elahigothamcity

This scan took a while lol. C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar113.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC2.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage62.zip Win32/Bagle.gen.zip worm C:\AdwCleaner\Quarantine\C\Program Files\file scout\filescout.exe.vir a variant of Win32/FileScout.A application cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar113.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage62.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\Users\zamanmm\AppData\Local\ea2d680b-f8b8-4c94-bac3-4eba027033fb.crx JS/Redirector.NCG trojan deleted - quarantined

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013 Ran by zamanmm at 2013-10-30 18:18:01 Run:1 Running from C:\Users\zamanmm\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [116088 2013-04-17] () C:\Users\zamanmm\AppData\Roaming\ShopAtHome HKCU\...\Winlogon: [shell] explorer.exe, <==== ATTENTION HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com BHO: ShopAtHome.com Cash Back Helper - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com) Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File C:\Program Files\Coupons.com CouponBar Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com) Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com) C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde} C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@ C:\Users\zamanmm\dg3rviae081105.exe C:\Users\zamanmm\pg3rae100902.exe C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe End ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => Value deleted successfully. C:\Users\zamanmm\AppData\Roaming\ShopAtHome => Moved successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F} => Key deleted successfully. HKCR\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Value deleted successfully. HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key deleted successfully. C:\Program Files\Coupons.com CouponBar => Moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully. HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Value deleted successfully. HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully. HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key not found. C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde => Directory moved successfully. C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde => Deleted successfully. C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde} => Moved successfully. "C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@" => File/Directory not found. C:\Users\zamanmm\dg3rviae081105.exe => Moved successfully. C:\Users\zamanmm\pg3rae100902.exe => Moved successfully. C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ==== Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.30.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19475 zamanmm :: ZAMANS-PC [administrator] 10/30/2013 6:20:30 PM mbam-log-2013-10-30 (18-20-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234797 Time elapsed: 11 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.75 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 8 Out of date! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton 360 Premier Edition WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 6 Update 29 Java 7 Update 25 Java SE Runtime Environment 6 Java 6 Update 7 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

# AdwCleaner v3.010 - Report created 30/10/2013 at 16:54:24# Updated 20/10/2013 by Xplode# Operating System : Windows Vista Business Service Pack 2 (32 bits)# Username : zamanmm - ZAMANS-PC# Running from : C:\Users\zamanmm\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : vToolbarUpdater17.0.12 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\ViewpointFolder Deleted : C:\Program Files\AVG Secure SearchFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\file scoutFolder Deleted : C:\Program Files\VideoPerformerFolder Deleted : C:\Program Files\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files\Common Files\Software Update UtilityFolder Deleted : C:\Users\zamanmm\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\zamanmm\AppData\Local\PackageAwareFolder Deleted : C:\Users\zamanmm\AppData\Local\TempDirFolder Deleted : C:\Users\zamanmm\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\zamanmm\AppData\LocalLow\ConduitFolder Deleted : C:\Users\zamanmm\AppData\LocalLow\DeltaFolder Deleted : C:\Users\zamanmm\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\zamanmm\AppData\LocalLow\Toolbar4Folder Deleted : C:\Users\zamanmm\AppData\Roaming\PerformerSoftFolder Deleted : C:\Users\zamanmm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformerFolder Deleted : C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFile Deleted : C:\Windows\System32\Tasks\BrowserProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B86C9883-5DC6-40CC-9FE1-CC9D48DEF137}[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B86C9883-5DC6-40CC-9FE1-CC9D48DEF137}Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnablerKey Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Key Deleted : HKLM\SOFTWARE\Classes\dnUpdateKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowserKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControllerKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsKey Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequestKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTaskKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManagerKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookKey Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKCU\Software\580ded8bd3ced17Key Deleted : HKLM\SOFTWARE\580ded8bd3ced17Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbarKey Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\filescoutKey Deleted : HKCU\Software\performersoft llcKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\Tarma InstallerKey Deleted : HKLM\Software\TENCENTKey Deleted : HKLM\Software\ViewpointKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtilityKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint ManagerKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure SearchKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALLKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DeltaKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtilityKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.19475 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Google Chrome v [ File : C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [18688 octets] - [30/10/2013 16:51:06]AdwCleaner[s0].txt - [18838 octets] - [30/10/2013 16:54:24] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [18899 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013Ran by zamanmm (administrator) on ZAMANS-PC on 30-10-2013 17:15:17Running from C:\Users\zamanmm\DownloadsMicrosoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Lenovo.) C:\Windows\system32\ibmpmsvc.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe(Cisco WebEx LLC) C:\Windows\system32\atashost.exe(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Green Packet Inc.) C:\Program Files\QUBEE WCM\GPCommonService.exe(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe( ) C:\Windows\system32\lxddcoms.exe(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe(Panasonic) C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe(DEVGURU Co., LTD) C:\Windows\system32\ptumlcmsvc.