[Google Redirect Virus]

Here are the results of checkup.txt:

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2013

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 7 Update 6

Java SE Development Kit 7 Update 6

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.3.300.268 Flash Player out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4%

````````````````````End of Log``````````````````````

[Google Redirect Virus]

MrC- I followed all of the Chrome and Firefox instructions and everything seems to be working fine... Do you think the issue is with the browser? Maybe I should stick to only one browser - perhaps delete Chrome and exclusively use Mozilla? Or maybe switch over to Opera only?

My only concern is that the virus returns. Any general tips/suggestions to ensure that doesn't happen?

Thanks

[Google Redirect Virus]

Hi MrC. Again, thanks so much for your help.

I ran FRST64.exe and pasted the results "FRST.txt" and "Search.txt" below.

I do *NOT* have a network bridge listed in my network connections.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012

Ran by SYSTEM at 28-09-2012 11:06:14

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)

HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()

HKLM\...\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1654400 2012-02-21] (Conexant Systems, Inc.)

HKLM\...\Run: [TpShocks] TpShocks.exe [x]

HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM-x32\...\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-03-06] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-13] (Intel Corporation)

HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5941344 2012-05-15] (Lenovo Group Limited)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo)

HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-13] (Lenovo, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3039352 2012-09-14] (AVG Technologies CZ, s.r.o.)

HKU\Bobby\...\Run: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-15] (Google Inc.)

HKU\Bobby\...\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)

HKU\Default\...\RunOnce: [] [x]

HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-14] ()

HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)

HKU\Default User\...\RunOnce: [] [x]

HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-14] ()

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Startup: C:\Users\Bobby\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5751928 2012-08-20] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [184304 2012-08-20] (AVG Technologies CZ, s.r.o.)

2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)

2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo)

2 Intel® Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [628448 2012-02-02] (Intel® Corporation)

2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()

2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)

2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)

2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited)

2 NitroDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe" [216072 2012-05-23] (Nitro PDF Software)

2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2012-05-23] (Nalpeiron Ltd.)

2 VIPAppService; "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe" [84080 2012-04-18] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [150880 2012-08-13] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [56672 2012-09-17] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [175968 2012-09-12] (AVG Technologies CZ, s.r.o.)

0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [230240 2012-08-09] (AVG Technologies CZ, s.r.o.)

1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [105312 2012-09-14] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40288 2012-08-10] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [199520 2012-09-12] (AVG Technologies CZ, s.r.o.)

3 Fastboot; C:\Windows\System32\Drivers\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider)

0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [19224 2012-04-13] (Intel Corporation)

3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356632 2012-04-13] (Intel Corporation)

3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [789272 2012-04-13] (Intel Corporation)

3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)

3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)

3 TVTI2C; C:\Windows\System32\Drivers\TVTI2C.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)

3 tvtvcamd; C:\Windows\System32\Drivers\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-28 11:06 - 2012-09-28 11:06 - 00000000 ____D C:\FRST

2012-09-27 18:41 - 2012-09-27 18:41 - 00001063 ____A C:\AdwCleaner[R1].txt

2012-09-27 18:40 - 2012-09-27 14:00 - 00513501 ____A C:\Users\Bobby\Desktop\adwcleaner.exe

2012-09-27 13:20 - 2012-09-27 13:20 - 00001902 ____A C:\Users\Bobby\Desktop\aswMBR.txt

2012-09-27 13:20 - 2012-09-27 13:20 - 00000512 ____A C:\Users\Bobby\Desktop\MBR.dat

2012-09-27 13:14 - 2012-09-27 13:14 - 00001942 ____A C:\Users\Bobby\Desktop\RKreport[3].txt

2012-09-27 13:13 - 2012-09-27 13:13 - 00002116 ____A C:\Users\Bobby\Desktop\RKreport[2].txt

2012-09-27 12:53 - 2012-09-27 13:14 - 00000000 ____D C:\Users\Bobby\Desktop\RK_Quarantine

2012-09-27 12:53 - 2012-09-27 12:53 - 00002098 ____A C:\Users\Bobby\Desktop\RKreport[1].txt

2012-09-27 10:36 - 2012-09-27 10:36 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Bobby\Desktop\tdsskiller.exe

