dipset
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by dipset
-
Here are the results of checkup.txt: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 6 Java SE Development Kit 7 Update 6 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.3.300.268 Flash Player out of Date! Adobe Reader X (10.1.4) Mozilla Firefox (15.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
-
MrC- I followed all of the Chrome and Firefox instructions and everything seems to be working fine... Do you think the issue is with the browser? Maybe I should stick to only one browser - perhaps delete Chrome and exclusively use Mozilla? Or maybe switch over to Opera only? My only concern is that the virus returns. Any general tips/suggestions to ensure that doesn't happen? Thanks
-
Hi MrC. Again, thanks so much for your help. I ran FRST64.exe and pasted the results "FRST.txt" and "Search.txt" below. I do *NOT* have a network bridge listed in my network connections. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012 Ran by SYSTEM at 28-09-2012 11:06:14 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] () HKLM\...\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1654400 2012-02-21] (Conexant Systems, Inc.) HKLM\...\Run: [TpShocks] TpShocks.exe [x] HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated) HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-03-06] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-13] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5941344 2012-05-15] (Lenovo Group Limited) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo) HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3039352 2012-09-14] (AVG Technologies CZ, s.r.o.) HKU\Bobby\...\Run: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-15] (Google Inc.) HKU\Bobby\...\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo) HKU\Default\...\RunOnce: [] [x] HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-14] () HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo) HKU\Default User\...\RunOnce: [] [x] HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-14] () Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Startup: C:\Users\Bobby\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) ==================== Services (Whitelisted) =================== 2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5751928 2012-08-20] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [184304 2012-08-20] (AVG Technologies CZ, s.r.o.) 2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.) 2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo) 2 Intel® Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [628448 2012-02-02] (Intel® Corporation) 2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] () 2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation) 2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited) 2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited) 2 NitroDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe" [216072 2012-05-23] (Nitro PDF Software) 2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2012-05-23] (Nalpeiron Ltd.) 2 VIPAppService; "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe" [84080 2012-04-18] (Symantec Corporation) ==================== Drivers (Whitelisted) ===================== 1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [150880 2012-08-13] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [56672 2012-09-17] (AVG Technologies CZ, s.r.o. ) 1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [175968 2012-09-12] (AVG Technologies CZ, s.r.o.) 0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [230240 2012-08-09] (AVG Technologies CZ, s.r.o.) 1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [105312 2012-09-14] (AVG Technologies CZ, s.r.o.) 0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40288 2012-08-10] (AVG Technologies CZ, s.r.o.) 1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [199520 2012-09-12] (AVG Technologies CZ, s.r.o.) 3 Fastboot; C:\Windows\System32\Drivers\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider) 0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [19224 2012-04-13] (Intel Corporation) 3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356632 2012-04-13] (Intel Corporation) 3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [789272 2012-04-13] (Intel Corporation) 3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.) 3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated) 3 TVTI2C; C:\Windows\System32\Drivers\TVTI2C.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) 3 tvtvcamd; C:\Windows\System32\Drivers\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-28 11:06 - 2012-09-28 11:06 - 00000000 ____D C:\FRST 2012-09-27 18:41 - 2012-09-27 18:41 - 00001063 ____A C:\AdwCleaner[R1].txt 2012-09-27 18:40 - 2012-09-27 14:00 - 00513501 ____A C:\Users\Bobby\Desktop\adwcleaner.exe 2012-09-27 13:20 - 2012-09-27 13:20 - 00001902 ____A C:\Users\Bobby\Desktop\aswMBR.txt 2012-09-27 13:20 - 2012-09-27 13:20 - 00000512 ____A C:\Users\Bobby\Desktop\MBR.dat 2012-09-27 13:14 - 2012-09-27 13:14 - 00001942 ____A C:\Users\Bobby\Desktop\RKreport[3].txt 2012-09-27 13:13 - 2012-09-27 13:13 - 00002116 ____A C:\Users\Bobby\Desktop\RKreport[2].txt 2012-09-27 12:53 - 2012-09-27 13:14 - 00000000 ____D C:\Users\Bobby\Desktop\RK_Quarantine 2012-09-27 12:53 - 2012-09-27 12:53 - 00002098 ____A C:\Users\Bobby\Desktop\RKreport[1].txt 2012-09-27 10:36 - 