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe(Lenovo.) C:\Windows\System32\TPHDEXLG.exe(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe() C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe() C:\Program Files\Common Files\Lenovo\Logger\logmon.exe(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe() C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe() C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe(Intel Corporation) C:\Windows\system32\igfxsrvc.exe(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-08-13] (Synaptics, Inc.)HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-07-10] (Analog Devices, Inc.)HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-01-09] (RealNetworks, Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [116088 2013-04-17] ()HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [RPT Msgsrv] - C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe [57344 2007-04-11] ()HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)HKCU\...\Run: [Google Update] - C:\Users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-05-05] (Google Inc.)HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-10-04] (Google Inc.)HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)HKCU\...\Winlogon: [shell] explorer.exe, <==== ATTENTION HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpadHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7SearchScopes: HKLM - {9CF68506-1165-4F58-AF48-E132E900B7A9} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIESearchScopes: HKCU - {2BF21224-6482-4BDD-9468-CBC04E43465A} URL = http://websearch.shopathome.com?user_id={A01BB326-795B-45B1-B8F2-F2C91A6D2E4C}&q={searchTerms}SearchScopes: HKCU - {9CF68506-1165-4F58-AF48-E132E900B7A9} URL = SearchScopes: HKCU - {A0C442CC-4F8D-48A6-81EF-9A9925374CAA} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBoxBHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)BHO: ShopAtHome.com Cash Back Helper - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No FileToolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR RestoreOnStartup: "urls_to_restore_on_startup": nullCHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}CHR Plugin: (Shockwave Flash) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)CHR Plugin: (Google Talk Plugin) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Move Media Player 7) - C:\Users\zamanmm\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)CHR Extension: (Coupons.com Toolbar) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0CHR Extension: (Skype Click to Call) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0CHR Extension: (Norton Identity Protection) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0CHR Extension: (Chrome In-App Payments service) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crxCHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crxCHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crxCHR StartMenuInternet: Google Chrome - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 atashost; C:\Windows\system32\atashost.exe [43912 2010-08-25] (Cisco WebEx LLC)S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)S3 GoToAssist Express Customer; C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe [161144 2010-10-12] (Citrix Online, a division of Citrix Systems, Inc.)R2 GPCommonService; C:\Program Files\QUBEE WCM\GPCommonService.exe [90112 2010-05-27] (Green Packet Inc.)R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.)R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.)R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-29] (Lenovo Group Limited)S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-07-20] (Logitech Inc.)S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-07-26] (Logitech Inc.)R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)R2 Panasonic Trap Monitor Service; C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-24] (Panasonic)R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc.exe [113168 2010-11-02] (DEVGURU Co., LTD)R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-02-06] (Lenovo Group Limited)R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM)R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)R2 tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [45056 2007-01-08] ()R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [38440 2012-06-07] (Cisco Systems, Inc.)S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [57256 2012-06-07] (Cisco Systems, Inc.)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-05] (DT Soft Ltd)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131029.002\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109592 2007-07-20] (Logitech Inc.)S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-07-20] (Logitech Inc.)R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-07-18] ()S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-07-18] (Logitech Inc.)S3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu.sys [131072 2010-05-06] (MediaTek Inc.)R2 MTKWMPROT; C:\Windows\System32\DRIVERS\mtkwmptv.sys [15360 2010-05-06] (MediaTek Inc.)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131030.001\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131030.001\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-07-06] (CACE Technologies, Inc.)R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2010-11-02] (DEVGURU Co., LTD.)S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [32123 2004-12-08] (Service & Quality Technology.)S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2007-04-10] ()S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\FRST2013-10-30 16:53 - 2013-10-30 16:53 - 01089275 _____ (Farbar) C:\Users\zamanmm\Downloads\FRST.exe2013-10-30 16:52 - 2013-10-30 16:52 - 00018688 _____ C:\Users\zamanmm\Downloads\AdwCleaner[R0].txt2013-10-30 16:51 - 2013-10-30 16:58 - 00000000 ____D C:\AdwCleaner2013-10-30 16:50 - 2013-10-30 16:50 - 01060070 _____ C:\Users\zamanmm\Downloads\AdwCleaner.exe2013-10-30 16:37 - 2013-10-30 16:37 - 00688992 ____R (Swearware) C:\Users\zamanmm\Downloads\dds.scr2013-10-23 21:33 - 2013-10-23 21:33 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Mozilla2013-10-21 18:45 - 2013-10-21 18:45 - 00002104 _____ C:\{F411E7B8-6C91-4727-99BD-BADBF052C76E}2013-10-20 07:56 - 2013-10-20 08:04 - 00000000 ____D C:\Program Files\Coupons.com CouponBar2013-10-10 10:30 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2013-10-10 10:30 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2013-10-10 10:30 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2013-10-10 10:30 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2013-10-10 10:30 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2013-10-10 10:30 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2013-10-10 10:30 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2013-10-10 10:30 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2013-10-10 10:30 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2013-10-10 10:30 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys2013-10-10 10:29 - 2013-09-23 08:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-10-10 10:29 - 2013-09-23 08:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-10-10 10:29 - 2013-09-23 08:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-10-10 10:29 - 2013-09-23 08:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2013-10-10 10:29 - 2013-09-23 08:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll2013-10-10 10:29 - 2013-09-23 08:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-10-10 10:29 - 2013-09-23 08:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-10-10 