2012-09-25 17:40 - 2012-09-25 17:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2012-09-25 17:40 - 2012-09-25 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-09-25 17:36 - 2012-09-25 17:37 - 13085120 ____A (Microsoft Corporation) C:\Users\Bobby\Downloads\Silverlight_x64.exe

2012-09-24 18:47 - 2012-09-24 18:51 - 324192964 ____A C:\Users\Bobby\Downloads\epd-7.3-2-win-x86.msi

2012-09-24 18:27 - 2012-09-24 18:28 - 47858637 ____A C:\Users\Bobby\Downloads\scipy-0.11.0rc2-win32-superpack-python2.7.exe

2012-09-24 18:14 - 2012-09-24 18:14 - 05746517 ____A C:\Users\Bobby\Downloads\numpy-1.6.2-win32-superpack-python2.7.exe

2012-09-24 17:31 - 2012-09-24 17:31 - 00000000 ____D C:\Program Files (x86)\Citrix

2012-09-24 17:30 - 2012-09-24 17:30 - 00000000 ____D C:\Users\Bobby\AppData\Local\Citrix

2012-09-24 11:55 - 2012-09-24 11:56 - 00000000 ____D C:\Users\All Users\BlueStacksSetup

2012-09-24 11:48 - 2012-09-24 11:53 - 146784256 ____A C:\Users\Bobby\Downloads\BlueStacks_HD_AppPlayerPro_setup_REL.msi

2012-09-24 10:57 - 2012-09-24 11:47 - 00000000 ____D C:\Users\Bobby\.android

2012-09-24 10:56 - 2012-09-27 10:44 - 00000000 ____D C:\Program Files (x86)\Android

2012-09-24 10:48 - 2012-09-24 10:52 - 70495456 ____A (Google Inc.) C:\Users\Bobby\Downloads\installer_r20.0.3-windows.exe

2012-09-23 15:08 - 2012-09-26 16:54 - 00000000 ____D C:\Users\Bobby\Desktop\ORIE 5100

2012-09-23 15:08 - 2012-09-24 18:17 - 00000000 ____D C:\Users\Bobby\Documents\Cornell

2012-09-23 15:08 - 2012-09-23 15:08 - 00000000 ____D C:\Users\Bobby\Desktop\ORIE 5340

2012-09-23 15:08 - 2012-09-23 15:08 - 00000000 ____D C:\Users\Bobby\Desktop\HADM 6050

2012-09-23 15:07 - 2012-09-26 16:54 - 00000000 ____D C:\Users\Bobby\Desktop\CS 5780

2012-09-23 15:02 - 2012-09-22 21:06 - 00201728 ____A (OldTimer Tools) C:\Users\Bobby\Desktop\OTC.exe

2012-09-22 12:41 - 2012-09-22 12:41 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\Malwarebytes

2012-09-22 12:41 - 2012-09-22 12:41 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-09-22 12:41 - 2012-09-22 12:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-22 12:41 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-22 12:35 - 2012-09-22 12:13 - 04731392 ____A (AVAST Software) C:\Users\Bobby\Desktop\aswMBR.exe

2012-09-22 12:35 - 2012-09-21 21:36 - 00607260 ____R (Swearware) C:\Users\Bobby\Desktop\dds.scr

2012-09-21 22:00 - 2012-09-21 22:00 - 00002975 ____A C:\Users\Bobby\Desktop\HiJackThis.lnk

2012-09-21 22:00 - 2012-09-21 22:00 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2012-09-21 21:09 - 2012-09-21 21:09 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\AVG2013

2012-09-21 21:08 - 2012-09-21 21:38 - 00000000 ____D C:\Users\All Users\AVG2013

2012-09-21 21:08 - 2012-09-21 21:08 - 00000000 ___HD C:\$AVG

2012-09-21 21:08 - 2012-09-21 21:08 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\TuneUp Software

2012-09-21 21:03 - 2012-09-21 21:12 - 00000000 ____D C:\Users\Bobby\AppData\Local\Avg2013

2012-09-21 21:03 - 2012-09-21 21:03 - 00000000 ____D C:\Users\Bobby\AppData\Local\MFAData

2012-09-17 14:58 - 2012-09-17 14:58 - 00056672 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys

2012-09-14 14:19 - 2012-09-14 14:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-09-14 01:34 - 2012-09-14 01:34 - 00105312 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys

2012-09-13 16:40 - 2012-09-13 16:40 - 01378816 ____A C:\Users\Bobby\Desktop\RogueKiller.exe

2012-09-12 07:47 - 2012-09-12 07:47 - 00199520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys

2012-09-12 07:47 - 2012-09-12 07:47 - 00175968 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys

2012-09-04 16:35 - 2012-09-04 16:35 - 00022242 ____A C:\Users\Bobby\Downloads\MinMaxSelection.zip

2012-09-03 07:49 - 2012-09-08 08:03 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\vlc

2012-08-30 19:54 - 2012-08-30 19:54 - 00013138 ____A C:\Users\Bobby\Downloads\f.fig

2012-08-30 19:24 - 2012-08-30 19:24 - 00003144 ____A C:\Users\Bobby\Downloads\plots.m

2012-08-29 17:05 - 2012-08-29 17:05 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\texstudio

2012-08-29 17:04 - 2012-08-29 17:04 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\MiKTeX

2012-08-29 17:04 - 2012-08-29 17:04 - 00000000 ____D C:\Users\Bobby\AppData\Local\MiKTeX

2012-08-29 16:48 - 2012-08-29 16:48 - 00000000 ____D C:\Users\All Users\MiKTeX

2012-08-29 16:46 - 2012-08-29 16:48 - 00000000 ____D C:\Program Files\MiKTeX 2.9

2012-08-29 16:44 - 2012-08-29 16:44 - 00000000 ____D C:\Program Files (x86)\TeXstudio

2012-08-29 06:28 - 2012-08-29 06:28 - 02795480 ____A (Cornell University ) C:\Users\Bobby\Downloads\NetPrint_x64_3.0.exe

2012-08-29 06:28 - 2012-08-29 06:28 - 00000000 ____D C:\Program Files\Cornell University

2012-08-29 06:28 - 2008-05-13 09:20 - 00049664 ____A C:\Windows\System32\unredmon.exe

2012-08-29 06:28 - 2008-05-02 10:55 - 00092672 ____A C:\Windows\System32\redmonnt.dll

2012-08-29 06:28 - 2006-05-18 08:01 - 00119152 ____A C:\Windows\System32\redmon.hlp

==================== 3 Months Modified Files ==================

2012-09-28 06:55 - 2012-07-19 14:49 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-28 06:55 - 2012-07-19 14:32 - 01285208 ____A C:\Windows\WindowsUpdate.log

2012-09-28 06:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-28 06:55 - 2009-07-13 20:51 - 00056983 ____A C:\Windows\setupact.log

2012-09-28 06:51 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-28 06:50 - 2012-08-14 20:12 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450884636-1247048604-675393396-1000UA.job

