Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with Microsoft 7 and unwanted popups/ downloads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with Microsoft 7 and unwanted popups/ downloads

Unread postby jkephart » February 12th, 2015, 7:24 pm

Hi,

Getting new tabs opening while browsing, suggesting I have security threats and need to download various fixes. Have not downloaded anything. I scanned with Norton and ran disk clean up no better.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by Jesse at 14:47:33 on 2015-02-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3775.1523 [GMT -9:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\lxeecoms.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LuckyTab\LuckyTab.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
mRun: [ospd_us_684] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A9D1EB14-79ED-4E64-B8D6-E6B41E614A79} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A9D1EB14-79ED-4E64-B8D6-E6B41E614A79}\84F607560275F6F6460275F627B637 : DHCPNameServer = 216.152.176.1 216.152.176.2 192.168.1.1
TCP: Interfaces\{A9D1EB14-79ED-4E64-B8D6-E6B41E614A79}\84F607560275F6F6460275F627B637D27657563747 : DHCPNameServer = 216.152.176.1 216.152.176.2 192.168.33.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [lxeemon.exe] "C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2013-12-19 29512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-12-19 19224]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2012-9-6 25448]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2013-12-19 140016]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-12-19 161560]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-12-19 58664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-12-19 127072]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-12-19 61736]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-12-19 188200]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2013-12-19 136288]
R2 lxee_device;lxee_device;C:\Windows\System32\lxeecoms.exe -service --> C:\Windows\System32\lxeecoms.exe -service [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe [2014-10-1 276376]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-3-25 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-3-25 70152]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2013-12-19 101888]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-12-19 145808]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-12-19 125504]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-12-19 363800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2013-12-19 216064]
R3 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [2015-2-2 1622744]
R3 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys [2014-10-1 162392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-12 142640]
R3 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150211.001\IDSviA64.sys [2015-2-11 669400]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-12-19 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-12-19 356632]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-12-19 789272]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528]
R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-12-19 1662560]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys [2014-10-1 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys [2014-10-1 1148120]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys [2014-10-1 266968]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys [2014-10-1 593112]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-6 40248]
R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2013-12-19 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeeserv.exe [2014-2-19 33960]
S3 c811bus;G'zOne Commando 4G LTE Bus Driver;C:\Windows\System32\drivers\c811bus.sys [2014-6-11 169800]
S3 c811serd;G'zOne Commando 4G LTE USB Virtual Serial Port (WDM);C:\Windows\System32\drivers\c811serd.sys [2014-6-11 159048]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-12-19 320576]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2013-12-19 55536]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-10 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-12-19 1665120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-30 1255736]
.
=============== Created Last 30 ================
.
2015-02-12 23:39:53 -------- d-----w- C:\Windows\System32\appmgmt
2015-02-11 23:32:52 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-11 23:32:52 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-11 23:32:52 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-11 23:32:52 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-11 13:04:09 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED74EE36-ACA3-423F-B081-36B34A917DB6}\offreg.dll
2015-02-11 01:06:59 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-02-11 01:06:59 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2015-02-11 01:06:55 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-11 01:06:54 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-11 01:06:54 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-11 01:06:54 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-11 01:06:54 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-11 01:06:54 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-11 01:06:54 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-11 01:06:49 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-11 01:06:49 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-11 01:06:31 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-10 07:16:11 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED74EE36-ACA3-423F-B081-36B34A917DB6}\mpengine.dll
2015-01-19 19:18:23 -------- d-----w- C:\Users\Jesse\AppData\Local\NPE
2015-01-19 18:17:11 45216 ----a-w- C:\Windows\System32\drivers\cmwr.sys
2015-01-19 18:17:09 -------- d-----w- C:\ProgramData\PicColorData
2015-01-19 18:16:55 324776 ----a-w- C:\Windows\SysWow64\ColorMedia.dll
2015-01-19 18:16:51 370688 ----a-w- C:\Windows\System32\ColorMedia64.dll
2015-01-19 18:16:45 -------- d-----w- C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0
2015-01-19 18:16:27 -------- d-----w- C:\Program Files (x86)\LuckyTab
2015-01-19 18:16:23 -------- d-----w- C:\Users\Jesse\AppData\Roaming\SimpleFiles
2015-01-17 17:38:26 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-15 21:36:34 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-15 21:36:32 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-15 21:36:32 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-15 21:36:32 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-15 21:36:30 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
.
==================== Find3M ====================
.
2015-01-20 21:32:22 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-01-09 03:14:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-01-09 02:48:18 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2014-12-23 09:41:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-11-26 03:53:59 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-26 03:32:05 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-18 23:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 14:47:55.65 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/28/2014 7:18:06 AM
System Uptime: 2/11/2015 9:45:07 AM (29 hours ago)
.
Motherboard: LENOVO | | 23426QU
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz | CPU Socket - U3E1 | 1196/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 445 GiB total, 384.823 GiB free.
E: is CDROM (CDFS)
Q: is FIXED (NTFS) - 20 GiB total, 5.434 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 1/26/2015 12:00:01 AM - Scheduled Checkpoint
RP69: 2/2/2015 8:29:15 PM - Scheduled Checkpoint
RP70: 2/4/2015 9:07:07 PM - Windows Update
RP71: 2/9/2015 10:14:39 PM - Windows Update
RP72: 2/11/2015 3:00:34 AM - Windows Update
RP73: 2/12/2015 3:00:15 AM - Windows Update
RP74: 2/12/2015 2:39:13 PM - Removed Microsoft Silverlight
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.7) MUI
Burn.Now 4.5
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Create Recovery Media
Direct DiscRecorder
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
Dolby Advanced Audio v2
G'zOne Commando 4G LTE USB Driver
Google Chrome
Google Update Helper
HP Officejet 6600 Basic Device Software
HP Support Solutions Framework
Integrated Camera Driver Installer Package Ver.1.2.1.16
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Java 8 Update 31
Java Auto Updater
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Registration
Lenovo Solution Center
Lenovo System Update
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
Lexmark Printable Web
Lexmark Pro700 Series
Message Center Plus
Metric Collection SDK
Microsoft .NET Framework 4.5.1
Microsoft Office
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Print Monitor for Windows 2000/XP/2003/Vista
Nitro Pro 8
Norton Internet Security
On Screen Display
Power Manager
RapidBoot HDD Accelerator
RapidBoot Shield
Realtek High Definition Audio Driver
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
RICOH_Media_Driver_v2.14.18.01
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956097) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956098) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2920788) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2956099) 32-Bit Edition
SketchUp 2014
SugarSync Manager
Synaptics Pointing Device Driver
ThinkPad Power Management Driver
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956096) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VZ-TL-PC
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0)
.
==== Event Viewer Messages From Past Week ========
.
2/9/2015 1:41:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service.
2/11/2015 3:24:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxeeCATSCustConnectService service to connect.
2/11/2015 3:24:06 AM, Error: Service Control Manager [7000] - The lxeeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2015 2:30:38 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
2/11/2015 2:20:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.
.
==== End Of File ===========================
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm
Advertisement
Register to Remove