10:29 - 2013-09-23 08:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-10-10 10:29 - 2013-09-23 08:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2013-10-10 10:29 - 2013-09-23 08:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-10-10 10:29 - 2013-09-23 08:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-10-10 10:29 - 2013-09-23 08:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-10-10 10:29 - 2013-09-23 08:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2013-10-10 10:29 - 2013-09-23 08:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-10-10 10:29 - 2013-09-23 08:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-10-10 10:29 - 2013-09-23 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-10-10 10:29 - 2013-09-23 08:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-10-10 10:29 - 2013-09-23 08:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll2013-10-10 10:29 - 2013-09-23 08:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-10-10 10:29 - 2013-09-23 08:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2013-10-10 10:29 - 2013-09-23 08:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll2013-10-10 10:29 - 2013-09-23 07:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2013-10-10 10:29 - 2013-09-23 05:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-10-10 10:29 - 2013-09-23 05:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-10-10 10:29 - 2013-09-23 05:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-10-10 10:29 - 2013-09-23 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2013-10-10 10:29 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2013-10-10 10:29 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2013-10-10 10:29 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-10 10:29 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2013-10-10 10:28 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-10-10 10:27 - 2013-07-12 05:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys2013-10-10 10:27 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys2013-10-10 10:27 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys2013-10-10 10:27 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2013-10-10 10:27 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2013-10-10 10:27 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2013-10-10 10:27 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2013-10-10 10:27 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2013-10-10 10:27 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2013-10-10 10:27 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2013-10-10 10:27 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys ==================== One Month Modified Files and Folders ======= 2013-10-30 17:15 - 2012-08-13 15:35 - 00000396 ____H C:\Windows\Tasks\User_Feed_Synchronization-{DB1F06DB-C5AA-402C-8CD5-553AAD0E9856}.job2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\FRST2013-10-30 17:12 - 2008-07-18 15:44 - 01765851 _____ C:\Windows\WindowsUpdate.log2013-10-30 17:10 - 2009-07-01 10:55 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000UA.job2013-10-30 17:05 - 2008-08-01 01:18 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Skype2013-10-30 17:05 - 2008-07-18 16:30 - 06842503 _____ C:\Users\Public\Documents\AccConnAdvanced.html2013-10-30 17:01 - 2007-03-02 08:15 - 00025269 _____ C:\Windows\system32\PROCDB.INI2013-10-30 17:00 - 2013-06-03 12:12 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2013-10-30 17:00 - 2011-09-24 15:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc7aec95b5ec60.job2013-10-30 17:00 - 2007-03-02 08:15 - 00000480 _____ C:\Windows\system32\IPSCtrl.INI2013-10-30 17:00 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-30 17:00 - 2006-11-02 08:47 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-10-30 17:00 - 2006-11-02 08:47 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-10-30 16:59 - 2008-07-18 15:45 - 00002140 _____ C:\Windows\bthservsdp.dat2013-10-30 16:59 - 2006-11-02 09:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-10-30 16:58 - 2013-10-30 16:51 - 00000000 ____D C:\AdwCleaner2013-10-30 16:53 - 2013-10-30 16:53 - 01089275 _____ (Farbar) C:\Users\zamanmm\Downloads\FRST.exe2013-10-30 16:52 - 2013-10-30 16:52 - 00018688 _____ C:\Users\zamanmm\Downloads\AdwCleaner[R0].txt2013-10-30 16:50 - 2013-10-30 16:50 - 01060070 _____ C:\Users\zamanmm\Downloads\AdwCleaner.exe2013-10-30 16:49 - 2011-10-24 09:46 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-30 16:47 - 2012-04-05 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-30 16:38 - 2013-06-17 16:53 - 00024125 _____ C:\Users\zamanmm\Desktop\dds.txt2013-10-30 16:38 - 2013-06-17 16:53 - 00019041 _____ C:\Users\zamanmm\Desktop\attach.txt2013-10-30 16:37 - 2013-10-30 16:37 - 00688992 ____R (Swearware) C:\Users\zamanmm\Downloads\dds.scr2013-10-30 15:53 - 2006-11-02 09:00 - 00745240 _____ C:\Windows\PFRO.log2013-10-30 15:44 - 2012-08-14 17:12 - 00452608 _____ C:\Windows\system32\TPAPSLOG.LOG2013-10-30 08:10 - 2011-10-18 15:02 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000Core1cc8dc88cb16ea1.job2013-10-29 10:47 - 2008-07-18 16:12 - 00000000 ____D C:\SWSHARE2013-10-27 08:51 - 2011-04-14 14:23 - 00000000 ____D C:\Users\zamanmm\AppData\Local\CrashDumps2013-10-23 21:33 - 2013-10-23 21:33 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Mozilla2013-10-21 18:45 - 2013-10-21 18:45 - 00002104 _____ C:\{F411E7B8-6C91-4727-99BD-BADBF052C76E}2013-10-20 08:04 - 2013-10-20 07:56 - 00000000 ____D C:\Program Files\Coupons.com CouponBar2013-10-20 08:01 - 2012-04-07 14:53 - 00000000 ____D C:\Program Files\Coupons2013-10-18 22:01 - 2008-08-01 01:17 - 00000000 ____D C:\ProgramData\Skype2013-10-18 22:00 - 2010-04-03 14:18 - 00000000 ___RD C:\Program Files\Skype2013-10-18 16:46 - 2009-05-05 15:51 - 00002103 _____ C:\Users\zamanmm\Desktop\Google Chrome.lnk2013-10-15 21:23 - 2008-09-09 14:54 - 00002587 _____ C:\Users\zamanmm\Desktop\Microsoft Office Word 2007.lnk2013-10-15 12:21 - 2011-03-18 11:12 - 00024361 _____ C:\Windows\setupact.log2013-10-11 17:01 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-10-11 16:50 - 2006-11-02 06:33 - 00784006 _____ C:\Windows\system32\PerfStringBackup.INI2013-10-11 16:40 - 2006-11-02 08:47 - 00409200 _____ C:\Windows\system32\FNTCACHE.DAT2013-10-11 16:39 - 2008-08-13 15:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-11 16:33 - 2008-09-23 10:54 - 00029509 _____ C:\Windows\system32\lvcoinst.log2013-10-10 11:11 - 2008-09-09 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-10 11:04 - 2013-07-31 10:01 - 00000000 ____D C:\Windows\system32\MRT2013-10-10 10:50 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2013-10-09 08:48 - 2012-04-05 10:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2013-10-09 08:48 - 2011-06-08 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2013-10-02 16:43 - 2012-10-31 14:19 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys ZeroAccess:C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde ZeroAccess:C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde ZeroAccess:C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@ Files to move or delete:====================C:\Users\zamanmm\dg3rviae081105.exeC:\Users\zamanmm\pg3rae100902.exe Some content of TEMP:====================C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-30 17:07 ==================== End Of Log ============================ Addition.