2012-09-28 06:50 - 2012-07-19 14:49 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-27 18:52 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-27 18:52 - 2009-07-13 20:45 - 00031472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-27 18:46 - 2012-07-19 14:34 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2012-09-27 18:41 - 2012-09-27 18:41 - 00001063 ____A C:\AdwCleaner[R1].txt

2012-09-27 18:32 - 2012-07-19 14:34 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2012-09-27 14:00 - 2012-09-27 18:40 - 00513501 ____A C:\Users\Bobby\Desktop\adwcleaner.exe

2012-09-27 13:20 - 2012-09-27 13:20 - 00001902 ____A C:\Users\Bobby\Desktop\aswMBR.txt

2012-09-27 13:20 - 2012-09-27 13:20 - 00000512 ____A C:\Users\Bobby\Desktop\MBR.dat

2012-09-27 13:14 - 2012-09-27 13:14 - 00001942 ____A C:\Users\Bobby\Desktop\RKreport[3].txt

2012-09-27 13:13 - 2012-09-27 13:13 - 00002116 ____A C:\Users\Bobby\Desktop\RKreport[2].txt

2012-09-27 12:53 - 2012-09-27 12:53 - 00002098 ____A C:\Users\Bobby\Desktop\RKreport[1].txt

2012-09-27 11:54 - 2012-08-14 20:12 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450884636-1247048604-675393396-1000Core.job

2012-09-27 10:36 - 2012-09-27 10:36 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Bobby\Desktop\tdsskiller.exe

2012-09-26 11:02 - 2010-11-20 19:47 - 00533814 ____A C:\Windows\PFRO.log

2012-09-25 17:37 - 2012-09-25 17:36 - 13085120 ____A (Microsoft Corporation) C:\Users\Bobby\Downloads\Silverlight_x64.exe

2012-09-24 18:51 - 2012-09-24 18:47 - 324192964 ____A C:\Users\Bobby\Downloads\epd-7.3-2-win-x86.msi

2012-09-24 18:28 - 2012-09-24 18:27 - 47858637 ____A C:\Users\Bobby\Downloads\scipy-0.11.0rc2-win32-superpack-python2.7.exe

2012-09-24 18:14 - 2012-09-24 18:14 - 05746517 ____A C:\Users\Bobby\Downloads\numpy-1.6.2-win32-superpack-python2.7.exe

2012-09-24 11:53 - 2012-09-24 11:48 - 146784256 ____A C:\Users\Bobby\Downloads\BlueStacks_HD_AppPlayerPro_setup_REL.msi

2012-09-24 10:52 - 2012-09-24 10:48 - 70495456 ____A (Google Inc.) C:\Users\Bobby\Downloads\installer_r20.0.3-windows.exe

2012-09-22 21:06 - 2012-09-23 15:02 - 00201728 ____A (OldTimer Tools) C:\Users\Bobby\Desktop\OTC.exe

2012-09-22 12:13 - 2012-09-22 12:35 - 04731392 ____A (AVAST Software) C:\Users\Bobby\Desktop\aswMBR.exe

2012-09-21 22:00 - 2012-09-21 22:00 - 00002975 ____A C:\Users\Bobby\Desktop\HiJackThis.lnk

2012-09-21 21:36 - 2012-09-22 12:35 - 00607260 ____R (Swearware) C:\Users\Bobby\Desktop\dds.scr

2012-09-17 14:58 - 2012-09-17 14:58 - 00056672 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys

2012-09-14 14:19 - 2012-09-14 14:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-09-14 01:34 - 2012-09-14 01:34 - 00105312 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys

2012-09-13 16:40 - 2012-09-13 16:40 - 01378816 ____A C:\Users\Bobby\Desktop\RogueKiller.exe

2012-09-12 07:47 - 2012-09-12 07:47 - 00199520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys

2012-09-12 07:47 - 2012-09-12 07:47 - 00175968 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys

2012-09-07 13:04 - 2012-09-22 12:41 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-04 16:35 - 2012-09-04 16:35 - 00022242 ____A C:\Users\Bobby\Downloads\MinMaxSelection.zip

2012-08-30 19:54 - 2012-08-30 19:54 - 00013138 ____A C:\Users\Bobby\Downloads\f.fig

2012-08-30 19:24 - 2012-08-30 19:24 - 00003144 ____A C:\Users\Bobby\Downloads\plots.m

2012-08-29 12:21 - 2012-07-19 14:47 - 629145600 __ASH C:\Windows\lenovo_fastboot.img

2012-08-29 06:28 - 2012-08-29 06:28 - 02795480 ____A (Cornell University ) C:\Users\Bobby\Downloads\NetPrint_x64_3.0.exe

2012-08-25 18:47 - 2012-08-25 18:47 - 00192512 ____A C:\Users\Bobby\Downloads\nmhd-template4.xls

2012-08-23 19:30 - 2009-07-13 20:45 - 00434552 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-23 19:11 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-08-23 09:46 - 2012-08-14 17:20 - 00122152 ____A C:\Users\Bobby\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-21 18:31 - 2012-08-21 18:31 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-08-21 18:31 - 2012-08-21 18:31 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-08-21 18:31 - 2012-08-21 18:31 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-08-21 18:31 - 2012-08-21 18:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-08-21 18:31 - 2012-08-21 18:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-08-21 18:31 - 2012-08-21 18:31 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-08-18 14:39 - 2012-08-18 14:39 - 00294574 ____A C:\Windows\msxml4-KB973688-enu.LOG

2012-08-18 14:38 - 2012-08-18 14:38 - 00294862 ____A C:\Windows\msxml4-KB954430-enu.LOG

2012-08-17 20:54 - 2012-08-15 05:15 - 00004549 ____A C:\Users\Bobby\AppData\Roaming\AbsoluteReminder.xml

2012-08-16 20:41 - 2012-08-25 05:40 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys

2012-08-15 20:31 - 2012-08-15 20:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf

2012-08-15 18:23 - 2012-08-15 18:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-15 18:23 - 2012-08-15 18:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-15 05:15 - 2012-08-15 05:15 - 00000000 ____A C:\Users\Bobby\agent.log

2012-08-15 05:14 - 2012-08-15 05:14 - 00000020 ___SH C:\Users\Bobby\ntuser.ini

2012-08-15 05:14 - 2012-08-15 05:14 - 00000000 ____A C:\Windows\firstboot.dat

2012-08-14 17:19 - 2012-07-19 14:33 - 00000042 ____A C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_Edge_E430_3254_CTO.MRK

2012-08-13 12:40 - 2012-08-13 12:40 - 00150880 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys

2012-08-10 00:52 - 2012-08-10 00:52 - 00040288 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys

2012-08-09 09:56 - 2012-08-09 09:56 - 00230240 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys

2012-08-03 00:27 - 2012-08-18 14:19 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-19 15:05 - 2009-07-13 20:46 - 00005075 ____A C:\Windows\DtcInstall.log

2012-07-19 14:59 - 2012-07-19 14:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf

2012-07-19 14:59 - 2012-07-19 14:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf

2012-07-19 14:59 - 2012-07-19 14:58 - 00001346 ____A C:\Windows\Synaptics.log

2012-07-19 14:59 - 2012-07-19 14:31 - 00022232 ____A C:\Windows\DPINST.LOG

2012-07-19 14:53 - 2012-07-19 14:53 - 00000020 ____A C:\Windows\¬ôÁ

2012-07-19 14:53 - 2012-07-19 14:44 - 00198794 ____A C:\Windows\DirectX.log

2012-07-19 14:48 - 2012-07-19 14:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_tcwbf_01_09_00.Wdf

2012-07-19 14:48 - 2012-07-19 14:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf

2012-07-19 14:47 - 2012-07-19 14:47 - 00196608 ____A C:\Windows\ocsetup_install_OEMHelpCustomization.etl

2012-07-19 14:47 - 2012-07-19 14:47 - 00028728 ____A C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.txt

2012-07-19 14:36 - 2012-07-19 14:36 - 00000207 ____A C:\setup.log

2012-07-19 14:35 - 2012-07-19 14:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf

2012-07-19 14:29 - 2011-02-24 09:05 - 00005949 ____A C:\Windows\TSSysprep.log

2012-07-19 14:25 - 2012-07-19 14:25 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-07-19 14:25 - 2012-07-19 14:25 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-07-19 14:24 - 2012-07-19 14:24 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl

2012-07-19 14:24 - 2012-07-19 14:24 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys

2012-07-19 14:24 - 2012-07-19 14:24 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl

2012-07-19 14:24 - 2012-07-19 14:24 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-07-19 14:24 - 2012-07-19 14:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-07-19 14:24 - 2012-07-19 14:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2012-07-19 14:23 - 2012-07-19 14:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-07-19 14:23 - 2012-07-19 14:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-07-19 14:22 - 2012-07-19 14:22 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax

2012-07-19 14:22 - 2012-07-19 14:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax

2012-07-19 14:22 - 2012-07-19 14:22 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe

2012-07-19 14:22 - 2012-07-19 14:22 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll

2012-07-19 14:22 - 2012-07-19 14:22 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll

2012-07-19 14:21 - 2012-07-19 14:21 - 00262144 ____A C:\Windows\IE90-ENU.LOG.bootstrap.dpx

2012-07-19 14:21 - 2012-07-19 14:21 - 00196608 ____A C:\Windows\IE90-ENU.LOG.bootstrap.perf

2012-07-19 14:21 - 2012-07-19 14:21 - 00062952 ____A C:\Windows\ENU-ie90.log

2012-07-19 14:21 - 2012-07-19 14:21 - 00038495 ____A C:\Windows\IE90-ENU.log

2012-07-18 21:57 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG

2012-07-18 21:57 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template

2012-07-18 21:40 - 2012-07-18 21:57 - 00000012 ____A C:\Windows\CSUP.TXT

2012-07-18 10:15 - 2012-08-15 23:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-04 14:16 - 2012-08-15 23:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-15 23:05 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-15 23:05 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-15 23:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-15 23:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-21 20:54:14

Restore point made on: 2012-09-21 20:55:15

Restore point made on: 2012-09-21 21:07:35

Restore point made on: 2012-09-21 21:07:58

Restore point made on: 2012-09-21 22:00:17

Restore point made on: 2012-09-24 11:54:17

Restore point made on: 2012-09-27 10:45:16

==================== Memory info ===========================

Percentage of memory in use: 23%

Total physical RAM: 3689.96 MB

Available physical RAM: 2826 MB

Total Pagefile: 3688.16 MB

Available Pagefile: 2821.57 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Windows7_OS) (Fixed) (Total:279.05 GB) (Free:189.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (Lenovo_Recovery) (Fixed) (Total:17.58 GB) (Free:6.58 GB) NTFS

4 Drive g: (TOSHIBA) (Removable) (Total:3.72 GB) (Free:3.62 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 3821 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1500 MB 1024 KB

Partition 2 Primary 279 GB 1501 MB

Partition 3 Primary 17 GB 280 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM_DRV NTFS Partition 1500 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Windows7_OS NTFS Partition 279 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E Lenovo_Reco NTFS Partition 17 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3821 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G TOSHIBA FAT32 Removable 3821 MB Healthy

=========================================================

Last Boot: 2012-09-27 14:12

==================== End Of Log =============================

Search.txt:

Farbar Recovery Scan Tool (x64) Version: 25-09-2012

Ran by SYSTEM at 2012-09-28 11:07:36

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

[Google Redirect Virus]

Hi MrC! Sorry for the delay...