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby pgmigg » February 14th, 2015, 8:35 pm

Hello jkephart ,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby pgmigg » February 14th, 2015, 11:46 pm

Hello jkephart,

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button. The AdwCleaner may reboot your computer - please allow it...
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 3.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Sn].txt log file
  3. Contents of the JRT.txt log file
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby jkephart » February 17th, 2015, 4:40 pm

Hello pgmigg,

seems to have stopped hyperlink irritation.

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 10:45:15
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jesse - JESSE-THINK
# Running from : C:\Users\Jesse\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [3332 bytes] - [13/02/2015 15:35:01]
AdwCleaner[R1].txt - [1171 bytes] - [14/02/2015 16:00:38]
AdwCleaner[R2].txt - [991 bytes] - [17/02/2015 10:41:23]
AdwCleaner[S0].txt - [3376 bytes] - [13/02/2015 15:36:49]
AdwCleaner[S1].txt - [1244 bytes] - [14/02/2015 16:01:49]
AdwCleaner[S2].txt - [919 bytes] - [17/02/2015 10:45:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [977 bytes] ##########
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby jkephart » February 17th, 2015, 4:41 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Jesse on Tue 02/17/2015 at 11:19:45.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/17/2015 at 11:23:39.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby jkephart » February 17th, 2015, 4:41 pm