2012-09-27 10:36 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Bobby\Desktop\tdsskiller.exe 2012-09-25 17:40 - 2012-09-25 17:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2012-09-25 17:40 - 2012-09-25 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-09-25 17:36 - 2012-09-25 17:37 - 13085120 ____A (Microsoft Corporation) C:\Users\Bobby\Downloads\Silverlight_x64.exe 2012-09-24 18:47 - 2012-09-24 18:51 - 324192964 ____A C:\Users\Bobby\Downloads\epd-7.3-2-win-x86.msi 2012-09-24 18:27 - 2012-09-24 18:28 - 47858637 ____A C:\Users\Bobby\Downloads\scipy-0.11.0rc2-win32-superpack-python2.7.exe 2012-09-24 18:14 - 2012-09-24 18:14 - 05746517 ____A C:\Users\Bobby\Downloads\numpy-1.6.2-win32-superpack-python2.7.exe 2012-09-24 17:31 - 2012-09-24 17:31 - 00000000 ____D C:\Program Files (x86)\Citrix 2012-09-24 17:30 - 2012-09-24 17:30 - 00000000 ____D C:\Users\Bobby\AppData\Local\Citrix 2012-09-24 11:55 - 2012-09-24 11:56 - 00000000 ____D C:\Users\All Users\BlueStacksSetup 2012-09-24 11:48 - 2012-09-24 11:53 - 146784256 ____A C:\Users\Bobby\Downloads\BlueStacks_HD_AppPlayerPro_setup_REL.msi 2012-09-24 10:57 - 2012-09-24 11:47 - 00000000 ____D C:\Users\Bobby\.android 2012-09-24 10:56 - 2012-09-27 10:44 - 00000000 ____D C:\Program Files (x86)\Android 2012-09-24 10:48 - 2012-09-24 10:52 - 70495456 ____A (Google Inc.) C:\Users\Bobby\Downloads\installer_r20.0.3-windows.exe 2012-09-23 15:08 - 2012-09-26 16:54 - 00000000 ____D C:\Users\Bobby\Desktop\ORIE 5100 2012-09-23 15:08 - 2012-09-24 18:17 - 00000000 ____D C:\Users\Bobby\Documents\Cornell 2012-09-23 15:08 - 2012-09-23 15:08 - 00000000 ____D C:\Users\Bobby\Desktop\ORIE 5340 2012-09-23 15:08 - 2012-09-23 15:08 - 00000000 ____D C:\Users\Bobby\Desktop\HADM 6050 2012-09-23 15:07 - 2012-09-26 16:54 - 00000000 ____D C:\Users\Bobby\Desktop\CS 5780 2012-09-23 15:02 - 2012-09-22 21:06 - 00201728 ____A (OldTimer Tools) C:\Users\Bobby\Desktop\OTC.exe 2012-09-22 12:41 - 2012-09-22 12:41 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\Malwarebytes 2012-09-22 12:41 - 2012-09-22 12:41 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-22 12:41 - 2012-09-22 12:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 12:41 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-22 12:35 - 2012-09-22 12:13 - 04731392 ____A (AVAST Software) C:\Users\Bobby\Desktop\aswMBR.exe 2012-09-22 12:35 - 2012-09-21 21:36 - 00607260 ____R (Swearware) C:\Users\Bobby\Desktop\dds.scr 2012-09-21 22:00 - 2012-09-21 22:00 - 00002975 ____A C:\Users\Bobby\Desktop\HiJackThis.lnk 2012-09-21 22:00 - 2012-09-21 22:00 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2012-09-21 21:09 - 2012-09-21 21:09 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\AVG2013 2012-09-21 21:08 - 2012-09-21 21:38 - 00000000 ____D C:\Users\All Users\AVG2013 2012-09-21 21:08 - 2012-09-21 21:08 - 00000000 ___HD C:\$AVG 2012-09-21 21:08 - 2012-09-21 21:08 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\TuneUp Software 2012-09-21 21:03 - 2012-09-21 21:12 - 00000000 ____D C:\Users\Bobby\AppData\Local\Avg2013 2012-09-21 21:03 - 2012-09-21 21:03 - 00000000 ____D C:\Users\Bobby\AppData\Local\MFAData 2012-09-17 14:58 - 2012-09-17 14:58 - 00056672 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys 2012-09-14 14:19 - 2012-09-14 14:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2012-09-14 01:34 - 2012-09-14 01:34 - 00105312 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys 2012-09-13 16:40 - 2012-09-13 16:40 - 01378816 ____A C:\Users\Bobby\Desktop\RogueKiller.exe 2012-09-12 07:47 - 2012-09-12 07:47 - 00199520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys 2012-09-12 07:47 - 2012-09-12 07:47 - 00175968 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys 2012-09-04 16:35 - 2012-09-04 16:35 - 00022242 ____A C:\Users\Bobby\Downloads\MinMaxSelection.zip 2012-09-03 07:49 - 2012-09-08 08:03 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\vlc 2012-08-30 19:54 - 2012-08-30 19:54 - 00013138 ____A C:\Users\Bobby\Downloads\f.fig 2012-08-30 19:24 - 2012-08-30 19:24 - 00003144 ____A C:\Users\Bobby\Downloads\plots.m 2012-08-29 17:05 - 2012-08-29 17:05 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\texstudio 2012-08-29 17:04 - 2012-08-29 17:04 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\MiKTeX 2012-08-29 17:04 - 2012-08-29 17:04 - 00000000 ____D C:\Users\Bobby\AppData\Local\MiKTeX 2012-08-29 16:48 - 2012-08-29 16:48 - 00000000 ____D C:\Users\All Users\MiKTeX 2012-08-29 16:46 - 2012-08-29 16:48 - 00000000 ____D C:\Program Files\MiKTeX 2.9 2012-08-29 16:44 - 2012-08-29 16:44 - 00000000 ____D C:\Program Files (x86)\TeXstudio 2012-08-29 06:28 - 2012-08-29 06:28 - 02795480 ____A (Cornell University ) C:\Users\Bobby\Downloads\NetPrint_x64_3.0.exe 2012-08-29 06:28 - 2012-08-29 06:28 - 00000000 ____D C:\Program Files\Cornell University 2012-08-29 06:28 - 2008-05-13 09:20 - 00049664 ____A C:\Windows\System32\unredmon.exe 2012-08-29 06:28 - 2008-05-02 10:55 - 00092672 ____A C:\Windows\System32\redmonnt.dll 2012-08-29 06:28 - 2006-05-18 08:01 - 00119152 ____A C:\Windows\System32\redmon.hlp ==================== 3 Months Modified Files ================== 2012-09-28 06:55 - 2012-07-19 14:49 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-28 06:55 - 2012-07-19 14:32 - 01285208 ____A C:\Windows\WindowsUpdate.log 2012-09-28 06:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-28 06:55 - 2009-07-13 20:51 - 00056983 ____A C:\Windows\setupact.log 