1. You're right - I no longer get the error after I re-boot.

2. Here is the content of the AdwCleaner log:

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 22:41:42

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Bobby - BOBBY-THINK

# Boot Mode : Normal

# Running from : C:\Users\Bobby\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Partner

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default-1348354658048 [Profil par défaut]

File : C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\phgeso05.default-1348354658048\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [936 octets] - [27/09/2012 22:41:42]

########## EOF - C:\AdwCleaner[R1].txt - [995 octets] ##########

[Google Redirect Virus]

Okay, awesome!! I've attached the following:

1. RougeKiller file created on my desktop *AFTER* deleting the files you told me to.
   
2. aswMBR log
   

1. RougeKiller file created on my desktop *AFTER* deleting the files you told me to

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Bobby [Admin rights]

Mode : Remove -- Date : 09/27/2012 17:14:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[RUN][bLACKLIST DLL] HKCU\[...]\Run : Absolute_Software (rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++

--- User ---

[MBR] 1a32068ead43316df46083136dcc5a14

[bSP] 1c4800de452768b6d964d568f52efec0 : Lenovo tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] d234c43d41647f376d614833f0ee9aae

[bSP] 2ef9cc4afb18b71bca3360572191f969 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

2. aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-27 17:15:20

-----------------------------

17:15:20.014 OS Version: Windows x64 6.1.7601 Service Pack 1

17:15:20.014 Number of processors: 4 586 0x3A09

17:15:20.014 ComputerName: BOBBY-THINK UserName: Bobby

17:15:20.763 Initialize success

17:16:05.732 AVAST engine defs: 12092700

17:16:10.880 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:16:10.895 Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3

17:16:10.911 Disk 0 MBR read successfully

17:16:10.911 Disk 0 MBR scan

17:16:10.926 Disk 0 unknown MBR code

17:16:10.926 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048

17:16:10.942 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 285743 MB offset 3074048

17:16:10.989 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18000 MB offset 588275712

17:16:11.036 Disk 0 scanning C:\Windows\system32\drivers

17:16:22.236 Service scanning

17:16:40.067 Modules scanning

17:16:40.067 Disk 0 trace - called modules:

17:16:40.145 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

17:16:40.145 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069b5060]

17:16:40.161 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80036ac7e0]

17:16:40.161 5 ACPI.sys[fffff88000f697a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005763050]

17:16:41.034 AVAST engine scan C:\Windows

17:16:43.920 AVAST engine scan C:\Windows\system32

17:19:21.340 AVAST engine scan C:\Windows\system32\drivers

17:19:30.778 AVAST engine scan C:\Users\Bobby

17:20:18.421 Disk 0 MBR has been saved successfully to "C:\Users\Bobby\Desktop\MBR.dat"

17:20:18.436 The log file has been saved successfully to "C:\Users\Bobby\Desktop\aswMBR.txt"

[Google Redirect Virus]

Hi MrC-

I followed your instructions exactly - here is the report that appeared on my Desktop:

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Bobby [Admin rights]

Mode : Scan -- Date : 09/27/2012 16:53:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][bLACKLIST DLL] HKCU\[...]\Run : Absolute_Software (rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-21-2450884636-1247048604-675393396-1000[...]\Run : Absolute_Software (rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++

--- User ---

[MBR] 1a32068ead43316df46083136dcc5a14

[bSP] 1c4800de452768b6d964d568f52efec0 : Lenovo tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] d234c43d41647f376d614833f0ee9aae

[bSP] 2ef9cc4afb18b71bca3360572191f969 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Google Redirect Virus]

Yes, I am on a wireless network. And per your request, I have attached the TDSSKiller log. I tried to paste it in my response but I was told the post is too long.

TDSSKiller.txt

[Google Redirect Virus]

Hi MrC,

First, I deleted C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll,

but upon restarting I got the following pop-up:

Second, I ran TDSSKiller and everything came back clean. Here is the result from TDSSKiller:

Any idea on what to do next? Thanks again for the help, MrC!

[Google Redirect Virus]

Thanks for the quick reply, MrC. I'll post my results in the next 15 minutes.

[Google Redirect Virus]

Hi MrC- I just tried in safe mode and I got the same error: "...\Desktop\RogueKiller.exe is not a valid Win32 Application." I think this has to do with me running a 64-bit version of Windows, not a 32-bit version.

Any other applications I can use to scan my machine for you?

Thanks so much for your help!

[Google Redirect Virus]

Thanks for the quick response, MrCharlie. I use Mozilla Firefox and Google Chrome and both of them are infected.

I tried downloading and running RougeKiller.exe as an administrator, but I got an error that said "...\Desktop\RogueKiller.exe is not a valid Win32 Application."

Any ideas on how I can get around this? Or maybe there is another program I can run to scan my machine?

Again, thanks for helping me figure this out.

[Google Redirect Virus]

I have a virus where anytime I click a link from a Google search, I'm redirected to a spam website. I had this issue this past weekend, but Maniac helped me get rid of it (see: http://forums.malwarebytes.org/index.php?showtopic=116257). Unfortunately, the issue came back - I don't know how this happened.

Can someone please help me permaneately remove this annoying, invasive virus? I've included the Malwarebytes Antivirus log, DDS.txt, and Attach.txt below. Thank you for your help and support!