OTL logfile created on: 2/17/2015 11:29:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jesse\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.69 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 54.88% Memory free
7.37 Gb Paging File | 5.28 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.76 Gb Total Space | 387.32 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive Q: | 19.53 Gb Total Space | 5.43 Gb Free Space | 27.82% Space Free | Partition Type: NTFS

Computer Name: JESSE-THINK | User Name: Jesse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/02/17 11:25:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jesse\Downloads\OTL.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/10/16 17:13:12 | 001,360,672 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
PRC - [2014/09/21 01:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
PRC - [2014/09/15 13:19:02 | 000,089,352 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/12 16:41:00 | 000,140,016 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2013/03/25 16:56:58 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013/01/28 13:22:44 | 000,188,200 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2013/01/28 13:22:38 | 000,293,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013/01/28 13:22:34 | 000,061,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013/01/28 13:22:14 | 000,058,664 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/12/05 06:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2012/09/14 07:15:44 | 000,583,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012/08/25 10:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2012/05/15 15:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2012/05/15 12:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/04/19 15:32:12 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/27 23:20:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/02/27 23:20:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/02/27 23:20:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/01 06:41:36 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
PRC - [2009/10/01 06:41:34 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
PRC - [2008/01/10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2009/10/01 06:41:36 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
MOD - [2009/10/01 06:41:34 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
MOD - [2009/07/17 03:33:27 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedrs.dll
MOD - [2009/07/17 03:32:35 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009/05/27 03:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
MOD - [2009/04/07 10:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
MOD - [2009/03/30 03:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epoemdll.dll
MOD - [2009/03/30 03:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
MOD - [2009/03/30 03:37:44 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizres.dll
MOD - [2009/03/30 03:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizard.dll
MOD - [2009/03/30 03:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
MOD - [2009/03/30 03:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epfunct.dll
MOD - [2009/03/30 03:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\eputil.dll
MOD - [2009/03/30 03:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\imagutil.dll
MOD - [2009/03/09 20:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009/03/02 05:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009/02/19 23:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll
MOD - [2009/02/19 23:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/01/11 17:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/16 17:13:48 | 000,272,776 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV:64bit: - [2013/12/19 11:38:11 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/25 16:56:52 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2013/01/28 13:22:44 | 000,188,200 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV:64bit: - [2013/01/28 13:22:34 | 000,061,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2013/01/28 13:22:14 | 000,058,664 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2012/12/05 06:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2012/09/08 12:21:40 | 000,145,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2012/09/06 09:49:06 | 000,046,984 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2012/08/25 10:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2012/08/10 19:49:38 | 000,136,288 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2012/05/29 14:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2012/02/28 21:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2012/02/26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 04:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 04:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/07/30 06:26:16 | 001,054,888 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2009/07/30 06:26:11 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV:64bit: - [2009/07/13 16:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/21 01:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe -- (NIS)
SRV - [2014/09/15 13:19:02 | 000,089,352 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/06/18 09:01:52 | 000,024,560 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2014/03/20 13:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 18:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/12 16:41:00 | 000,140,016 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2013/03/25 16:56:58 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/05/15 12:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/15 12:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/05/15 12:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012/03/28 06:06:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/27 23:20:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/27 23:20:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/27 23:20:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/30 06:26:11 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2009/07/30 06:26:03 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device)
SRV - [2008/01/10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/02/17 11:28:19 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/08/25 17:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 17:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 10:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/05/28 23:27:37 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/03 19:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 14:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2014/02/17 16:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/10/29 22:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/04/12 16:41:00 | 000,055,536 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Fastboot.sys -- (Fastboot)
DRV:64bit: - [2013/02/11 10:12:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/02/11 10:12:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/02/11 09:51:41 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/12/07 02:53:46 | 000,159,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\c811serd.sys -- (c811serd)