2012-09-28 06:51 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-28 06:50 - 2012-08-14 20:12 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450884636-1247048604-675393396-1000UA.job 2012-09-28 06:50 - 2012-07-19 14:49 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-27 18:52 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-27 18:52 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-27 18:46 - 2012-07-19 14:34 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2012-09-27 18:41 - 2012-09-27 18:41 - 00001063 ____A C:\AdwCleaner[R1].txt 2012-09-27 18:32 - 2012-07-19 14:34 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2012-09-27 14:00 - 2012-09-27 18:40 - 00513501 ____A C:\Users\Bobby\Desktop\adwcleaner.exe 2012-09-27 13:20 - 2012-09-27 13:20 - 00001902 ____A C:\Users\Bobby\Desktop\aswMBR.txt 2012-09-27 13:20 - 2012-09-27 13:20 - 00000512 ____A C:\Users\Bobby\Desktop\MBR.dat 2012-09-27 13:14 - 2012-09-27 13:14 - 00001942 ____A C:\Users\Bobby\Desktop\RKreport[3].txt 2012-09-27 13:13 - 2012-09-27 13:13 - 00002116 ____A C:\Users\Bobby\Desktop\RKreport[2].txt 2012-09-27 12:53 - 2012-09-27 12:53 - 00002098 ____A C:\Users\Bobby\Desktop\RKreport[1].txt 2012-09-27 11:54 - 2012-08-14 20:12 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450884636-1247048604-675393396-1000Core.job 2012-09-27 10:36 - 2012-09-27 10:36 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Bobby\Desktop\tdsskiller.exe 2012-09-26 11:02 - 2010-11-20 19:47 - 00533814 ____A C:\Windows\PFRO.log 2012-09-25 17:37 - 2012-09-25 17:36 - 13085120 ____A (Microsoft Corporation) C:\Users\Bobby\Downloads\Silverlight_x64.exe 2012-09-24 18:51 - 2012-09-24 18:47 - 324192964 ____A C:\Users\Bobby\Downloads\epd-7.3-2-win-x86.msi 2012-09-24 18:28 - 2012-09-24 18:27 - 47858637 ____A C:\Users\Bobby\Downloads\scipy-0.11.0rc2-win32-superpack-python2.7.exe 2012-09-24 18:14 - 2012-09-24 18:14 - 05746517 ____A C:\Users\Bobby\Downloads\numpy-1.6.2-win32-superpack-python2.7.exe 2012-09-24 11:53 - 2012-09-24 11:48 - 146784256 ____A C:\Users\Bobby\Downloads\BlueStacks_HD_AppPlayerPro_setup_REL.msi 2012-09-24 10:52 - 2012-09-24 10:48 - 70495456 ____A (Google Inc.) C:\Users\Bobby\Downloads\installer_r20.0.3-windows.exe 2012-09-22 21:06 - 2012-09-23 15:02 - 00201728 ____A (OldTimer Tools) C:\Users\Bobby\Desktop\OTC.exe 2012-09-22 12:13 - 2012-09-22 12:35 - 04731392 ____A (AVAST Software) C:\Users\Bobby\Desktop\aswMBR.exe 2012-09-21 22:00 - 2012-09-21 22:00 - 00002975 ____A C:\Users\Bobby\Desktop\HiJackThis.lnk 2012-09-21 21:36 - 2012-09-22 12:35 - 00607260 ____R (Swearware) C:\Users\Bobby\Desktop\dds.scr 2012-09-17 14:58 - 2012-09-17 14:58 - 00056672 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys 2012-09-14 14:19 - 2012-09-14 14:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2012-09-14 01:34 - 2012-09-14 01:34 - 00105312 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys 2012-09-13 16:40 - 2012-09-13 16:40 - 01378816 ____A C:\Users\Bobby\Desktop\RogueKiller.exe 2012-09-12 07:47 - 2012-09-12 07:47 - 00199520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys 2012-09-12 07:47 - 2012-09-12 07:47 - 00175968 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys 2012-09-07 13:04 - 2012-09-22 12:41 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-04 16:35 - 2012-09-04 16:35 - 00022242 ____A C:\Users\Bobby\Downloads\MinMaxSelection.zip 2012-08-30 19:54 - 2012-08-30 19:54 - 00013138 ____A C:\Users\Bobby\Downloads\f.fig 2012-08-30 19:24 - 2012-08-30 19:24 - 00003144 ____A C:\Users\Bobby\Downloads\plots.m 2012-08-29 12:21 - 2012-07-19 14:47 - 629145600 __ASH C:\Windows\lenovo_fastboot.img 2012-08-29 06:28 - 2012-08-29 06:28 - 02795480 ____A (Cornell University ) C:\Users\Bobby\Downloads\NetPrint_x64_3.0.exe 2012-08-25 18:47 - 2012-08-25 18:47 - 00192512 ____A C:\Users\Bobby\Downloads\nmhd-template4.xls 2012-08-23 19:30 - 2009-07-13 20:45 - 00434552 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-23 19:11 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-08-23 09:46 - 2012-08-14 17:20 - 00122152 ____A C:\Users\Bobby\AppData\Local\GDIPFONTCACHEV1.DAT 2012-08-21 18:31 - 2012-08-21 18:31 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-08-21 18:31 - 2012-08-21 18:31 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-08-21 18:31 - 2012-08-21 18:31 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-08-21 18:31 - 2012-08-21 18:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-08-21 18:31 - 2012-08-21 18:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-08-21 18:31 - 2012-08-21 18:31 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-08-18 14:39 - 2012-08-18 14:39 - 00294574 ____A C:\Windows\msxml4-KB973688-enu.LOG 2012-08-18 14:38 - 2012-08-18 14:38 - 00294862 ____A C:\Windows\msxml4-KB954430-enu.LOG 2012-08-17 20:54 - 2012-08-15 05:15 - 00004549 ____A C:\Users\Bobby\AppData\Roaming\AbsoluteReminder.xml 2012-08-16 20:41 - 2012-08-25 05:40 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys 2012-08-15 20:31 - 2012-08-15 20:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf 2012-08-15 18:23 - 2012-08-15 18:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-15 18:23 - 2012-08-15 18:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-15 05:15 - 2012-08-15 05:15 - 00000000 ____A C:\Users\Bobby\agent.log 2012-08-15 05:14 - 2012-08-15 05:14 - 00000020 ___SH C:\Users\Bobby\ntuser.ini 2012-08-15 05:14 - 2012-08-15 05:14 - 00000000 ____A