• Malwarebytes Antivirus Log:
  

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.26.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bobby :: BOBBY-THINK [administrator]

9/26/2012 2:55:37 PM

mbam-log-2012-09-26 (14-55-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200092

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Bobby\AppData\Local\Temp\0.48053279246894465 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

• DDS.txt:
  

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2

Run by Bobby at 20:34:17 on 2012-09-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3690.1624 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

C:\Windows\system32\CxAudMsg64.exe

C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Windows\SysWOW64\SAsrv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\BlueStacks\HD-Service.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\BlueStacks\HD-Network.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\BlueStacks\HD-Agent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Bobby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [Absolute_Software] rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

StartupFolder: C:\Users\Bobby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{30942EEA-CE1B-4449-8002-F3980D50D482} : DhcpNameServer = 0.0.0.0

TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\25564625F6675627 : DhcpNameServer = 132.236.56.250 128.253.180.2 192.35.82.50

TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\3603F6B4963302D603E653473327 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO-X64: IEPlugin - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun-x64: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\phgeso05.default-1348354658048\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Bobby\AppData\Local\Citrix\Plugins\60\npappdetector.dll

FF - plugin: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-9-18 71032]

R3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys --> C:\Windows\system32\DRIVERS\RtsP2Stor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]

R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys --> C:\Windows\system32\DRIVERS\tvtvcamd.sys [?]

S3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys --> C:\Windows\system32\DRIVERS\Fastboot.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-09-25 01:31:11 -------- d-----w- C:\Program Files (x86)\Citrix

2012-09-25 01:30:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Citrix

2012-09-24 19:55:01 -------- d-----w- C:\ProgramData\BlueStacksSetup

2012-09-24 19:54:45 -------- d-----w- C:\ProgramData\BlueStacks

2012-09-24 19:54:45 -------- d-----w- C:\Program Files (x86)\BlueStacks

2012-09-24 18:57:24 -------- d-----w- C:\Users\Bobby\.android

2012-09-24 18:56:23 -------- d-----w- C:\Program Files (x86)\Android

2012-09-22 20:41:32 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes

2012-09-22 20:41:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-22 20:41:22 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-22 20:41:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-22 15:01:08 -------- d-----w- C:\Users\Bobby\AppData\Local\Diagnostics

2012-09-22 06:00:26 388096 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-22 06:00:26 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-09-22 05:09:39 -------- d-----w- C:\Users\Bobby\AppData\Roaming\AVG2013

2012-09-22 05:08:43 -------- d-----w- C:\Users\Bobby\AppData\Roaming\TuneUp Software

2012-09-22 05:08:10 -------- d--h--w- C:\$AVG

2012-09-22 05:08:10 -------- d-----w- C:\ProgramData\AVG2013

2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\MFAData

2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\Avg2013

2012-09-17 22:58:54 56672 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-09-14 09:34:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-09-12 15:47:20 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-09-12 15:47:02 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-09 17:28:52 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-09-03 02:06:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\offreg.dll

2012-08-31 12:37:27 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\mpengine.dll

2012-08-30 01:05:54 -------- d-----w- C:\Users\Bobby\AppData\Roaming\texstudio

2012-08-30 01:04:45 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MiKTeX

2012-08-30 01:04:16 -------- d-----w- C:\Users\Bobby\AppData\Local\MiKTeX

2012-08-30 00:48:48 -------- d-----w- C:\ProgramData\MiKTeX

2012-08-30 00:46:21 -------- d-----w- C:\Program Files\MiKTeX 2.9

2012-08-30 00:44:23 -------- d-----w- C:\Program Files (x86)\TeXstudio

2012-08-30 00:29:11 2188288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe

2012-08-30 00:29:11 1502208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe

2012-08-30 00:29:10 2042368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe

2012-08-30 00:29:08 12592939 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe

2012-08-30 00:29:00 12317403 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe

2012-08-30 00:25:06 7360000 ------w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503.exe

2012-08-30 00:25:05 9728000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503-x64.exe

2012-08-30 00:25:04 16457073 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TeXstudio\texstudio23_win32.exe

2012-08-30 00:25:03 655872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll

2012-08-30 00:25:03 568832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll

2012-08-30 00:25:03 224768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll

2012-08-30 00:24:58 2303488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python27.dll

2012-08-30 00:24:57 133120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe

2012-08-29 14:28:59 92672 ----a-w- C:\Windows\System32\redmonnt.dll

2012-08-29 14:28:59 49664 ----a-w- C:\Windows\System32\unredmon.exe

2012-08-29 14:28:58 -------- d-----w- C:\Program Files\Cornell University

2012-08-29 14:28:37 40960 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{5A6403D3-E177-42FD-AA16-2FBD441EA26E}\KerberosViewer.exe_2AF0AD33EBDF4A58B3D9A41DD1C1011D.exe

2012-08-28 14:47:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Western Digital

.

==================== Find3M ====================

.

2012-08-22 02:31:38 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-22 02:31:38 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-22 02:31:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-17 04:41:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2012-08-16 02:23:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 02:23:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-13 20:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-08-10 08:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-08-09 17:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2012-07-19 22:25:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-07-19 22:25:22 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-07-19 22:23:42 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-07-19 22:23:42 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-07-19 22:23:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-07-19 22:23:26 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-07-19 22:23:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-19 22:23:12 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-19 22:23:12 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-07-19 22:23:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-07-19 22:23:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-19 22:23:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-19 22:23:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

.

============= FINISH: 20:35:30.52 ===============

• Attach.txt:
  

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/15/2012 9:14:14 AM

System Uptime: 9/26/2012 5:49:21 PM (3 hours ago)

.

Motherboard: LENOVO | | 3254CTO

Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 188.679 GiB free.

D: is CDROM ()

Q: is FIXED (NTFS) - 18 GiB total, 6.576 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP41: 9/22/2012 12:54:08 AM - Removed AVG 2012

RP42: 9/22/2012 12:55:12 AM - Removed AVG 2012

RP43: 9/22/2012 1:07:28 AM - Installed AVG 2013

RP44: 9/22/2012 1:07:48 AM - Installed AVG 2013

RP45: 9/22/2012 2:00:13 AM - Installed HiJackThis

RP46: 9/24/2012 3:54:08 PM - Installed BlueStacks

.

==== Installed Programs ======================

.

Absolute Reminder

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Android SDK Tools

Apple Application Support

Apple Software Update

BlueStacks

Burn.Now 4.5

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Corel Burn.Now Lenovo Edition

Corel WinDVD

Create Recovery Media

D3DX10

Dropbox

Evernote v. 4.5.8

Google Chrome

Google Talk Plugin

Google Update Helper

GoToMeeting 5.3.0.1010

HiJackThis

Integrated Camera Driver Installer Package Ver.1.2.1.18

Intel® Control Center

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 6

Java Auto Updater

Java SE Development Kit 7 Update 6

Junk Mail filter update

Kerberos Ticket Viewer

Lenovo Patch Utility

Lenovo Registration

Lenovo User Guide

Lenovo Warranty Information

Malwarebytes Anti-Malware version 1.65.0.1400

Mesh Runtime

Microsoft Office

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetBeans IDE 7.2

Notepad++

Power Manager

PowerISO

QuickTime

RapidBoot HDD Accelerator

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.10

Spotify

SugarSync Manager

System Update

TeXstudio 2.3

ThinkPad Wireless LAN Adapter Software

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VIP Access

Visual Studio 2008 x64 Redistributables

VLC media player 2.0.3

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

9/26/2012 8:34:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVGIDSAgent service.

9/26/2012 3:03:07 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

9/26/2012 3:02:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

9/24/2012 12:23:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

9/24/2012 12:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

9/24/2012 12:22:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

9/22/2012 4:51:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

.

==== End Of File ===========================

[Google Redirects to Spam websites]

I manually deleted the folder you told me to delete and things seem to be working well - Thanks so much for the help, Maniac!

I'll let you know if anything changes in the next week or so, but do you have any general tips/suggestions for me to keep my machine clear of spyware/spam/etc?

Thanks again!

[Google Redirects to Spam websites]

Hi Maniac,

Thank you for the quick response and your willingness to help.

1. I deleted µTorrent

2. I ran a Quick Scan in Malwarebytes' Anti-Malware. Here is the log:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.22.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bobby :: BOBBY-THINK [administrator]

9/22/2012 4:45:09 PM

mbam-log-2012-09-22 (16-45-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198793

Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 1

C:\Users\Bobby\AppData\Roaming\KB00397977.exe (Trojan.Agent.Gen) -> 6784 -> Delete on reboot.

Memory Modules Detected: 1

C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00397977.exe (Trojan.Agent.Gen) -> Data: "C:\Users\Bobby\AppData\Roaming\KB00397977.exe" -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apple Computer (Trojan.Agent) -> Data: rundll32.exe "C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll",AllocInstanceDataW -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Bobby\AppData\Local\Temp\0.6298126096871013 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Users\Bobby\AppData\Roaming\KB00397977.exe (Trojan.Agent.Gen) -> Delete on reboot.

C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll (Trojan.Agent) -> Delete on reboot.

(end)

3. I ran a scan with aswMBR.exe. Here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-22 16:57:23

-----------------------------

16:57:23.137 OS Version: Windows x64 6.1.7601 Service Pack 1

16:57:23.137 Number of processors: 4 586 0x3A09

16:57:23.137 ComputerName: BOBBY-THINK UserName: Bobby

16:57:24.073 Initialize success

16:57:46.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:57:46.712 Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3

16:57:46.727 Disk 0 MBR read successfully

16:57:46.743 Disk 0 MBR scan

16:57:46.743 Disk 0 unknown MBR code

16:57:46.743 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048

16:57:46.774 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 285743 MB offset 3074048

16:57:46.821 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18000 MB offset 588275712

16:57:46.868 Disk 0 scanning C:\Windows\system32\drivers

16:57:54.184 Service scanning

16:58:07.038 Modules scanning

16:58:07.038 Disk 0 trace - called modules:

16:58:07.054 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

16:58:07.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069b5060]

16:58:07.070 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80040c6e40]

16:58:07.085 5 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040cb050]

16:58:07.085 Scan finished successfully

16:58:21.749 Disk 0 MBR has been saved successfully to "C:\Users\Bobby\Desktop\MBR.dat"

16:58:21.749 The log file has been saved successfully to "C:\Users\Bobby\Desktop\aswMBR.txt"

4. Here is a fresh DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2

Run by Bobby at 16:58:56 on 2012-09-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3690.2239 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\CxAudMsg64.exe

C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Windows\SysWOW64\SAsrv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Bobby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{30942EEA-CE1B-4449-8002-F3980D50D482} : DhcpNameServer = 0.0.0.0

TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\25564625F6675627 : DhcpNameServer = 132.236.56.250 128.253.180.2 192.35.82.50

TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\3603F6B4963302D603E653473327 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO-X64: IEPlugin - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\jgnu1qy7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-8-20 5751928]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-8-20 184304]

R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]

R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-7-19 169776]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-7-19 128280]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-19 163608]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-7-19 58224]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-7-19 61296]

R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-7-19 179568]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992]

R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-5-24 216072]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-24 69640]

R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2012-7-19 446592]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-19 363800]

R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]

R3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys --> C:\Windows\system32\DRIVERS\RtsP2Stor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]

R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys --> C:\Windows\system32\DRIVERS\tvtvcamd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-19 136176]

S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-7-19 276248]