DRV:64bit: - [2012/12/07 02:53:44 | 000,169,800 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\c811bus.sys -- (c811bus)
DRV:64bit: - [2012/09/06 09:49:06 | 000,025,448 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2012/07/23 10:11:44 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2012/05/29 19:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/05/15 12:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012/05/15 12:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/04/19 16:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/04/19 16:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/04/19 15:32:08 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/04/19 15:32:06 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/04/19 15:32:06 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/04/08 06:18:54 | 000,429,328 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/26 15:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2012/03/18 22:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/28 21:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/02/20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/16 15:19:42 | 000,216,064 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/10 18:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/12/26 00:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/12/08 09:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011/12/05 10:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/09 07:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/05/29 01:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011/05/25 16:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/11/20 18:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 18:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 14:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/02/05 17:50:01 | 000,669,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20150217.001\IDSviA64.sys -- (IDSVia64)
DRV - [2015/02/02 17:53:32 | 001,622,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20150203.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2015/01/19 23:02:56 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150216.035\ex64.sys -- (NAVEX15)
DRV - [2015/01/19 23:02:56 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20150216.035\eng64.sys -- (NAVENG)
DRV - [2014/12/11 05:57:07 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/12/11 05:57:07 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{D58E3BFB-A5C0-40BE-A750-2AF104813924}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D58E3BFB-A5C0-40BE-A750-2AF104813924}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1247164581-1980811009-662463658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com/?pc=LNJB
IE - HKU\S-1-5-21-1247164581-1980811009-662463658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKU\S-1-5-21-1247164581-1980811009-662463658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKU\S-1-5-21-1247164581-1980811009-662463658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com/?pc=LNJB
IE - HKU\S-1-5-21-1247164581-1980811009-662463658-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1247164581-1980811009-662463658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1247164581-1980811009-662463658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn\ [2015/02/17 10:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014/06/24 14:05:48 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [lxeemon.exe] C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9D1EB14-79ED-4E64-B8D6-E6B41E614A79}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/01 15:57:02 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{32391243-6d27-11e3-b9e7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{32391243-6d27-11e3-b9e7-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2013/07/01 15:57:02 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{98fd345e-e674-11e3-9617-28d24447e6fc}\Shell - "" = AutoRun
O33 - MountPoints2\{98fd345e-e674-11e3-9617-28d24447e6fc}\Shell\AutoRun\command - "" = D:\TL-BootStrap.exe
O33 - MountPoints2\{9feb1c6f-ffd1-11e3-a40d-28d24447e6fc}\Shell - "" = AutoRun
O33 - MountPoints2\{9feb1c6f-ffd1-11e3-a40d-28d24447e6fc}\Shell\AutoRun\command - "" = D:\TL-BootStrap.exe
O33 - MountPoints2\{9feb1ce1-ffd1-11e3-a40d-28d24447e6fc}\Shell - "" = AutoRun
O33 - MountPoints2\{9feb1ce1-ffd1-11e3-a40d-28d24447e6fc}\Shell\AutoRun\command - "" = F:\TL-BootStrap.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\TL-BootStrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/02/13 15:52:05 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/13 15:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/13 15:50:15 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/13 15:50:15 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/13 15:50:15 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/13 15:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/13 15:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/13 15:34:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/12 14:39:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2015/02/11 14:32:52 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/11 14:32:52 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/11 14:32:52 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/10 16:08:09 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2015/02/10 16:08:09 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2015/02/10 16:08:01 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/02/10 16:07:58 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/10 16:07:58 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/10 16:07:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/10 16:07:58 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/10 16:07:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/10 16:07:57 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/10 16:07:57 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/10 16:07:57 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/10 16:07:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/10 16:07:57 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/10 16:07:56 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/10 16:07:56 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/10 16:07:56 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/10 16:07:56 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/10 16:07:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/10 16:07:56 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/10 16:07:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/10 16:07:56 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/10 16:07:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/10 16:07:55 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/10 16:07:55 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/10 16:07:55 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/10 16:07:55 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/10 16:07:54 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/10 16:07:54 