C:\Windows\firstboot.dat 2012-08-14 17:19 - 2012-07-19 14:33 - 00000042 ____A C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_Edge_E430_3254_CTO.MRK 2012-08-13 12:40 - 2012-08-13 12:40 - 00150880 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys 2012-08-10 00:52 - 2012-08-10 00:52 - 00040288 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys 2012-08-09 09:56 - 2012-08-09 09:56 - 00230240 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys 2012-08-03 00:27 - 2012-08-18 14:19 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-19 15:05 - 2009-07-13 20:46 - 00005075 ____A C:\Windows\DtcInstall.log 2012-07-19 14:59 - 2012-07-19 14:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2012-07-19 14:59 - 2012-07-19 14:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2012-07-19 14:59 - 2012-07-19 14:58 - 00001346 ____A C:\Windows\Synaptics.log 2012-07-19 14:59 - 2012-07-19 14:31 - 00022232 ____A C:\Windows\DPINST.LOG 2012-07-19 14:53 - 2012-07-19 14:53 - 00000020 ____A C:\Windows\¬ôÁ 2012-07-19 14:53 - 2012-07-19 14:44 - 00198794 ____A C:\Windows\DirectX.log 2012-07-19 14:48 - 2012-07-19 14:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_tcwbf_01_09_00.Wdf 2012-07-19 14:48 - 2012-07-19 14:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2012-07-19 14:47 - 2012-07-19 14:47 - 00196608 ____A C:\Windows\ocsetup_install_OEMHelpCustomization.etl 2012-07-19 14:47 - 2012-07-19 14:47 - 00028728 ____A C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.txt 2012-07-19 14:36 - 2012-07-19 14:36 - 00000207 ____A C:\setup.log 2012-07-19 14:35 - 2012-07-19 14:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf 2012-07-19 14:29 - 2011-02-24 09:05 - 00005949 ____A C:\Windows\TSSysprep.log 2012-07-19 14:25 - 2012-07-19 14:25 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-07-19 14:25 - 2012-07-19 14:25 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-07-19 14:24 - 2012-07-19 14:24 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl 2012-07-19 14:24 - 2012-07-19 14:24 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2012-07-19 14:24 - 2012-07-19 14:24 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2012-07-19 14:24 - 2012-07-19 14:24 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys 2012-07-19 14:24 - 2012-07-19 14:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2012-07-19 14:24 - 2012-07-19 14:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys 2012-07-19 14:23 - 2012-07-19 14:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-07-19 14:23 - 2012-07-19 14:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-07-19 14:22 - 2012-07-19 14:22 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax 2012-07-19 14:22 - 2012-07-19 14:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2012-07-19 14:22 - 2012-07-19 14:22 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe 2012-07-19 14:22 - 2012-07-19 14:22 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2012-07-19 14:22 - 2012-07-19 14:22 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll 2012-07-19 14:21 - 2012-07-19 14:21 - 00262144 ____A C:\Windows\IE90-ENU.LOG.bootstrap.dpx 2012-07-19 14:21 - 2012-07-19 14:21 - 00196608 ____A C:\Windows\IE90-ENU.LOG.bootstrap.perf 2012-07-19 14:21 - 2012-07-19 14:21 - 00062952 ____A C:\Windows\ENU-ie90.log 2012-07-19 14:21 - 2012-07-19 14:21 - 00038495 ____A C:\Windows\IE90-ENU.log 2012-07-18 21:57 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG 2012-07-18 21:57 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template 2012-07-18 21:40 - 2012-07-18 21:57 - 00000012 ____A C:\Windows\CSUP.TXT 2012-07-18 10:15 - 2012-08-15 23:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-04 14:16 - 2012-08-15 23:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-15 23:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-15 23:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-15 23:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-15 23:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-21 20:54:14 Restore point made on: 2012-09-21 20:55:15 Restore point made on: 2012-09-21 21:07:35 Restore point made on: 2012-09-21 21:07:58 Restore point made on: 2012-09-21 22:00:17 Restore point made on: 2012-09-24 11:54:17 Restore point made on: 2012-09-27 10:45:16 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 3689.96 MB Available physical RAM: 2826 MB Total Pagefile: 3688.16 MB Available Pagefile: 2821.57 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (Windows7_OS) (Fixed) (Total:279.05 GB) (Free:189.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:6.58 GB) NTFS 4 Drive g: (TOSHIBA) (Removable) (Total:3.72 GB) (Free:3.62 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.12 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 3821 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1500 MB 1024 KB Partition 2 Primary 279 GB 1501 MB Partition 3 Primary 17 GB 280 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM_DRV NTFS Partition 1500 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Windows7_OS NTFS Partition 279 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Lenovo_Reco NTFS Partition 17 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3821 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G TOSHIBA FAT32 Removable 3821 MB Healthy ========================================================= Last Boot: 2012-09-27 14:12 ==================== End Of Log ============================= Search.txt: Farbar Recovery Scan Tool (x64) Version: 25-09-2012 Ran by SYSTEM at 2012-09-28 11:07:36 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