S3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys --> C:\Windows\system32\DRIVERS\Fastboot.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-19 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-14 114144]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-7-19 1662560]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-7-19 1665120]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-22 20:41:32 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes

2012-09-22 20:41:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-22 20:41:22 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-22 20:41:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-22 15:01:08 -------- d-----w- C:\Users\Bobby\AppData\Local\Diagnostics

2012-09-22 06:00:26 388096 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-22 06:00:26 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-09-22 05:09:39 -------- d-----w- C:\Users\Bobby\AppData\Roaming\AVG2013

2012-09-22 05:08:43 -------- d-----w- C:\Users\Bobby\AppData\Roaming\TuneUp Software

2012-09-22 05:08:10 -------- d--h--w- C:\$AVG

2012-09-22 05:08:10 -------- d-----w- C:\ProgramData\AVG2013

2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\MFAData

2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\Avg2013

2012-09-21 21:40:22 -------- d--h--w- C:\Users\Bobby\AppData\Roaming\BFCD5A3E

2012-09-17 22:58:54 56672 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-09-14 09:34:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-09-12 15:47:20 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-09-12 15:47:02 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-09 17:28:52 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-09-03 02:06:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\offreg.dll

2012-08-31 12:37:27 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\mpengine.dll

2012-08-30 01:05:54 -------- d-----w- C:\Users\Bobby\AppData\Roaming\texstudio

2012-08-30 01:04:45 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MiKTeX

2012-08-30 01:04:16 -------- d-----w- C:\Users\Bobby\AppData\Local\MiKTeX

2012-08-30 00:48:48 -------- d-----w- C:\ProgramData\MiKTeX

2012-08-30 00:46:21 -------- d-----w- C:\Program Files\MiKTeX 2.9

2012-08-30 00:44:23 -------- d-----w- C:\Program Files (x86)\TeXstudio

2012-08-30 00:29:11 2188288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe

2012-08-30 00:29:11 1502208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe

2012-08-30 00:29:10 2042368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe

2012-08-30 00:29:08 12592939 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe

2012-08-30 00:29:00 12317403 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe

2012-08-30 00:25:06 7360000 ------w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503.exe

2012-08-30 00:25:05 9728000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503-x64.exe

2012-08-30 00:25:04 16457073 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TeXstudio\texstudio23_win32.exe

2012-08-30 00:25:03 655872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll

2012-08-30 00:25:03 568832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll

2012-08-30 00:25:03 224768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll

2012-08-30 00:24:58 2303488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python27.dll

2012-08-30 00:24:57 133120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe

2012-08-29 14:28:59 92672 ----a-w- C:\Windows\System32\redmonnt.dll

2012-08-29 14:28:59 49664 ----a-w- C:\Windows\System32\unredmon.exe

2012-08-29 14:28:58 -------- d-----w- C:\Program Files\Cornell University

2012-08-29 14:28:37 40960 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{5A6403D3-E177-42FD-AA16-2FBD441EA26E}\KerberosViewer.exe_2AF0AD33EBDF4A58B3D9A41DD1C1011D.exe

2012-08-28 14:47:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Western Digital

2012-08-25 16:54:59 -------- d-----w- C:\Users\Bobby\.jedit

2012-08-25 16:52:31 -------- d-----w- C:\Program Files\jEdit

2012-08-25 15:57:06 -------- d-----w- C:\Users\Bobby\.idlerc

2012-08-25 15:50:06 -------- d-----w- C:\Python27

2012-08-25 15:07:27 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MathWorks

2012-08-25 14:57:00 407104 ----a-w- C:\Windows\System32\MSHFLXGD.OCX

2012-08-25 14:57:00 203976 ----a-w- C:\Windows\System32\RICHTX32.OCX

2012-08-25 14:56:59 1077344 ----a-w- C:\Windows\System32\MSCOMCTL.OCX

2012-08-25 14:41:42 -------- d-----w- C:\Program Files\MATLAB

2012-08-25 13:40:58 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys

2012-08-25 13:40:58 -------- d-----w- C:\Program Files (x86)\PowerISO

2012-08-24 01:02:10 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Softland

2012-08-24 01:02:08 24968 ----a-w- C:\Windows\System32\dopdfmn7.dll

2012-08-24 01:02:08 21384 ----a-w- C:\Windows\System32\dopdfmi7.dll

2012-08-24 01:02:07 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll

2012-08-24 01:02:06 -------- d-----w- C:\Program Files\Softland

.

==================== Find3M ====================

.

2012-08-22 02:31:38 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-22 02:31:38 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-22 02:31:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-16 02:23:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 02:23:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-13 20:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-08-10 08:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-08-09 17:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2012-07-19 22:25:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-07-19 22:25:22 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-07-19 22:23:42 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-07-19 22:23:42 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-07-19 22:23:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-07-19 22:23:26 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-07-19 22:23:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-19 22:23:12 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-19 22:23:12 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-07-19 22:23:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-07-19 22:23:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-19 22:23:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-19 22:23:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 16:59:24.03 ===============

[Google Redirects to Spam websites]

FIrst and foremost, thank you for the help. Recently when I click links in Google, I am redirected to Spam websites. This happens regardless of which browser I use.

I've included my HiJackThis log below and I've attached the results of the DDS scan.

Again, thank you for the help - I genuinely appreciate it.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:05:22 AM, on 9/22/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Bobby\AppData\Roaming\KB00397977.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKCU\..\Run: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [Apple Computer] rundll32.exe "C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll",AllocInstanceDataW

O4 - HKCU\..\Run: [KB00397977.exe] "C:\Users\Bobby\AppData\Roaming\KB00397977.exe"

O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe

O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE

O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)

O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14759 bytes

Attach.txt

DDS.txt