical RAM: 1241.88 MB
Total Pagefile: 6279.32 MB
Available Pagefile: 4317.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.49 MB
 
==================== Drives ================================
 
Drive c: (SW_Preload) (Fixed) (Total:286.86 GB) (Free:76.34 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:239.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive i: (Bitcasa Infinite Drive) (Removable) (Total:8589934592 GB) (Free:8589934591.99 GB) Bitcasa
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:2.51 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: EE60FC0E)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0008F18D)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for logs, continue please:

 

Disable teatimer and leave off for now.

 

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident

2. Run Spybot S&D

3. Go to the Mode menu, and make sure Advanced Mode is selected.

4. On the left hand side, choose Tools > Resident > uncheck Resident TeaTimer and OK any prompt and Restart your computer.

 

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download tfc_icon.png TFC  to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe


  •    
  • Save any open work. TFC will close all open application windows.
       
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
       
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs.....

 

Kevin...

 

Fixlist.txt

Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

Here is the fixlog.txt.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2014
Ran by Roger at 2014-01-12 08:38:02 Run:1
Running from C:\Users\Roger\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
MountPoints2: {18ac0b84-eef4-11de-be49-001986002b48} - G:\system\viewer\FlipVideoforPC.exe
MountPoints2: {33e42d51-5a51-11de-a3ba-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {3de294d7-5a4b-11de-880a-002618385ce4} - S:\LenovoSDrive.exe
MountPoints2: {f0bfa89f-e4ba-11de-b781-001986002b48} - "F:\WD SmartWare.exe" autoplay=true
MountPoints2: {f0bfa8cd-e4ba-11de-b781-001986002b48} - G:\Click_me.exe
HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Roger\librtmp.dll
C:\Users\Roger\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Roger\AppData\Local\Temp\_is460C.exe
C:\Users\Roger\AppData\Local\Temp\_isA0BE.exe
End
 
*****************
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18ac0b84-eef4-11de-be49-001986002b48} => Key deleted successfully.
HKCR\CLSID\{18ac0b84-eef4-11de-be49-001986002b48} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33e42d51-5a51-11de-a3ba-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{33e42d51-5a51-11de-a3ba-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de294d7-5a4b-11de-880a-002618385ce4} => Key deleted successfully.
HKCR\CLSID\{3de294d7-5a4b-11de-880a-002618385ce4} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0bfa89f-e4ba-11de-b781-001986002b48} => Key deleted successfully.
HKCR\CLSID\{f0bfa89f-e4ba-11de-b781-001986002b48} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0bfa8cd-e4ba-11de-b781-001986002b48} => Key deleted successfully.
HKCR\CLSID\{f0bfa8cd-e4ba-11de-b781-001986002b48} => Key not found.
HKU\Mcx1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
PcdrNdisuio => Service deleted successfully.
C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\Roger\librtmp.dll => Moved successfully.
C:\Users\Roger\AppData\Local\Temp\AdobeUpdater12345.exe => Moved successfully.
C:\Users\Roger\AppData\Local\Temp\_is460C.exe => Moved successfully.
C:\Users\Roger\AppData\Local\Temp\_isA0BE.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

I installed an ran TFC. It closed all programs including the desktop but seems to have become unresponsive similar to Malwarebytes from earlier.  The computer did not reboot.  Should I wait or perform a reboot via Ctrl+Alt+Del?  The last two lines in the output window of TFC are User: Public and User: Roger.

Link to post
Share on other sites
tillerr

tillerr

Posted
  • Author
Posted

After running Malwarebytes the same four items show up again.  I'm posting the log before clicking "Remove Selected" because I'm concerned that Malwarebytes will become unresponsive while trying to perform this action, as it has the previous times.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.08.04
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Roger :: TILLER [administrator]
 
1/12/2014 11:46:25 AM
MBAM-log-2014-01-12 (14-37-43).txt
 
Scan type: Full scan (C:\|F:\|Q:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 546808
Time elapsed: 2 hour(s), 30 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Users\Roger\AppData\Local\Temp\CT3072253 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\CT3072253\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Roger\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> No action taken.
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.