-
Hi MrC! Sorry for the delay... 1. You're right - I no longer get the error after I re-boot. 2. Here is the content of the AdwCleaner log: # AdwCleaner v2.003 - Logfile created 09/27/2012 at 22:41:42 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Bobby - BOBBY-THINK # Boot Mode : Normal # Running from : C:\Users\Bobby\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Partner ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default-1348354658048 [Profil par défaut] File : C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\phgeso05.default-1348354658048\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [936 octets] - [27/09/2012 22:41:42] ########## EOF - C:\AdwCleaner[R1].txt - [995 octets] ##########
-
Okay, awesome!! I've attached the following: RougeKiller file created on my desktop *AFTER* deleting the files you told me to. aswMBR log 1. RougeKiller file created on my desktop *AFTER* deleting the files you told me to RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Bobby [Admin rights] Mode : Remove -- Date : 09/27/2012 17:14:49 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][bLACKLIST DLL] HKCU\[...]\Run : Absolute_Software (rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++ --- User --- [MBR] 1a32068ead43316df46083136dcc5a14 [bSP] 1c4800de452768b6d964d568f52efec0 : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] d234c43d41647f376d614833f0ee9aae [bSP] 2ef9cc4afb18b71bca3360572191f969 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt 2. aswMBR log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-27 17:15:20 ----------------------------- 17:15:20.014 OS Version: Windows x64 6.1.7601 Service Pack 1 17:15:20.014 Number of processors: 4 586 0x3A09 17:15:20.014 ComputerName: BOBBY-THINK UserName: Bobby 17:15:20.763 Initialize success 17:16:05.732 AVAST engine defs: 12092700 17:16:10.880 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:16:10.895 Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3 17:16:10.911 Disk 0 MBR read successfully 17:16:10.911 Disk 0 MBR scan 17:16:10.926 Disk 0 unknown MBR code 17:16:10.926 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048 17:16:10.942 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 285743 MB offset 3074048 17:16:10.989 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18000 MB offset 588275712 17:16:11.036 Disk 0 scanning C:\Windows\system32\drivers 17:16:22.236 Service scanning 17:16:40.067 Modules scanning 17:16:40.067 Disk 0 trace - called modules: 17:16:40.145 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 17:16:40.145 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069b5060] 17:16:40.161 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80036ac7e0] 17:16:40.161 5 ACPI.sys[fffff88000f697a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005763050] 17:16:41.034 AVAST engine scan C:\Windows 17:16:43.920 AVAST engine scan C:\Windows\system32 17:19:21.340 AVAST engine scan C:\Windows\system32\drivers 17:19:30.778 AVAST engine scan C:\Users\Bobby 17:20:18.421 Disk 0 MBR has been saved successfully to "C:\Users\Bobby\Desktop\MBR.dat" 17:20:18.436 The log file has been saved successfully to "C:\Users\Bobby\Desktop\aswMBR.txt"
-
Hi MrC- I followed your instructions exactly - here is the report that appeared on my Desktop: RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Bobby [Admin rights] Mode : Scan -- Date : 09/27/2012 16:53:56 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][bLACKLIST DLL] HKCU\[...]\Run : Absolute_Software (rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW) -> FOUND [RUN][bLACKLIST DLL] HKUS\S-1-5-21-2450884636-1247048604-675393396-1000[...]\Run : Absolute_Software (rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++ --- User --- [MBR] 1a32068ead43316df46083136dcc5a14 [bSP] 1c4800de452768b6d964d568f52efec0 : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] d234c43d41647f376d614833f0ee9aae [bSP] 2ef9cc4afb18b71bca3360572191f969 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
-
Yes, I am on a wireless network. And per your request, I have attached the TDSSKiller log. I tried to paste it in my response but I was told the post is too long. TDSSKiller.txt
-
Hi MrC, First, I deleted C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll, but upon restarting I got the following pop-up: Second, I ran TDSSKiller and everything came back clean. Here is the result from TDSSKiller: Any idea on what to do next? Thanks again for the help, MrC!
-
Thanks for the quick reply, MrC. I'll post my results in the next 15 minutes.
-
Hi MrC- I just tried in safe mode and I got the same error: "...\Desktop\RogueKiller.exe is not a valid Win32 Application." I think this has to do with me running a 64-bit version of Windows, not a 32-bit version. Any other applications I can use to scan my machine for you? Thanks so much for your help!
-
Thanks for the quick response, MrCharlie. I use Mozilla Firefox and Google Chrome and both of them are infected. I tried downloading and running RougeKiller.exe as an administrator, but I got an error that said "...\Desktop\RogueKiller.exe is not a valid Win32 Application." Any ideas on how I can get around this? Or maybe there is another program I can run to scan my machine? Again, thanks for helping me figure this out.