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19475 BrowserJavaVersion: 10.25.2Run by zamanmm at 16:37:40 on 2013-10-30Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3061.1266 [GMT -4:00].AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\ibmpmsvc.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Windows\system32\SLsvc.exeC:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Windows\system32\IPSSVC.EXEC:\Program Files\LENOVO\HOTKEY\tposdsvc.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Windows\system32\AEADISRV.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\atashost.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\QUBEE WCM\GPCommonService.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\system32\lxddcoms.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exeC:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exeC:\Windows\system32\ptumlcmsvc.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Windows\System32\TPHDEXLG.exeC:\Program Files\Lenovo\Client Security Solution\tvttcsd.exeC:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exeC:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exec:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\Zoom\TpScrex.exeC:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Lenovo\System Update\SUService.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\Program Files\Common Files\Lenovo\Logger\logmon.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exec:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\AVG Secure Search\vprot.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\DllHost.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeC:\Program Files\Internet Explorer\IELowutil.exeC:\Program Files\Internet Explorer\IELowutil.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\IELowutil.exeC:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuProxyOverride = localhost;*.localuWinlogon: Shell = explorer.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dllBHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.4.0.40\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dllBHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\coupons.com couponbar\tbcore3.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dllTB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dllTB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dlluRun: [Google Update] "c:\users\zamanmm\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorunuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunmRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [shopAtHomeWatcher] c:\users\zamanmm\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [RPT Msgsrv] "c:\program files\panasonic\panasonic-dms\rpt network printer port\Msgsrv.exe" /NRPT Network Printer /SmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\jobsta~1.lnk - c:\program files\panasonic\panasonic-dms\lrecvtrap\LRecvTrap.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.1TCP: Interfaces\{803FC278-F797-4213-9E4F-829AE9D9FD55} : DHCPNameServer = 180.234.0.193 180.234.0.197TCP: Interfaces\{C9697EE0-222B-4F23-A61D-0A5C7B10426B} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{CFFA5286-0D07-40C6-BABC-811702F106B0} : DHCPNameServer = 180.234.0.193 180.234.0.197TCP: Interfaces\{D3510E5F-6489-45C4-9374-CA9B3DDA2BC9} : DHCPNameServer = 180.234.0.193 180.234.0.197TCP: Interfaces\{DB3C85D0-8D16-468C-8E13-33AFE808BDA4} : DHCPNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\240\g2ax_winlogon.dllNotify: igfxcui - igfxdev.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgHosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-11 367704]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-11 934488]R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-31 37664]R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20131022.001\BHDrvx86.sys [2013-10-22 1096280]R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-11 134744]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-5 242240]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20131029.002\IDSvix86.sys [2013-10-30 393816]R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-7-23 13680]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-11 175264]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-11 352344]R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-25 43912]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-8 21504]R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-2-29 90112]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-7-23 127336]R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-2-29 15360]R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.4.0.40\ccsvchst.exe [2013-6-11 144368]R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2013-4-7 195840]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-7-6 35088]R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-9-14 113168]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-3 1153368]R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-7-23 131432]R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-7-23 142696]R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-6-7 478712]R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-27 108120]R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-7-23 101736]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-6-28 38440]S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-6-7 57256]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\240\g2ax_service.exe [2010-10-12 161144]S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-2-29 131072]S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-9-14 59664]S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-9-14 168208]S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-9-14 168208]S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-9-14 168848]S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-9-14 168208]S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-10-3 10112]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856].=============== Created Last 30 ================.2013-10-20 11:56:01 -------- d-----w- c:\program files\Coupons.com CouponBar2013-10-10 14:30:28 798208 ----a-w- c:\windows\system32\FntCache.dll2013-10-10 14:30:28 1069056 ----a-w- c:\windows\system32\DWrite.dll2013-10-10 14:30:27 683008 ----a-w- c:\windows\system32\d2d1.dll2013-10-10 14:30:27 486400 ----a-w- c:\windows\system32\d3d10level9.dll2013-10-10 14:30:27 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2013-10-10 14:30:27 189952 ----a-w- c:\windows\system32\d3d10core.dll2013-10-10 14:30:27 160768 ----a-w- c:\windows\system32\d3d10_1.dll2013-10-10 14:30:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2013-10-10 14:30:27 1029120 ----a-w- c:\windows\system32\d3d10.dll2013-10-10 14:30:20 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2013-10-10 14:28:57 2050048 ----a-w- c:\windows\system32\win32k.sys2013-10-10 14:27:54 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-10-10 14:27:53 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-10-10 14:27:53 6016 ----a-w- c:\windows\system32\drivers\usbd.sys2013-10-10 14:27:53 226304 ----a-w- c:\windows\system32\drivers\usbport.sys2013-10-10 14:27:52 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-10-10 14:27:52 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-10-10 14:27:40 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys2013-10-10 14:27:22 293376 ----a-w- c:\windows\system32\atmfd.dll2013-10-10 14:27:20 34304 ----a-w- c:\windows\system32\atmlib.dll2013-10-10 14:27:06 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys2013-10-10 14:27:06 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys.==================== Find3M ====================.2013-10-09 12:48:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-09 12:48:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-02 20:43:01 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-09-23 12:57:49 916992 ----a-w- c:\windows\system32\wininet.dll2013-09-23 12:51:49 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-09-23 12:51:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2013-09-23 12:51:07 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-09-23 12:51:06 71680 ----a-w- c:\windows\system32\iesetup.dll2013-09-23 12:49:22 18944 ----a-w- c:\windows\system32\corpol.dll2013-09-23 11:14:03 385024 ----a-w- c:\windows\system32\html.iec2013-09-23 09:29:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe2013-09-23 09:27:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb2013-08-03 00:48:28 440704 ----a-w- c:\windows\CouponPrinter.ocx2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL.============= FINISH: 16:38:36.48 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume2Install Date: 7/18/2008 3:45:52 PMSystem Uptime: 10/30/2013 3:53:04 PM (1 hours ago).Motherboard: LENOVO | | 76591PUProcessor: Intel® Core2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 68 GiB total, 6.455 GiB free.D: is CDROM (CDFS)E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Tun Miniport AdapterDevice ID: ROOT\*TUNMP\0001Manufacturer: MicrosoftName: Teredo Tunneling Pseudo-InterfacePNP Device ID: ROOT\*TUNMP\0001Service: tunmp.Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000Service: .Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000Service: .Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000Service: .Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for WindowsDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for WindowsPNP Device ID: ROOT\NET\0000Service: vpnva.==== System Restore Points ===================.RP1887: 10/30/2013 10:00:13 AM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components Installer4500_G510nz_Help4500G510nz4500G510nz_Software_Min7-Zip 9.22betaAccess HelpAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.5Apple Application SupportApple Mobile Device SupportApple Software UpdateAVG Security ToolbarBonjourBrother P-touch Address Book 1.1Brother P-touch Editor 5.0Brother P-touch SoftwareBrother QL-570 User's GuideBufferChmBusiness Contact Manager for Outlook 2007 SP2Canon MP Navigator 2.2Canon MP530Canon MP530 User RegistrationCanon Utilities Easy-PhotoPrintCisco AnyConnect Secure Mobility ClientCisco AnyConnect Secure Mobility Client Client Security SolutionCoupon Printer for WindowsCouponBarD3DX10DAEMON Tools LiteDestinationsDeviceDiscoveryDocMgrDocProcDownload Updater (AOL LLC)EPSON Printer SoftwareEPSON ScanFaxgetPlus® for AdobeGoogle ChromeGoogle EarthGoogle Talk (remove only)Google Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperGoogle UpdaterGoToAssist Customer 1.5.0.240GPBaseService2Help CenterHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 13.0HP Document Manager 2.0HP Imaging Device Functions 13.0HP LaserJet P2030 SeriesHP Officejet 4500 G510n-zHP Smart Web Printing 4.5HP Solution Center 13.0HP UpdateHPProductAssistanthppusgP2030HPSSupplyHyper Electronics Mappers UtilitiesIntel® Graphics Media Accelerator DriverIntel® PRO Network Connections DriversiTunesJava 7 Update 25Java Auto UpdaterJava 6 Update 29Java 6 Update 7Java SE Runtime Environment 6JavaFX 2.1.1Junk Mail filter updateLenovo Auto Scroll UtilityLenovo Patch UtilityLenovo Power Management DriverLenovo RegistrationLenovo System Interface DriverLenovo ThinkVantage ToolboxLivestationLogitech Desktop MessengerLogitech Print ServiceLogitech QuickCamLogitech UpdaterLogitech Webcam SoftwareLogitech® Camera DriverMaintenance ManagerMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMavis Beacon Teaches Typing 18Message Center PlusMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Accounting 2008Microsoft Office Accounting 2008 Equifax AddinMicrosoft Office Accounting 2008 Fixed Asset ManagerMicrosoft Office Accounting 2008 PayPal AddinMicrosoft Office Accounting ADP Payroll AddinMicrosoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Live Add-in 1.5Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Small Business Connectivity ComponentsMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server 2005 Tools Express EditionMicrosoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft VC9 runtime librariesMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Move Media PlayerMrvlUsgTrackingMSVCRTMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MVisionMyDsc2NETGEAR GenieNetworkNorton 360 Premier EditionOCR Software by I.R.I.S. 13.0Octoshape add-in for Adobe Flash PlayerOn Screen DisplayPanasonic Job Status UtilityPanasonic Printer DriversPanasonic Printing SystemPanasonic RPT Network Printer PortPanasonic Windows Firewall Setting ToolPANTECH UML290Picasa 3Presentation DirectorProductivity Center Supplement for ThinkPadQUBEE WiMAX Connection ManagerQuick Logo Designer 5.0RealPlayerRegistry patch for Windows Vista USB S3 PM EnablementRegistry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows VistaRescue and RecoveryRhapsody Player EngineRSA SecurID Software Token 1.0.1 for Web SDKScanSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Segoe UIShop for HP SuppliesShopAtHome.com HelperShopAtHome.com ToolbarSkype Click to CallSkype™ 6.9SmartWebPrintingSolutionCenterSoundMAXSpotifySpybot - Search & DestroyStatusSystem Migration AssistantSystem UpdateTeleTracker OnlineThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900ThinkPad EasyEject Utility ThinkPad FullScreen MagnifierThinkPad Mobility Center CustomizationThinkPad ModemThinkPad Power ManagerThinkPad UltraNav DriverThinkPad UltraNav UtilityThinkpad Wireless LAN Adapters Software (11a/b/g/n)ThinkVantage Access ConnectionsThinkVantage Active Protection SystemThinkVantage Productivity CenterThinkVantage Technologies Welcome MessageToolboxTrayAppUltimate Media PlayerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VerizonWirelessVideoPerformerVZAccess ManagerWallpapersWebCam for MSN MessengerWebExWebRegWindows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0)Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)Windows Driver Package - Lenovo (IBMPMDRV) System (02/27/2007 1.42)Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)Windows Driver Package - Ricoh Company (rismxdp) hdc (11/18/2006 6.00.01.05)Windows Driver Package - Ricoh Company MMC Host Controller (11/14/2006 6.00.01.04)Windows Firewall Setting ToolWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWorthware - CellSell H.A.C.I. Thin-Client (162).==== Event Viewer Messages From Past Week ========.10/30/2013 5:54:25 AM, Error: Microsoft-Windows-TBS [516] - An error occurred while communicating with the TPM. The driver returned 0x8007045d.10/30/2013 4:01:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.10/30/2013 4:00:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.10/30/2013 3:57:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.10/30/2013 3:57:20 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/30/2013 3:54:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.10/30/2013 3:54:48 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.10/30/2013 3:54:45 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.10/30/2013 10:05:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).10/30/2013 10:01:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).10/30/2013 1:23:56 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.10/30/2013 1:21:13 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.10/30/2013 1:18:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.10/30/2013 1:18:47 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/30/2013 1:18:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}10/30/2013 1:14:38 PM, Error: EventLog [6008] - The previous system shutdown at 11:27:48 AM on 10/30/2013 was unexpected.10/29/2013 10:25:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.10/29/2013 10:23:23 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.10/29/2013 10:18:34 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network.10/26/2013 11:42:02 AM, Error: TPM [13] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer..==== End Of File ===========================

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 21:50:58 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Elahi - ELAHI-PC # Boot Mode : Normal # Running from : C:\Users\Elahi\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Elahi\AppData\Local\Temp\Searchqu.ini File Found : C:\Users\Elahi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility Folder Found : C:\Program Files (x86)\Searchqu Toolbar Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\Elahi\AppData\Local\Ilivid Folder Found : C:\Users\Elahi\AppData\LocalLow\boost_interprocess ***** [Registry] ***** Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Key Found : HKU\S-1-5-21-447736034-3068292486-3521329373-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Elahi\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.15] : homepage = "hxxp://www.searchnu.com/421", Found [l.1633] : homepage = "hxxp://www.searchnu.com/421", -\\ Opera v12.12.1707.0 File : C:\Users\Elahi\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [3579 octets] - [05/01/2013 21:50:58] ########## EOF - C:\AdwCleaner[R1].txt - [3639 octets] ##########

argh, i hit delete here is the report if it helps any. do not see any change in chrome. RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Elahi [Admin rights] Mode : Remove -- Date : 01/05/2013 20:45:14 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BPKT-24PK4T0 +++++ --- User --- [MBR] 3c46450a4a303c2cbaec684edd621438 [bSP] 542738b89dd357cbdee61d3f44d1bb48 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01052013_02d2045.txt >> RKreport[1]_S_01052013_02d2044.txt ; RKreport[2]_D_01052013_02d2045.txt

hi I am zamanmm. forgot my username/pw and lost my uncles email pw so i can't retrieve the forum pw. anyway this issue is my own and has nothing to do with the computers at my uncles business. I had searchnu installed on my comp and i uninstalled it and i thought it was gone but it seems it has hijacked my browsers new tab page. google is the default search engine. i am using windows 7. here are the logs. thanks for your help. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.05.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Elahi :: ELAHI-PC [administrator] 1/4/2013 9:59:43 PM mbam-log-2013-01-04 (21-59-43).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 443319 Time elapsed: 1 hour(s), 2 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by Elahi at 23:38:45 on 2013-01-04 #Option Extended Search is enabled. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1593 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\windows\system32\mfevtps.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Elahi\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Users\Elahi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\rundll32.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\calc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\notepad.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN mStart Page = hxxp://lenovo.msn.com uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121212165102.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uRun: [Facebook Update] "C:\Users\Elahi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [spotify Web Helper] "C:\Users\Elahi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [snp2uvc] C:\windows\vsnp2uvc.exe mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{0FF2FCE5-68DA-48E8-B4B6-A4FD5A836EA6} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{6BF93E0C-C7D1-4B94-9CC5-C1857A9C5459} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{6BF93E0C-C7D1-4B94-9CC5-C1857A9C5459}\A716D616E613935333 : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll C:\PROGRA~3\Wincert\WIN32C~1.DLL SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://lenovo.msn.com x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20121212165058.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2012-10-9 57952] R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-10-9 39008] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 771096] R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 339776] R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-26 30056] R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2012-10-9 13408] R1 winioex;winioex;C:\windows\System32\drivers\winioex.sys [2012-10-9 15456] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-9 13336] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-11-30 72216] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-10-9 241016] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-10-9 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-10-9 177680] R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-5 65657] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-9 2656280] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792] R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 69672] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088] R3 DelayMan;ACPI DelayMan Filter Service;C:\windows\System32\drivers\delayman.sys [2012-10-9 20064] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-19 342528] R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-10-9 174168] R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2012-10-9 17880] R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2012-10-9 57816] R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2012-10-9 32088] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2011-5-9 425000] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 309400] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 515528] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-11-18 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 15928] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944] S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2012-6-7 107432] S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-10-9 437288] S3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\System32\drivers\btwdpan.sys [2012-10-9 89640] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-10-9 39976] S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-10-26 196440] S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-10-9 225216] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 106112] S3 motandroidusb;Mot ADB Interface Driver;C:\windows\System32\drivers\motoandroid.sys [2009-7-10 31744] S3 motccgp;Motorola USB Composite Device Driver;C:\windows\System32\drivers\motccgp.sys [2012-6-11 22016] S3 motccgpfl;MotCcgpFlService;C:\windows\System32\drivers\motccgpfl.sys [2012-1-25 9728] S3 MotDev;Motorola Inc. USB Device;C:\windows\System32\drivers\motodrv.sys [2009-5-8 53632] S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\System32\drivers\Motousbnet.sys [2012-6-8 27136] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-27 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736] S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 60 ================ . 