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/10 16:07:54 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/10 16:07:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/10 16:07:53 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/10 16:07:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/10 16:07:52 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/10 16:07:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/10 16:07:52 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/10 16:07:27 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015/02/10 16:07:27 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2015/02/10 16:07:22 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/02/10 16:07:21 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/10 16:07:21 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/02/10 16:07:21 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/02/10 16:07:21 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/02/10 16:07:21 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/02/10 16:07:21 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/02/10 16:07:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/02/10 16:07:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/02/10 16:07:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/02/10 16:07:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/02/10 16:07:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/02/10 16:07:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/10 16:07:09 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2015/02/10 16:07:00 | 003,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015/02/10 16:06:59 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015/02/10 16:06:59 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2015/02/10 16:06:55 | 005,554,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/10 16:06:54 | 003,972,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/02/10 16:06:54 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/02/10 16:06:54 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/02/10 16:06:54 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/02/10 16:06:54 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/02/10 16:06:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/10 16:06:49 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/01/20 12:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/19 10:18:23 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\NPE
[2015/01/19 09:16:55 | 000,324,776 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysWow64\ColorMedia.dll
[2015/01/19 09:16:51 | 000,370,688 | ---- | C] (CartCrunch Israel Ltd.) -- C:\Windows\SysNative\ColorMedia64.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/02/17 11:28:19 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/17 11:07:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/17 10:54:32 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/17 10:54:32 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/17 10:52:29 | 000,781,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/17 10:52:29 | 000,662,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/17 10:52:29 | 000,122,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/17 10:48:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/17 10:47:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/17 10:47:13 | 2968,678,400 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/17 10:38:25 | 000,013,369 | ---- | M] () -- C:\Users\Jesse\Desktop\adwcleaner_4.110 - Shortcut.lnk
[2015/02/13 15:50:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/11 03:24:02 | 000,444,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/05 11:15:05 | 000,417,733 | ---- | M] () -- C:\Users\Jesse\Desktop\Building_Safety_SA_8x11.pdf.pdf
[2015/02/05 10:35:41 | 000,826,897 | ---- | M] () -- C:\Users\Jesse\Desktop\Building_Safety_SA_8x11.pdf
[2015/02/05 10:09:32 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/22 19:42:35 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/01/22 19:41:36 | 006,041,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/01/22 18:43:04 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/01/20 12:32:22 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2015/01/20 12:32:22 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2015/01/20 12:32:22 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2015/01/20 12:32:22 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/02/17 10:38:23 | 000,013,369 | ---- | C] () -- C:\Users\Jesse\Desktop\adwcleaner_4.110 - Shortcut.lnk
[2015/02/13 15:50:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/05 11:14:54 | 000,417,733 | ---- | C] () -- C:\Users\Jesse\Desktop\Building_Safety_SA_8x11.pdf.pdf
[2015/02/05 10:35:39 | 000,826,897 | ---- | C] () -- C:\Users\Jesse\Desktop\Building_Safety_SA_8x11.pdf
[2014/02/27 00:03:05 | 000,774,028 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/25 14:13:25 | 000,000,327 | ---- | C] () -- C:\Users\Jesse\.drjava
[2014/02/19 07:51:08 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEEinst.dll
[2014/02/19 07:51:08 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeecomx.dll
[2014/02/19 07:51:07 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeepmui.dll
[2014/02/19 07:51:07 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeinpa.dll
[2014/02/19 07:51:07 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeiesc.dll
[2014/02/19 07:51:07 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsr.dll
[2014/02/19 07:51:07 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeejswr.dll
[2014/02/19 07:51:07 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeecur.dll
[2014/02/19 07:51:06 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeusb1.dll
[2014/02/19 07:51:06 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeeins.dll
[2014/02/19 07:51:06 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsb.dll
[2014/02/19 07:51:06 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeecu.dll
[2014/02/19 07:51:06 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeecub.dll
[2014/02/19 07:51:05 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeserv.dll
[2014/02/19 07:51:05 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeelmpm.dll
[2014/02/19 07:51:04 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeehbn3.dll
[2014/02/19 07:51:04 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecoms.exe
[2014/02/19 07:51:04 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeih.exe
[2014/02/19 07:51:03 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomc.dll
[2014/02/19 07:51:03 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomm.dll
[2014/02/19 07:51:03 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecfg.exe
[2014/02/12 17:57:26 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll
[2014/02/12 17:57:26 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll
[2014/01/28 07:18:20 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2013/12/19 11:57:20 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/12/19 11:57:18 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/12/19 11:57:16 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/12/19 11:57:14 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