-
I have a virus where anytime I click a link from a Google search, I'm redirected to a spam website. I had this issue this past weekend, but Maniac helped me get rid of it (see: http://forums.malwarebytes.org/index.php?showtopic=116257). Unfortunately, the issue came back - I don't know how this happened. Can someone please help me permaneately remove this annoying, invasive virus? I've included the Malwarebytes Antivirus log, DDS.txt, and Attach.txt below. Thank you for your help and support! Malwarebytes Antivirus Log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.26.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bobby :: BOBBY-THINK [administrator] 9/26/2012 2:55:37 PM mbam-log-2012-09-26 (14-55-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200092 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Bobby\AppData\Local\Temp\0.48053279246894465 (Trojan.Happili) -> Quarantined and deleted successfully. (end) DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by Bobby at 20:34:17 on 2012-09-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3690.1624 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe C:\Windows\system32\CxAudMsg64.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\SysWOW64\SAsrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files (x86)\BlueStacks\HD-Service.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\BlueStacks\HD-Network.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Bobby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [Absolute_Software] rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe StartupFolder: C:\Users\Bobby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{30942EEA-CE1B-4449-8002-F3980D50D482} : DhcpNameServer = 0.0.0.0 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\25564625F6675627 : DhcpNameServer = 132.236.56.250 128.253.180.2 192.35.82.50 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\3603F6B4963302D603E653473327 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO-X64: IEPlugin - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun-x64: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\phgeso05.default-1348354658048\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Bobby\AppData\Local\Citrix\Plugins\60\npappdetector.dll FF - plugin: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-9-18 71032] R3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys --> C:\Windows\system32\DRIVERS\RtsP2Stor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?] R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys --> C:\Windows\system32\DRIVERS\tvtvcamd.sys [?] S3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys --> C:\Windows\system32\DRIVERS\Fastboot.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-09-25 01:31:11 -------- d-----w- C:\Program Files (x86)\Citrix 2012-09-25 01:30:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Citrix 2012-09-24 19:55:01 -------- d-----w- C:\ProgramData\BlueStacksSetup 2012-09-24 19:54:45 -------- d-----w- C:\ProgramData\BlueStacks 2012-09-24 19:54:45 -------- d-----w- C:\Program Files (x86)\BlueStacks 2012-09-24 18:57:24 -------- d-----w- C:\Users\Bobby\.android 2012-09-24 18:56:23 -------- d-----w- C:\Program Files (x86)\Android 2012-09-22 20:41:32 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes 2012-09-22 20:41:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-22 20:41:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-22 20:41:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 15:01:08 -------- d-----w- C:\Users\Bobby\AppData\Local\Diagnostics 2012-09-22 06:00:26 388096 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-22 06:00:26 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-09-22 05:09:39 -------- d-----w- C:\Users\Bobby\AppData\Roaming\AVG2013 2012-09-22 05:08:43 -------- d-----w- C:\Users\Bobby\AppData\Roaming\TuneUp Software 2012-09-22 05:08:10 -------- d--h--w- C:\$AVG 2012-09-22 05:08:10 -------- d-----w- C:\ProgramData\AVG2013 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\MFAData 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\Avg2013 2012-09-17 22:58:54 56672 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-09-14 09:34:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-09-12 15:47:20 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-12 15:47:02 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-09 17:28:52 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-09-03 02:06:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\offreg.dll 2012-08-31 12:37:27 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\mpengine.dll 2012-08-30 01:05:54 -------- d-----w- C:\Users\Bobby\AppData\Roaming\texstudio 2012-08-30 01:04:45 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MiKTeX 2012-08-30 01:04:16 -------- d-----w- C:\Users\Bobby\AppData\Local\MiKTeX 2012-08-30 00:48:48 -------- d-----w- C:\ProgramData\MiKTeX 2012-08-30 00:46:21 -------- d-----w- C:\Program Files\MiKTeX 2.9 2012-08-30 00:44:23 -------- d-----w- C:\Program Files (x86)\TeXstudio 2012-08-30 00:29:11 2188288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe 2012-08-30 00:29:11 1502208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe 2012-08-30 00:29:10 2042368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe 2012-08-30 00:29:08 12592939 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe 2012-08-30 00:29:00 12317403 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe 2012-08-30 00:25:06 7360000 ------w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503.exe 2012-08-30 00:25:05 9728000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503-x64.exe 2012-08-30 00:25:04 16457073 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TeXstudio\texstudio23_win32.exe 2012-08-30 00:25:03 655872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll 2012-08-30 00:25:03 568832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll 2012-08-30 00:25:03 224768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll 2012-08-30 00:24:58 2303488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python27.dll 2012-08-30 00:24:57 133120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe 2012-08-29 14:28:59 92672 ----a-w- C:\Windows\System32\redmonnt.dll 2012-08-29 14:28:59 49664 ----a-w- C:\Windows\System32\unredmon.exe 2012-08-29 14:28:58 -------- d-----w- C:\Program Files\Cornell University 2012-08-29 14:28:37 40960 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{5A6403D3-E177-42FD-AA16-2FBD441EA26E}\KerberosViewer.exe_2AF0AD33EBDF4A58B3D9A41DD1C1011D.exe 2012-08-28 14:47:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Western Digital . ==================== Find3M ==================== . 2012-08-22 02:31:38 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-22 02:31:38 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-22 02:31:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-17 04:41:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys 2012-08-16 02:23:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-16 02:23:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-13 20:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-08-10 08:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-08-09 17:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-07-19 22:25:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-07-19 22:25:22 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-07-19 22:23:42 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-07-19 22:23:42 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-07-19 22:23:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-19 22:23:12 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-19 22:23:12 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-07-19 22:23:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-07-19 22:23:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-19 22:23:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-19 22:23:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb . ============= FINISH: 20:35:30.52 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/15/2012 9:14:14 AM System Uptime: 9/26/2012 5:49:21 PM (3 hours ago) . Motherboard: LENOVO | | 3254CTO Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 188.679 GiB free. D: is CDROM () Q: is FIXED (NTFS) - 18 GiB total, 6.576 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP41: 9/22/2012 12:54:08 AM - Removed AVG 2012 RP42: 9/22/2012 12:55:12 AM - Removed AVG 2012 RP43: 9/22/2012 1:07:28 AM - Installed AVG 2013 RP44: 9/22/2012 1:07:48 AM - Installed AVG 2013 RP45: 9/22/2012 2:00:13 AM - Installed HiJackThis RP46: 9/24/2012 3:54:08 PM - Installed BlueStacks . ==== Installed Programs ====================== . Absolute Reminder Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Android SDK Tools Apple Application Support Apple Software Update BlueStacks Burn.Now 4.5 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Corel Burn.Now Lenovo Edition Corel WinDVD Create Recovery Media D3DX10 Dropbox Evernote v. 4.5.8 Google Chrome Google Talk Plugin Google Update Helper GoToMeeting 5.3.0.1010 HiJackThis Integrated Camera Driver Installer Package Ver.1.2.1.18 Intel® Control Center Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® USB 3.0 eXtensible Host Controller Driver Java 7 Update 6 Java Auto Updater Java SE Development Kit 7 Update 6 Junk Mail filter update Kerberos Ticket Viewer Lenovo Patch Utility Lenovo Registration Lenovo User Guide Lenovo Warranty Information Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetBeans IDE 7.2 Notepad++ Power Manager PowerISO QuickTime RapidBoot HDD Accelerator Realtek Ethernet Controller Driver Realtek PCIE Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.10 Spotify SugarSync Manager System Update TeXstudio 2.3 ThinkPad Wireless LAN Adapter Software Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIP Access Visual Studio 2008 x64 Redistributables VLC media player 2.0.3 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 9/26/2012 8:34:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVGIDSAgent service. 9/26/2012 3:03:07 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 9/26/2012 3:02:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 9/24/2012 12:23:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 9/24/2012 12:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 9/24/2012 12:22:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 9/22/2012 4:51:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. . ==== End Of File ===========================
-
I manually deleted the folder you told me to delete and things seem to be working well - Thanks so much for the help, Maniac! I'll let you know if anything changes in the next week or so, but do you have any general tips/suggestions for me to keep my machine clear of spyware/spam/etc? Thanks again!
-
Hi Maniac, Thank you for the quick response and your willingness to help. 1. I deleted µTorrent 2. I ran a Quick Scan in Malwarebytes' Anti-Malware. Here is the log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.22.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bobby :: BOBBY-THINK [administrator] 9/22/2012 4:45:09 PM mbam-log-2012-09-22 (16-45-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198793 Time elapsed: 2 minute(s), 38 second(s) Memory Processes Detected: 1 C:\Users\Bobby\AppData\Roaming\KB00397977.exe (Trojan.Agent.Gen) -> 6784 -> Delete on reboot. Memory Modules Detected: 1 C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00397977.exe (Trojan.Agent.Gen) -> Data: "C:\Users\Bobby\AppData\Roaming\KB00397977.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apple Computer (Trojan.Agent) -> Data: rundll32.exe "C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll",AllocInstanceDataW -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Bobby\AppData\Local\Temp\0.6298126096871013 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Users\Bobby\AppData\Roaming\KB00397977.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll (Trojan.Agent) -> Delete on reboot. (end) 3. I ran a scan with aswMBR.exe. Here is the log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-22 16:57:23 ----------------------------- 16:57:23.137 OS Version: Windows x64 6.1.7601 Service Pack 1 16:57:23.137 Number of processors: 4 586 0x3A09 16:57:23.137 ComputerName: BOBBY-THINK UserName: Bobby 16:57:24.073 Initialize success 16:57:46.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:57:46.712 Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3 16:57:46.727 Disk 0 MBR read successfully 16:57:46.743 Disk 0 MBR scan 16:57:46.743 Disk 0 unknown MBR code 16:57:46.743 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048 16:57:46.774 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 285743 MB offset 3074048 16:57:46.821 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18000 MB offset 588275712 16:57:46.868 Disk 0 scanning C:\Windows\system32\drivers 16:57:54.184 Service scanning 16:58:07.038 Modules scanning 16:58:07.038 Disk 0 trace - called modules: 16:58:07.054 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 16:58:07.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069b5060] 16:58:07.070 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80040c6e40] 16:58:07.085 5 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040cb050] 16:58:07.085 Scan finished successfully 16:58:21.749 Disk 0 MBR has been saved successfully to "C:\Users\Bobby\Desktop\MBR.dat" 16:58:21.749 The log file has been saved successfully to "C:\Users\Bobby\Desktop\aswMBR.txt" 4. Here is a fresh DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by Bobby at 16:58:56 on 2012-09-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3690.2239 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\CxAudMsg64.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\SysWOW64\SAsrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY StartupFolder: C:\Users\Bobby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{30942EEA-CE1B-4449-8002-F3980D50D482} : DhcpNameServer = 0.0.0.0 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\25564625F6675627 : DhcpNameServer = 132.236.56.250 128.253.180.2 192.35.82.50 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\3603F6B4963302D603E653473327 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO-X64: IEPlugin - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\jgnu1qy7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-8-20 5751928] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-8-20 184304] R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?] R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-7-19 169776] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-7-19 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-19 163608] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-7-19 58224] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-7-19 61296] R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-7-19 179568] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992] R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-5-24 216072] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-24 69640] R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2012-7-19 446592] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-19 363800] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080] R3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys --> C:\Windows\system32\DRIVERS\RtsP2Stor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?] R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys --> C:\Windows\system32\DRIVERS\tvtvcamd.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-19 136176] S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-7-19 276248] S3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys --> C:\Windows\system32\DRIVERS\Fastboot.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-19 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-14 114144] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-7-19 1662560] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-7-19 1665120] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-22 20:41:32 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes 2012-09-22 20:41:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-22 20:41:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-22 20:41:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 15:01:08 -------- d-----w- C:\Users\Bobby\AppData\Local\Diagnostics 2012-09-22 06:00:26 388096 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-22 06:00:26 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-09-22 05:09:39 -------- d-----w- C:\Users\Bobby\AppData\Roaming\AVG2013 2012-09-22 05:08:43 -------- d-----w- C:\Users\Bobby\AppData\Roaming\TuneUp Software 2012-09-22 05:08:10 -------- d--h--w- C:\$AVG 2012-09-22 05:08:10 -------- d-----w- C:\ProgramData\AVG2013 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\MFAData 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\Avg2013 2012-09-21 21:40:22 -------- d--h--w- C:\Users\Bobby\AppData\Roaming\BFCD5A3E 2012-09-17 22:58:54 56672 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-09-14 09:34:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-09-12 15:47:20 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-12 15:47:02 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-09 17:28:52 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-09-03 02:06:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\offreg.dll 2012-08-31 12:37:27 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\mpengine.dll 2012-08-30 01:05:54 -------- d-----w- C:\Users\Bobby\AppData\Roaming\texstudio 2012-08-30 01:04:45 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MiKTeX 2012-08-30 01:04:16 -------- d-----w- C:\Users\Bobby\AppData\Local\MiKTeX 2012-08-30 00:48:48 -------- d-----w- C:\ProgramData\MiKTeX 2012-08-30 00:46:21 -------- d-----w- C:\Program Files\MiKTeX 2.9 2012-08-30 00:44:23 -------- d-----w- C:\Program Files (x86)\TeXstudio 2012-08-30 00:29:11 2188288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe 2012-08-30 00:29:11 1502208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe 2012-08-30 00:29:10 2042368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe 2012-08-30 00:29:08 12592939 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe 2012-08-30 00:29:00 12317403 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe 2012-08-30 00:25:06 7360000 ------w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503.exe 2012-08-30 00:25:05 9728000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503-x64.exe 2012-08-30 00:25:04 16457073 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TeXstudio\texstudio23_win32.exe 2012-08-30 00:25:03 655872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll 2012-08-30 00:25:03 568832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll 2012-08-30 00:25:03 224768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll 2012-08-30 00:24:58 2303488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python27.dll 2012-08-30 00:24:57 133120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe 2012-08-29 14:28:59 92672 ----a-w- C:\Windows\System32\redmonnt.dll 2012-08-29 14:28:59 49664 ----a-w- C:\Windows\System32\unredmon.exe 2012-08-29 14:28:58 -------- d-----w- C:\Program Files\Cornell University 2012-08-29 14:28:37 40960 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{5A6403D3-E177-42FD-AA16-2FBD441EA26E}\KerberosViewer.exe_2AF0AD33EBDF4A58B3D9A41DD1C1011D.exe 2012-08-28 14:47:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Western Digital 2012-08-25 16:54:59 -------- d-----w- C:\Users\Bobby\.jedit 2012-08-25 16:52:31 -------- d-----w- C:\Program Files\jEdit 2012-08-25 15:57:06 -------- d-----w- C:\Users\Bobby\.idlerc 2012-08-25 15:50:06 -------- d-----w- C:\Python27 2012-08-25 15:07:27 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MathWorks 2012-08-25 14:57:00 407104 ----a-w- C:\Windows\System32\MSHFLXGD.OCX 2012-08-25 14:57:00 203976 ----a-w- C:\Windows\System32\RICHTX32.OCX 2012-08-25 14:56:59 1077344 ----a-w- C:\Windows\System32\MSCOMCTL.OCX 2012-08-25 14:41:42 -------- d-----w- C:\Program Files\MATLAB 2012-08-25 13:40:58 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys 2012-08-25 13:40:58 -------- d-----w- C:\Program Files (x86)\PowerISO 2012-08-24 01:02:10 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Softland 2012-08-24 01:02:08 24968 ----a-w- C:\Windows\System32\dopdfmn7.dll 2012-08-24 01:02:08 21384 ----a-w- C:\Windows\System32\dopdfmi7.dll 2012-08-24 01:02:07 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll 2012-08-24 01:02:06 -------- d-----w- C:\Program Files\Softland . ==================== Find3M ==================== . 2012-08-22 02:31:38 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-22 02:31:38 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-22 02:31:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-16 02:23:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-16 02:23:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-13 20:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-08-10 08:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-08-09 17:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-07-19 22:25:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-07-19 22:25:22 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-07-19 22:23:42 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-07-19 22:23:42 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-07-19 22:23:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-19 22:23:12 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-19 22:23:12 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-07-19 22:23:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-07-19 22:23:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-19 22:23:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-19 22:23:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 16:59:24.03 ===============
-
FIrst and foremost, thank you for the help. Recently when I click links in Google, I am redirected to Spam websites. This happens regardless of which browser I use. I've included my HiJackThis log below and I've attached the results of the DDS scan. Again, thank you for the help - I genuinely appreciate it. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:05:22 AM, on 9/22/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Bobby\AppData\Roaming\KB00397977.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Apple Computer] rundll32.exe "C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll",AllocInstanceDataW O4 - HKCU\..\Run: [KB00397977.exe] "C:\Users\Bobby\AppData\Roaming\KB00397977.exe" O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing) O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing) O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14759 bytes Attach.txt DDS.txt