2013-01-05 02:40:15 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Malwarebytes 2013-01-05 02:40:03 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-05 02:40:00 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-01-05 02:40:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-05 02:39:23 -------- d-----w- C:\Users\Elahi\AppData\Local\Programs 2013-01-05 02:30:11 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3D14140-420A-4670-9C77-4AB71706DA9F}\mpengine.dll 2012-12-31 02:31:09 -------- d-----w- C:\Users\Elahi\AppData\Local\DDMSettings 2012-12-27 02:03:04 -------- d-----w- C:\Users\Elahi\AppData\Local\{37AF441E-D763-429A-BB52-17BA1634FF32} 2012-12-27 02:02:42 -------- d-----w- C:\Users\Elahi\AppData\Local\{16B717A6-55C0-49D5-B4EF-9A336DAB5707} 2012-12-23 08:40:35 -------- d--h--w- C:\windows\msdownld.tmp 2012-12-23 08:40:35 -------- d-----w- C:\windows\SysWow64\directx 2012-12-22 08:00:15 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-22 08:00:14 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-22 08:00:14 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-22 08:00:14 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-20 14:46:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-20 14:46:23 -------- d-----w- C:\Program Files\iTunes 2012-12-20 14:46:23 -------- d-----w- C:\Program Files\iPod 2012-12-20 14:46:23 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-13 00:51:54 -------- d-----w- C:\Users\Elahi\AppData\Local\Diagnostics 2012-12-12 08:58:45 -------- d-----w- C:\Program Files\AutoHotkey 2012-12-12 04:28:32 -------- d-----w- C:\ProgramData\Browser Manager 2012-12-12 04:06:28 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-12-12 04:06:28 2048 ----a-w- C:\windows\System32\tzres.dll 2012-12-12 04:04:04 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-12-12 04:04:04 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-12-12 01:51:06 200704 ----a-w- C:\windows\SysWow64\vbalExpBar6.ocx 2012-12-12 01:50:58 115920 ----a-w- C:\windows\SysWow64\msinet.OCX 2012-12-12 01:50:57 40960 ----a-w- C:\windows\SysWow64\SSubTmr6.dll 2012-12-12 01:50:57 15360 ----a-w- C:\windows\SysWow64\inetfr.DLL 2012-12-12 01:50:56 484352 ----a-w- C:\windows\SysWow64\lame_enc.dll 2012-12-12 01:50:56 -------- d-----w- C:\Users\Elahi\AppData\Roaming\FreeBurner 2012-12-12 01:50:56 -------- d-----w- C:\ProgramData\Wincert 2012-12-12 01:50:51 -------- d-----w- C:\ProgramData\boost_interprocess 2012-12-12 01:50:49 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar 2012-12-12 01:50:19 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner 2012-12-12 01:45:54 397312 ----a-w- C:\windows\SysWow64\TubeFinder.exe 2012-12-12 01:45:53 9728 ----a-w- C:\windows\SysWow64\PCCLPFR.DLL 2012-12-12 01:45:53 84512 ----a-w- C:\windows\SysWow64\PICCLP32.OCX 2012-12-12 01:45:53 364544 ----a-w- C:\windows\SysWow64\PropertyGrid.ocx 2012-12-12 01:45:53 141312 ----a-w- C:\windows\SysWow64\MSCMCFR.DLL 2012-12-12 01:45:53 119568 ----a-w- C:\windows\SysWow64\VB6FR.DLL 2012-12-12 01:45:53 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx 2012-12-12 01:45:53 101888 ----a-w- C:\windows\SysWow64\VB6STKIT.DLL 2012-12-12 01:45:52 32768 ----a-w- C:\windows\SysWow64\CMDLGFR.DLL 2012-12-12 01:45:52 24576 ----a-w- C:\windows\SysWow64\ControlSubX.ocx 2012-12-12 01:45:52 152848 ----a-w- C:\windows\SysWow64\COMDLG32.OCX 2012-12-12 01:45:51 -------- d-----w- C:\Users\Elahi\AppData\Roaming\FreeFLVConverter 2012-12-12 01:44:57 -------- d-----w- C:\Users\Elahi\AppData\Local\iLivid 2012-12-12 01:44:57 -------- d-----w- C:\Program Files (x86)\Free FLV Converter 2012-12-11 09:16:27 -------- d-----w- C:\Users\Elahi\AppData\Roaming\KSCraft 2012-12-11 09:16:16 -------- d-----w- C:\Program Files (x86)\Kort's Spellcraft Calculator 2012-12-11 02:37:54 -------- d-----w- C:\Program Files (x86)\GearBunnies 2012-12-09 08:20:33 -------- d-----w- C:\Users\Elahi\AppData\Roaming\DaocTB 2012-12-09 08:20:22 -------- d-----w- C:\Program Files (x86)\DAOC-Charplan 2012-12-09 07:57:28 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Electronic Arts 2012-12-06 01:45:53 -------- d-----w- C:\Program Files (x86)\Motorola Mobility 2012-12-06 01:45:53 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap 2012-12-02 02:52:58 -------- d-----w- C:\Users\Elahi\AppData\Local\{CFD65AB0-4155-4465-8E29-ED18C085E79A} 2012-12-02 00:45:18 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Xfire 2012-12-02 00:44:27 -------- d-----w- C:\ProgramData\Xfire 2012-12-02 00:44:24 -------- d-----w- C:\Program Files (x86)\Xfire 2012-12-01 08:15:31 -------- d-----w- C:\ProgramData\Symantec 2012-12-01 08:15:18 -------- d-----w- C:\ProgramData\Norton 2012-12-01 08:15:15 -------- d-----w- C:\ProgramData\NortonInstaller 2012-12-01 03:21:24 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn Rescue Applet 2012-12-01 02:38:17 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn Rescue 2012-12-01 02:36:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Rescue Technician Console 2012-11-30 23:17:55 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn 2012-11-30 23:17:52 60328 ----a-w- C:\windows\System32\Spool\prtprocs\x64\LMIproc.dll 2012-11-30 23:17:52 35240 ----a-w- C:\windows\System32\LMIport.dll 2012-11-30 23:17:51 88008 ----a-w- C:\windows\System32\LMIRfsClientNP.dll 2012-11-30 23:17:51 72216 ----a-w- C:\windows\System32\drivers\LMIRfsDriver.sys 2012-11-30 23:17:50 83880 ----a-w- C:\windows\System32\LMIinit.dll 2012-11-30 23:17:49 -------- d-----w- C:\ProgramData\LogMeIn 2012-11-30 23:17:43 -------- d-----w- C:\Program Files (x86)\LogMeIn 2012-11-30 06:03:39 -------- d-----w- C:\Users\Elahi\AppData\Roaming\thriXXX 2012-11-29 21:48:54 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Utherverse 2012-11-29 17:52:01 -------- d-----w- C:\Users\Elahi\AppData\Local\{DFDA83EF-05C4-4C1F-AB8B-439EC42133DE} 2012-11-29 05:38:45 -------- d-----w- C:\Program Files (x86)\Utherverse Digital Inc 2012-11-26 02:55:02 -------- d-----w- C:\ProgramData\Synaptics 2012-11-26 02:52:04 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Synaptics 2012-11-24 23:16:44 -------- d-----w- C:\Users\Elahi\AppData\Local\Apps 2012-11-24 23:16:43 -------- d-----w- C:\Users\Elahi\AppData\Local\Deployment 2012-11-24 10:43:28 -------- d-----w- C:\Users\Elahi\AppData\Roaming\qliner 2012-11-18 17:01:09 -------- d-----w- C:\Users\Elahi\AppData\Local\{04E99714-A77B-4EBB-9449-95F304198793} 2012-11-16 02:30:30 42440 ----a-w- C:\windows\SysWow64\xfcodec.dll 2012-11-16 02:30:28 28104 ----a-w- C:\windows\System32\xfcodec64.dll 2012-11-14 05:14:39 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-14 05:14:39 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-14 05:14:39 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-14 05:14:39 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-14 05:11:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\DSETUP.dll 2012-11-14 05:11:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\DXSETUP.exe 2012-11-14 05:11:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\dsetup32.dll 2012-11-14 05:11:04 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\DSETUP.dll 2012-11-14 05:11:04 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\DXSETUP.exe 2012-11-14 05:11:04 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\dsetup32.dll 2012-11-14 05:10:55 -------- d-----w- C:\Users\Elahi\AppData\Local\Windows Live 2012-11-14 05:09:57 -------- d-----w- C:\Users\Elahi\AppData\Local\{BF9E77AE-AA03-4087-850C-A668DCCBFAB0} 2012-11-14 05:09:43 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Windows Live Writer 2012-11-14 05:09:43 -------- d-----w- C:\Users\Elahi\AppData\Local\Windows Live Writer 2012-11-14 05:08:02 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-14 05:08:02 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-14 05:08:02 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-14 05:08:02 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-14 05:08:02 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-11-14 05:08:02 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-14 05:08:02 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-13 20:29:04 354216 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl 2012-11-09 10:02:56 -------- d-----w- C:\Users\Elahi\AppData\Local\Cisco 2012-11-09 10:02:36 -------- d-----w- C:\ProgramData\Cisco 2012-11-06 16:19:58 539960 ----a-w- C:\windows\SysWow64\SynCOM.dll 2012-11-06 16:19:24 461624 ----a-w- C:\windows\System32\drivers\SynTP.sys 2012-11-06 16:19:24 229176 ----a-w- C:\windows\System32\SynTPAPI.dll 2012-11-06 16:19:22 177976 ----a-w- C:\windows\System32\SynTPCo14.dll 2012-11-06 16:19:22 113976 ----a-w- C:\windows\SysWow64\SynTPCOM.dll . ==================== Find6M ==================== . 2012-12-12 07:40:41 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 07:40:41 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-11-26 02:46:44 1048376 ----a-w- C:\windows\System32\SynCOM.dll 2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 11:40:24 69672 ----a-w- C:\windows\System32\drivers\cfwids.sys 2012-11-09 11:37:42 339776 ----a-w- C:\windows\System32\drivers\mfewfpk.sys 2012-11-09 11:37:30 177680 ----a-w- C:\windows\System32\mfevtps.exe 2012-11-09 11:36:40 10288 ----a-w- C:\windows\System32\drivers\mfeclnk.sys 2012-11-09 11:36:30 106112 ----a-w- C:\windows\System32\drivers\mferkdet.sys 2012-11-09 11:35:50 771096 ----a-w- C:\windows\System32\drivers\mfehidk.sys 2012-11-09 11:34:58 515528 ----a-w- C:\windows\System32\drivers\mfefirek.sys 2012-11-09 11:34:18 309400 ----a-w- C:\windows\System32\drivers\mfeavfk.sys 2012-11-09 11:33:58 178840 ----a-w- C:\windows\System32\drivers\mfeapfk.sys 2012-11-03 01:40:28 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys 2012-10-27 01:17:08 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-27 01:17:07 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-10-27 01:17:07 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll 2012-10-09 23:29:55 512 ----a-w- C:\windows\current.bin 2012-10-09 23:27:44 512 ----a-w- C:\windows\previous.bin 2012-10-09 23:25:32 21 ----a-w- C:\windows\System32\kk.cmd 2012-10-09 23:24:09 39008 ----a-w- C:\windows\System32\drivers\LhdX64.sys 2012-10-09 23:24:09 19872 ----a-w- C:\windows\System32\LenovoSDKEmSubSystem.dll 2012-10-09 23:24:07 29792 ----a-w- C:\windows\System32\drivers\AcpiVpc.sys 2012-10-09 23:22:06 57952 ----a-w- C:\windows\System32\drivers\fbfmon.sys 2012-10-09 23:22:06 44896 ----a-w- C:\windows\System32\FbDefrag.exe 2012-10-09 23:22:06 15968 ----a-w- C:\windows\System32\NFbfmon.dll 2012-10-09 23:22:06 13408 ----a-w- C:\windows\System32\drivers\BPntDrv.sys 2012-10-09 23:14:18 87392 ----a-w- C:\windows\SysWow64\LenovoRIC.interface.dll 2012-10-09 23:14:18 83296 ----a-w- C:\windows\SysWow64\GetASData.dll 2012-10-09 23:14:18 82944 ----a-w- C:\windows\System32\LenovoRIC.interface.dll 2012-10-09 23:14:18 80480 ----a-w- C:\windows\SysWow64\WinIoEx.dll 2012-10-09 23:14:18 74240 ----a-w- C:\windows\System32\GetASData.dll 2012-10-09 23:14:18 58720 ----a-w- C:\windows\SysWow64\LenovoRIC.stub.dll 2012-10-09 23:14:18 557056 ----a-w- C:\windows\System32\LenovoRIC.stub.dll 2012-10-09 23:14:18 2353152 ----a-w- C:\windows\System32\ColorBlindnessDLL.dll 2012-10-09 23:14:18 20064 ----a-w- C:\windows\System32\drivers\delayman.sys 2012-10-09 23:14:18 1771872 ----a-w- C:\windows\SysWow64\ColorBlindnessDLL.dll 2012-10-09 23:14:18 15456 ----a-w- C:\windows\System32\drivers\winioex.sys 2012-10-09 23:14:18 15456 ----a-w- C:\windows\System32\codelayman.dll 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-10-02 19:51:15 3536817 ----a-w- C:\windows\System32\nvcoproc.bin 2012-10-02 19:51:11 3293544 ----a-w- C:\windows\System32\nvsvc64.dll 2012-10-02 19:51:04 6200680 ----a-w- C:\windows\System32\nvcpl.dll 2012-10-02 19:50:57 891240 ----a-w- C:\windows\System32\nvvsvc.exe 2012-10-02 19:50:57 866664 ----a-w- C:\windows\System32\nv3dappshext.dll 2012-10-02 19:50:57 63336 ----a-w- C:\windows\System32\nvshext.dll 2012-10-02 19:50:57 55144 ----a-w- C:\windows\System32\nv3dappshextr.dll 2012-10-02 19:50:57 2557800 ----a-w- C:\windows\System32\nvsvcr.dll 2012-10-02 19:50:57 118120 ----a-w- C:\windows\System32\nvmctray.dll 2012-10-02 19:50:56 440168 ----a-w- C:\windows\SysWow64\oemdspif.dll 2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll 2012-09-18 09:32:44 55096 ----a-w- C:\windows\System32\LMouFiltCoInst.dll 2012-09-18 09:32:32 75064 ----a-w- C:\windows\System32\drivers\LHidFilt.Sys . ============= FINISH: 23:39:35.04 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/26/2012 4:22:34 PM System Uptime: 1/4/2013 9:57:45 PM (2 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 339.165 GiB free. D: is FIXED (NTFS) - 29 GiB total, 25.624 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 9.21 7-Zip 9.22beta Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update AutoHotkey 1.1.09.00 Bonjour Broadcom Gigabit NetLink Controller Broadcom InConcert Maestro Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Curse Client D3DX10 DAOC-Charplan Dark Age of Camelot Diablo III DivX Setup Download Updater (AOL LLC) Energy Management eReg Facebook Video Calling 1.2.0.287 Free Easy Burner V 5.1 Free FLV Converter V 7.5.0 GearBunnyX and Classic 1.102 Google Chrome Google Update Helper iLivid Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Wireless Display InterActual Player iTunes Java 7 Update 9 Java Auto Updater JMicron Flash Media Controller Driver Junk Mail filter update Kort's Spellcraft Calculator Lenovo Bluetooth with Enhanced Data Rate Software Lenovo EasyCamera Lenovo EE Boot Optimizer Lenovo Games Console Lenovo OneKey Recovery Lenovo R.I.C. (Robust Intelligent Companion) Lenovo YouCam Logitech SetPoint 6.50 LogMeIn LogMeIn Rescue Technician Console Malwarebytes Anti-Malware version 1.70.0.1100 Mathematica Extras 8.0 (2063897) McAfee AntiVirus Plus Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Motorola Device Manager Motorola Device Software Update Motorola Mobile Drivers Installation 5.9.0 MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA PhysX NVIDIA PhysX System Software 9.12.0604 NVIDIA Update 1.10.8 NVIDIA Update Components Onekey Theater ooVoo Opera 12.12 Power2Go Realtek High Definition Audio Driver Red Light Center 3D Client Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Shared C Run-time for x64 Skype™ 6.0 Spotify SRS Control Panel Steam Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) UserGuide VC80CRTRedist - 8.0.50727.6195 Ventrilo Client for Windows x64 VeriFace Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988) World of Warcraft Xfire . ==== Event Viewer Messages From Past Week ======== . 1/4/2013 12:10:39 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 1/4/2013 12:10:39 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 1/4/2013 10:00:55 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 1/4/2013 10:00:55 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. . ==== End Of File ===========================