========== ZeroAccess Check ==========

[2009/07/13 19:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 17:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 16:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 16:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 16:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/07/25 20:01:54 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\EUT
[2014/01/28 07:27:39 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\FileOpen
[2014/01/28 07:23:29 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Leadertech
[2014/01/28 07:23:26 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Lenovo
[2014/12/16 19:42:58 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\LSC
[2014/01/28 07:27:39 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Nitro
[2015/02/17 10:50:00 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\Nitro PDF
[2014/01/30 00:30:43 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\PwrMgr
[2014/07/12 11:17:49 | 000,000,000 | ---D | M] -- C:\Users\Jesse\AppData\Roaming\SketchUp

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby jkephart » February 17th, 2015, 4:42 pm

OTL Extras logfile created on: 2/17/2015 11:29:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jesse\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.69 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 54.88% Memory free
7.37 Gb Paging File | 5.28 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.76 Gb Total Space | 387.32 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive Q: | 19.53 Gb Total Space | 5.43 Gb Free Space | 27.82% Space Free | Partition Type: NTFS

Computer Name: JESSE-THINK | User Name: Jesse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1247164581-1980811009-662463658-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38BB5BE0-8600-4800-BF55-96E0743F04FD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{C5ABAA09-65B9-4861-991A-3ECE6E3C5EFA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0636BB47-CA7F-4136-8127-770AF4421BDC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1FF712C9-9EE2-49DE-9E6C-775E4BC1C7B2}" = protocol=6 | dir=in | app=c:\program files (x86)\simplefiles\simplefiles.exe |
"{3179EBA0-6128-46AB-A370-B25F8FA603C8}" = protocol=6 | dir=out | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3C1118B3-5FD5-48AE-A216-4B05A7A617C8}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\faxapplications.exe |
"{3CD873BB-D36F-4587-B24A-6876A7AFF815}" = protocol=17 | dir=out | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{42408A1F-1C4C-4B6F-B821-1F4989B184BB}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicatorcom.exe |
"{4FE317ED-299E-4C89-8E18-43D2ED9316CA}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\digitalwizards.exe |
"{61C6D9C2-C96F-49F2-8ADE-50FF87DA556C}" = protocol=17 | dir=in | app=c:\program files (x86)\simplefiles\downloader.exe |
"{650E0D66-7972-427C-8DF6-3DB8E358BB06}" = protocol=17 | dir=in | app=c:\program files (x86)\simplefiles\simplefiles.exe |
"{6B4813C1-B3D8-4ED2-A568-A344C6EEE2C1}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{6DA7EE43-C9BE-44E1-9BAF-77D4800959D1}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{6F1BC363-1C49-45AE-9D22-7BB81E154CE7}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\sendafax.exe |
"{7473246D-CAF8-49C8-BBDD-5AF11752FB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\simplefiles\downloader.exe |
"{8E836E29-3CAA-45E9-9CE0-C59A2699E141}" = protocol=6 | dir=in | app=c:\users\jesse\downloads\hibbeler_engineering_mechanics_statics_13th_c2013_solutions_ism_ch01-08.pdf_downloader.exe |
"{928660C4-07ED-40A7-927D-FD0968E87F05}" = protocol=17 | dir=in | app=c:\users\jesse\downloads\hibbeler_engineering_mechanics_statics_13th_c2013_solutions_ism_ch01-08.pdf_downloader.exe |
"{9B40C31C-6837-44B6-A943-F2AAF0F14EB4}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{E5F569FF-7B73-47A3-A89D-48B3AE099BCC}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{E82D33B6-2D0B-41B4-8015-E02ECC4A120E}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{F3ACE8F3-2A1C-499E-9B86-16D5D7B05038}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{35E1FF5F-E8E1-4DE2-B3EC-BBE296B27336}" = Nitro Pro 8
"{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}" = Lenovo Solution Center
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel(R) WiDi
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}" = Lenovo Patch Utility 64 bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B407F586-D027-45C3-9109-CC2943E839FA}" = HP Officejet 6600 Basic Device Software
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi Software
"09839A9B5EDA69DA2DCC34637B5140AAF8A53B44" = Windows Driver Package - Intel System (01/11/2012 9.3.0.1020)
"64B3C27E4CF7B6AD920184EFFF6C488C55EF2892" = Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0)
"97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011)
"9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
"D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"E3535F123E7F666D573665142F90D3E5004DC326" = Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
"EC2A0F2B229770EC589265FCF2B4839A0C221993" = Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}" = HP Support Solutions Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99E1CC2D-EB4F-498B-B6ED-492654677E7E}" = G'zOne Commando 4G LTE USB Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A25A804-4303-4787-B2DE-99AD745B1CBB}" = VZ-TL-PC
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.16
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
"{DDAA788F-52E6-44EA-ADB8-92837B11BF26}" = Metric Collection SDK
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F246092E-FA0B-47C8-9D3E-CF8C210293C8}" = SketchUp 2014
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Fastboot" = RapidBoot HDD Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003/Vista
"NIS" = Norton Internet Security
"PROR" = Microsoft Office Professional 2007
"SugarSync" = SugarSync Manager

========== Last 20 Event Log Errors ==========

[ Lenovo-Message Center Plus/Admin Events ]
Error - 1/26/2015 8:14:46 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 1/26/2015 8:14:46 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 1/26/2015 8:14:46 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 2/4/2015 6:36:09 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 2/4/2015 6:36:09 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 2/4/2015 6:36:09 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 2/9/2015 6:43:26 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 2/16/2015 2:56:36 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 2/16/2015 2:56:50 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known

Error - 2/16/2015 2:57:02 PM | Computer Name = Jesse-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = No such host is known -> Exception message: No such host
is known


< End of report >
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby pgmigg » February 17th, 2015, 10:05 pm

Hello jkephart,

Good job! :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Click on 'Select all', then copy and paste the highlighted text below into the Image text box.
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    :Files
    C:\ProgramData\*.tmp files
    @C:\Windows:nlsPreferences
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby jkephart » February 20th, 2015, 3:44 pm

All processes killed
Error: Unable to interpret <Code: Select all> in the current context!
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_ folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0 folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_metadata folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\zh_TW folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\zh_CN folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\vi folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\uk folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\tr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\th folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sv folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sl folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sk folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ru folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ro folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pt_PT folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pt_BR folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pl folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\no folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\nl folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\lv folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\lt folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ko folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ja folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\it folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\id folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hu folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hi folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\he folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fil folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fi folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\es folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\en folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\el folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\de folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\da folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\cs folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ca folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\bg folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ar folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0 folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419 folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css folder moved successfully.
C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0 folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.tmp files not found.
ADS C:\Windows:nlsPreferences deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jesse\Desktop\cmd.bat deleted successfully.
C:\Users\Jesse\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 57472 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jesse
->Flash cache emptied: 58207 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jesse
->Java cache emptied: 671508 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jesse
->Temp folder emptied: 613374814 bytes
->Temporary Internet Files folder emptied: 21468823 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 24409862 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 407043575 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1278720 bytes

Total Files Cleaned = 1,018.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02202015_103751

Files\Folders moved on Reboot...
C:\Users\Jesse\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP00000008684E2F6EFD065226 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby jkephart » February 20th, 2015, 5:30 pm

C:\AdwCleaner\Quarantine\C\Program Files (x86)\LuckyTab\LuckyTab.exe.vir a variant of Win32/LuckyTab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\cmwr.sys.vir a variant of Win32/Adware.PicColor.C application

No problems exuciting inst.
nothing noticibly changed
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby pgmigg » February 21st, 2015, 12:13 am

Hello jkephart,

Actually you computer is clean and I don't see any more infections here.
Please tell me about the problems that still remain. I need details, if any problem exists.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby jkephart » February 21st, 2015, 12:43 am

Seems fine. Was just following your instructions. Really appreciate all of your help. I am an engineering student and need my computer daily, so this has been a HUGE help. Thanks again.
jkephart
Regular Member
 
Posts: 17
Joined: March 24th, 2010, 2:09 pm

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby pgmigg » February 21st, 2015, 1:22 am

You are very welcome jkephart! :D

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 3.
Please download delfix and save it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Need help with Microsoft 7 and unwanted popups/ download

Unread postby NonSuch » February 24th, 2015, 4:42 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware