[Delta Search -- Help!]

This scan took a while lol.

 

 

 

C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar113.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC2.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage62.zip Win32/Bagle.gen.zip worm

C:\AdwCleaner\Quarantine\C\Program Files\file scout\filescout.exe.vir a variant of Win32/FileScout.A application cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar113.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage62.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Users\zamanmm\AppData\Local\ea2d680b-f8b8-4c94-bac3-4eba027033fb.crx JS/Redirector.NCG trojan deleted - quarantined

[Delta Search -- Help!]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013

Ran by zamanmm at 2013-10-30 18:18:01 Run:1

Running from C:\Users\zamanmm\Downloads

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [116088 2013-04-17] ()

C:\Users\zamanmm\AppData\Roaming\ShopAtHome

HKCU\...\Winlogon: [shell] explorer.exe, <==== ATTENTION 

HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com

BHO: ShopAtHome.com Cash Back Helper - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File

C:\Program Files\Coupons.com CouponBar

Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde

C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@

C:\Users\zamanmm\dg3rviae081105.exe

C:\Users\zamanmm\pg3rae100902.exe

C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe

End

 

 

 

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => Value deleted successfully.

C:\Users\zamanmm\AppData\Roaming\ShopAtHome => Moved successfully.

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F} => Key deleted successfully.

HKCR\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Value deleted successfully.

HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key deleted successfully.

C:\Program Files\Coupons.com CouponBar => Moved successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully.

HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Value deleted successfully.

HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully.

HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key not found.

C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde => Directory moved successfully.

C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde => Deleted successfully.

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde} => Moved successfully.

"C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@" => File/Directory not found.

C:\Users\zamanmm\dg3rviae081105.exe => Moved successfully.

C:\Users\zamanmm\pg3rae100902.exe => Moved successfully.

C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe => Moved successfully.

 

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.30.07

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19475

zamanmm :: ZAMANS-PC [administrator]

 

10/30/2013 6:20:30 PM

mbam-log-2013-10-30 (18-20-30).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234797

Time elapsed: 11 minute(s), 41 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 Results of screen317's Security Check version 0.99.75  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 8 Out of date! 

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

Norton 360 Premier Edition   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 MVPS Hosts File  

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 6 Update 29  

 Java 7 Update 25  

 Java SE Runtime Environment 6 

 Java 6 Update 7  

 Java version out of Date! 

 Adobe Flash Player 11.9.900.117  

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbam.exe  

 Spybot Teatimer.exe is disabled! 

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

[Delta Search -- Help!]

# AdwCleaner v3.010 - Report created 30/10/2013 at 16:54:24

# Updated 20/10/2013 by Xplode

# Operating System : Windows Vista Business Service Pack 2 (32 bits)

# Username : zamanmm - ZAMANS-PC

# Running from : C:\Users\zamanmm\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater17.0.12

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Viewpoint

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\file scout

Folder Deleted : C:\Program Files\VideoPerformer

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files\Common Files\Software Update Utility

Folder Deleted : C:\Users\zamanmm\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\zamanmm\AppData\Local\PackageAware

Folder Deleted : C:\Users\zamanmm\AppData\Local\TempDir

Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\Delta

Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\zamanmm\AppData\Roaming\PerformerSoft

Folder Deleted : C:\Users\zamanmm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer

Folder Deleted : C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

File Deleted : C:\Windows\System32\Tasks\BrowserProtect

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B86C9883-5DC6-40CC-9FE1-CC9D48DEF137}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B86C9883-5DC6-40CC-9FE1-CC9D48DEF137}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKCU\Software\580ded8bd3ced17

Key Deleted : HKLM\SOFTWARE\580ded8bd3ced17

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\filescout

Key Deleted : HKCU\Software\performersoft llc

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.19475

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

 

-\\ Google Chrome v

 

[ File : C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [18688 octets] - [30/10/2013 16:51:06]

AdwCleaner[s0].txt - [18838 octets] - [30/10/2013 16:54:24]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [18899 octets] ##########

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013

Ran by zamanmm (administrator) on ZAMANS-PC on 30-10-2013 17:15:17

Running from C:\Users\zamanmm\Downloads

Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE

(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

(Cisco WebEx LLC) C:\Windows\system32\atashost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Green Packet Inc.) C:\Program Files\QUBEE WCM\GPCommonService.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

( ) C:\Windows\system32\lxddcoms.exe

(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe

(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(Panasonic) C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

(DEVGURU Co., LTD) C:\Windows\system32\ptumlcmsvc.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

(Lenovo.) C:\Windows\System32\TPHDEXLG.exe

(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

() C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe

(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe

() C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

() C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-08-13] (Synaptics, Inc.)

HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-07-10] (Analog Devices, Inc.)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-01-09] (RealNetworks, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [116088 2013-04-17] ()

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [RPT Msgsrv] - C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe [57344 2007-04-11] ()

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKCU\...\Run: [Google Update] - C:\Users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-05-05] (Google Inc.)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-10-04] (Google Inc.)

HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)

HKCU\...\Winlogon: [shell] explorer.exe, <==== ATTENTION 

HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/

HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7

SearchScopes: HKLM - {9CF68506-1165-4F58-AF48-E132E900B7A9} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE

SearchScopes: HKCU - {2BF21224-6482-4BDD-9468-CBC04E43465A} URL = http://websearch.shopathome.com?user_id={A01BB326-795B-45B1-B8F2-F2C91A6D2E4C}&q={searchTerms}

SearchScopes: HKCU - {9CF68506-1165-4F58-AF48-E132E900B7A9} URL = 

SearchScopes: HKCU - {A0C442CC-4F8D-48A6-81EF-9A9925374CAA} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

BHO: ShopAtHome.com Cash Back Helper - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File

Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR RestoreOnStartup:       "urls_to_restore_on_startup": null

CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}

CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}

CHR Plugin: (Shockwave Flash) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Move Media Player 7) - C:\Users\zamanmm\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

CHR Extension: (Coupons.com Toolbar) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0

CHR Extension: (Skype Click to Call) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Norton Identity Protection) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx

CHR StartMenuInternet: Google Chrome - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 atashost; C:\Windows\system32\atashost.exe [43912 2010-08-25] (Cisco WebEx LLC)

S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)

S3 GoToAssist Express Customer; C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe [161144 2010-10-12] (Citrix Online, a division of Citrix Systems, Inc.)

R2 GPCommonService; C:\Program Files\QUBEE WCM\GPCommonService.exe [90112 2010-05-27] (Green Packet Inc.)

R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)

R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.)

R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.)

R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-29] (Lenovo Group Limited)

S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)

R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-07-20] (Logitech Inc.)

S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-07-26] (Logitech Inc.)

R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)

R2 Panasonic Trap Monitor Service; C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-24] (Panasonic)

R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc.exe [113168 2010-11-02] (DEVGURU Co., LTD)

R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-02-06] (Lenovo Group Limited)

R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)

R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM)

R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()

R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)

R2 tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [45056 2007-01-08] ()

R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [38440 2012-06-07] (Cisco Systems, Inc.)

S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [57256 2012-06-07] (Cisco Systems, Inc.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-05] (DT Soft Ltd)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)

R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131029.002\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)

S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109592 2007-07-20] (Logitech Inc.)

S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-07-20] (Logitech Inc.)

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-07-18] ()

S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-07-18] (Logitech Inc.)

S3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu.sys [131072 2010-05-06] (MediaTek Inc.)

R2 MTKWMPROT; C:\Windows\System32\DRIVERS\mtkwmptv.sys [15360 2010-05-06] (MediaTek Inc.)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131030.001\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131030.001\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-07-06] (CACE Technologies, Inc.)

R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)

S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2010-11-02] (DEVGURU Co., LTD.)

S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [32123 2004-12-08] (Service & Quality Technology.)

S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)

R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2007-04-10] ()

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\FRST

2013-10-30 16:53 - 2013-10-30 16:53 - 01089275 _____ (Farbar) C:\Users\zamanmm\Downloads\FRST.exe

2013-10-30 16:52 - 2013-10-30 16:52 - 00018688 _____ C:\Users\zamanmm\Downloads\AdwCleaner[R0].txt

2013-10-30 16:51 - 2013-10-30 16:58 - 00000000 ____D C:\AdwCleaner

2013-10-30 16:50 - 2013-10-30 16:50 - 01060070 _____ C:\Users\zamanmm\Downloads\AdwCleaner.exe

2013-10-30 16:37 - 2013-10-30 16:37 - 00688992 ____R (Swearware) C:\Users\zamanmm\Downloads\dds.scr

2013-10-23 21:33 - 2013-10-23 21:33 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Mozilla

2013-10-21 18:45 - 2013-10-21 18:45 - 00002104 _____ C:\{F411E7B8-6C91-4727-99BD-BADBF052C76E}

2013-10-20 07:56 - 2013-10-20 08:04 - 00000000 ____D C:\Program Files\Coupons.com CouponBar

2013-10-10 10:30 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-10-10 10:30 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-10-10 10:30 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-10-10 10:30 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-10-10 10:30 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-10-10 10:30 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-10-10 10:30 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-10-10 10:30 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-10-10 10:30 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-10-10 10:30 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-10 10:29 - 2013-09-23 08:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 10:29 - 2013-09-23 08:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 10:29 - 2013-09-23 08:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-10 10:29 - 2013-09-23 08:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-10-10 10:29 - 2013-09-23 08:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-10-10 10:29 - 2013-09-23 08:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 10:29 - 2013-09-23 08:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 10:29 - 2013-09-23 08:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-10 10:29 - 2013-09-23 08:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-10-10 10:29 - 2013-09-23 08:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-10-10 10:29 - 2013-09-23 08:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 10:29 - 2013-09-23 08:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-10-10 10:29 - 2013-09-23 08:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2013-10-10 10:29 - 2013-09-23 07:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-10-10 10:29 - 2013-09-23 05:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 10:29 - 2013-09-23 05:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-10-10 10:29 - 2013-09-23 05:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 10:29 - 2013-09-23 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-10-10 10:29 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 10:29 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-10-10 10:29 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 10:29 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 10:28 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 10:27 - 2013-07-12 05:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-10 10:27 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-10 10:27 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 10:27 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-10 10:27 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-10 10:27 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-10 10:27 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-10 10:27 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-10 10:27 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 10:27 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-10 10:27 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

 

==================== One Month Modified Files and Folders =======

 

2013-10-30 17:15 - 2012-08-13 15:35 - 00000396 ____H C:\Windows\Tasks\User_Feed_Synchronization-{DB1F06DB-C5AA-402C-8CD5-553AAD0E9856}.job

2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\FRST

2013-10-30 17:12 - 2008-07-18 15:44 - 01765851 _____ C:\Windows\WindowsUpdate.log

2013-10-30 17:10 - 2009-07-01 10:55 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000UA.job

2013-10-30 17:05 - 2008-08-01 01:18 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Skype

2013-10-30 17:05 - 2008-07-18 16:30 - 06842503 _____ C:\Users\Public\Documents\AccConnAdvanced.html

2013-10-30 17:01 - 2007-03-02 08:15 - 00025269 _____ C:\Windows\system32\PROCDB.INI

2013-10-30 17:00 - 2013-06-03 12:12 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-10-30 17:00 - 2011-09-24 15:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc7aec95b5ec60.job

2013-10-30 17:00 - 2007-03-02 08:15 - 00000480 _____ C:\Windows\system32\IPSCtrl.INI

2013-10-30 17:00 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-30 17:00 - 2006-11-02 08:47 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-30 17:00 - 2006-11-02 08:47 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-30 16:59 - 2008-07-18 15:45 - 00002140 _____ C:\Windows\bthservsdp.dat

2013-10-30 16:59 - 2006-11-02 09:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-30 16:58 - 2013-10-30 16:51 - 00000000 ____D C:\AdwCleaner

2013-10-30 16:53 - 2013-10-30 16:53 - 01089275 _____ (Farbar) C:\Users\zamanmm\Downloads\FRST.exe

2013-10-30 16:52 - 2013-10-30 16:52 - 00018688 _____ C:\Users\zamanmm\Downloads\AdwCleaner[R0].txt

2013-10-30 16:50 - 2013-10-30 16:50 - 01060070 _____ C:\Users\zamanmm\Downloads\AdwCleaner.exe

2013-10-30 16:49 - 2011-10-24 09:46 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-30 16:47 - 2012-04-05 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-30 16:38 - 2013-06-17 16:53 - 00024125 _____ C:\Users\zamanmm\Desktop\dds.txt

2013-10-30 16:38 - 2013-06-17 16:53 - 00019041 _____ C:\Users\zamanmm\Desktop\attach.txt

2013-10-30 16:37 - 2013-10-30 16:37 - 00688992 ____R (Swearware) C:\Users\zamanmm\Downloads\dds.scr

2013-10-30 15:53 - 2006-11-02 09:00 - 00745240 _____ C:\Windows\PFRO.log

2013-10-30 15:44 - 2012-08-14 17:12 - 00452608 _____ C:\Windows\system32\TPAPSLOG.LOG

2013-10-30 08:10 - 2011-10-18 15:02 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000Core1cc8dc88cb16ea1.job

2013-10-29 10:47 - 2008-07-18 16:12 - 00000000 ____D C:\SWSHARE

2013-10-27 08:51 - 2011-04-14 14:23 - 00000000 ____D C:\Users\zamanmm\AppData\Local\CrashDumps

2013-10-23 21:33 - 2013-10-23 21:33 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Mozilla

2013-10-21 18:45 - 2013-10-21 18:45 - 00002104 _____ C:\{F411E7B8-6C91-4727-99BD-BADBF052C76E}

2013-10-20 08:04 - 2013-10-20 07:56 - 00000000 ____D C:\Program Files\Coupons.com CouponBar

2013-10-20 08:01 - 2012-04-07 14:53 - 00000000 ____D C:\Program Files\Coupons

2013-10-18 22:01 - 2008-08-01 01:17 - 00000000 ____D C:\ProgramData\Skype

2013-10-18 22:00 - 2010-04-03 14:18 - 00000000 ___RD C:\Program Files\Skype

2013-10-18 16:46 - 2009-05-05 15:51 - 00002103 _____ C:\Users\zamanmm\Desktop\Google Chrome.lnk

2013-10-15 21:23 - 2008-09-09 14:54 - 00002587 _____ C:\Users\zamanmm\Desktop\Microsoft Office Word 2007.lnk

2013-10-15 12:21 - 2011-03-18 11:12 - 00024361 _____ C:\Windows\setupact.log

2013-10-11 17:01 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-11 16:50 - 2006-11-02 06:33 - 00784006 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-11 16:40 - 2006-11-02 08:47 - 00409200 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-11 16:39 - 2008-08-13 15:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-11 16:33 - 2008-09-23 10:54 - 00029509 _____ C:\Windows\system32\lvcoinst.log

2013-10-10 11:11 - 2008-09-09 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-10 11:04 - 2013-07-31 10:01 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 10:50 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-10-09 08:48 - 2012-04-05 10:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-09 08:48 - 2011-06-08 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-02 16:43 - 2012-10-31 14:19 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde

 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde

 

ZeroAccess:

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@

 

Files to move or delete:

====================

C:\Users\zamanmm\dg3rviae081105.exe

C:\Users\zamanmm\pg3rae100902.exe

 

 

Some content of TEMP:

====================

C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-10-30 17:07

 

==================== End Of Log ============================

 

Addition.txt

[Delta Search -- Help!]

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.19475  BrowserJavaVersion: 10.25.2

Run by zamanmm at 16:37:40 on 2013-10-30

Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3061.1266 [GMT -4:00]

.

AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Windows\system32\IPSSVC.EXE

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\QUBEE WCM\GPCommonService.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\lxddcoms.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe

C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

C:\Windows\system32\ptumlcmsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uProxyOverride = localhost;*.local

uWinlogon: Shell = explorer.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll

BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.4.0.40\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\coupons.com couponbar\tbcore3.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll

TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll

TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\zamanmm\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [shopAtHomeWatcher] c:\users\zamanmm\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RPT Msgsrv] "c:\program files\panasonic\panasonic-dms\rpt network printer port\Msgsrv.exe" /NRPT Network Printer /S

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\jobsta~1.lnk - c:\program files\panasonic\panasonic-dms\lrecvtrap\LRecvTrap.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{803FC278-F797-4213-9E4F-829AE9D9FD55} : DHCPNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{C9697EE0-222B-4F23-A61D-0A5C7B10426B} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{CFFA5286-0D07-40C6-BABC-811702F106B0} : DHCPNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{D3510E5F-6489-45C4-9374-CA9B3DDA2BC9} : DHCPNameServer = 180.234.0.193 180.234.0.197

TCP: Interfaces\{DB3C85D0-8D16-468C-8E13-33AFE808BDA4} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\240\g2ax_winlogon.dll

Notify: igfxcui - igfxdev.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-11 367704]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-11 934488]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-31 37664]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20131022.001\BHDrvx86.sys [2013-10-22 1096280]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-11 134744]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-5 242240]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20131029.002\IDSvix86.sys [2013-10-30 393816]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-7-23 13680]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-11 175264]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-11 352344]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-25 43912]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-8 21504]

R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-2-29 90112]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-7-23 127336]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-2-29 15360]

R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.4.0.40\ccsvchst.exe [2013-6-11 144368]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2013-4-7 195840]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-7-6 35088]

R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-9-14 113168]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-3 1153368]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-7-23 131432]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-7-23 142696]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-6-7 478712]

R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-27 108120]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-7-23 101736]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]

S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-6-28 38440]

S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-6-7 57256]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\240\g2ax_service.exe [2010-10-12 161144]

S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-2-29 131072]

S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-9-14 59664]

S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-9-14 168208]

S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-9-14 168208]

S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-9-14 168848]

S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-9-14 168208]

S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-10-3 10112]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

.

=============== Created Last 30 ================

.

2013-10-20 11:56:01 -------- d-----w- c:\program files\Coupons.com CouponBar

2013-10-10 14:30:28 798208 ----a-w- c:\windows\system32\FntCache.dll

2013-10-10 14:30:28 1069056 ----a-w- c:\windows\system32\DWrite.dll

2013-10-10 14:30:27 683008 ----a-w- c:\windows\system32\d2d1.dll

2013-10-10 14:30:27 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2013-10-10 14:30:27 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-10-10 14:30:27 189952 ----a-w- c:\windows\system32\d3d10core.dll

2013-10-10 14:30:27 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2013-10-10 14:30:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2013-10-10 14:30:27 1029120 ----a-w- c:\windows\system32\d3d10.dll

2013-10-10 14:30:20 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-10 14:28:57 2050048 ----a-w- c:\windows\system32\win32k.sys

2013-10-10 14:27:54 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-10 14:27:53 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-10 14:27:53 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-10 14:27:53 226304 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-10 14:27:52 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-10 14:27:52 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-10 14:27:40 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2013-10-10 14:27:22 293376 ----a-w- c:\windows\system32\atmfd.dll

2013-10-10 14:27:20 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-10-10 14:27:06 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys

2013-10-10 14:27:06 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys

.

==================== Find3M  ====================

.

2013-10-09 12:48:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 12:48:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-02 20:43:01 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-09-23 12:57:49 916992 ----a-w- c:\windows\system32\wininet.dll

2013-09-23 12:51:49 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-09-23 12:51:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-09-23 12:51:07 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-09-23 12:51:06 71680 ----a-w- c:\windows\system32\iesetup.dll

2013-09-23 12:49:22 18944 ----a-w- c:\windows\system32\corpol.dll

2013-09-23 11:14:03 385024 ----a-w- c:\windows\system32\html.iec

2013-09-23 09:29:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2013-09-23 09:27:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2013-08-03 00:48:28 440704 ----a-w- c:\windows\CouponPrinter.ocx

2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

.

============= FINISH: 16:38:36.48 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Business 

Boot Device: \Device\HarddiskVolume2

Install Date: 7/18/2008 3:45:52 PM

System Uptime: 10/30/2013 3:53:04 PM (1 hours ago)

.

Motherboard: LENOVO |  | 76591PU

Processor: Intel® Core2 Duo CPU     T7300  @ 2.00GHz | None | 2001/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 6.455 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Tun Miniport Adapter

Device ID: ROOT\*TUNMP\0001

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TUNMP\0001

Service: tunmp

.

Class GUID: 

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000

Manufacturer: 

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000

Service: 

.

Class GUID: 

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000

Manufacturer: 

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000

Service: 

.

Class GUID: 

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000

Manufacturer: 

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000

Service: 

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP1887: 10/30/2013 10:00:13 AM - Windows Update

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

7-Zip 9.22beta

Access Help

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG Security Toolbar

Bonjour

Brother P-touch Address Book 1.1

Brother P-touch Editor 5.0

Brother P-touch Software

Brother QL-570 User's Guide

BufferChm

Business Contact Manager for Outlook 2007 SP2

Canon MP Navigator 2.2

Canon MP530

Canon MP530 User Registration

Canon Utilities Easy-PhotoPrint

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client 

Client Security Solution

Coupon Printer for Windows

CouponBar

D3DX10

DAEMON Tools Lite

Destinations

DeviceDiscovery

DocMgr

DocProc

Download Updater (AOL LLC)

EPSON Printer Software

EPSON Scan

Fax

getPlus® for Adobe

Google Chrome

Google Earth

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToAssist Customer 1.5.0.240

GPBaseService2

Help Center

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP LaserJet P2030 Series

HP Officejet 4500 G510n-z

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPProductAssistant

hppusgP2030

HPSSupply

Hyper Electronics Mappers Utilities

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

iTunes

Java 7 Update 25

Java Auto Updater

Java 6 Update 29

Java 6 Update 7

Java SE Runtime Environment 6

JavaFX 2.1.1

Junk Mail filter update

Lenovo Auto Scroll Utility

Lenovo Patch Utility

Lenovo Power Management Driver

Lenovo Registration

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Livestation

Logitech Desktop Messenger

Logitech Print Service

Logitech QuickCam

Logitech Updater

Logitech Webcam Software

Logitech® Camera Driver

Maintenance Manager

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Mavis Beacon Teaches Typing 18

Message Center Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Accounting 2008

Microsoft Office Accounting 2008 Equifax Addin

Microsoft Office Accounting 2008 Fixed Asset Manager

Microsoft Office Accounting 2008 PayPal Addin

Microsoft Office Accounting ADP Payroll Addin

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Media Player

MrvlUsgTracking

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MVision

MyDsc2

NETGEAR Genie

Network

Norton 360 Premier Edition

OCR Software by I.R.I.S. 13.0

Octoshape add-in for Adobe Flash Player

On Screen Display

Panasonic Job Status Utility

Panasonic Printer Drivers

Panasonic Printing System

Panasonic RPT Network Printer Port

Panasonic Windows Firewall Setting Tool

PANTECH UML290

Picasa 3

Presentation Director

Productivity Center Supplement for ThinkPad

QUBEE WiMAX Connection Manager

Quick Logo Designer 5.0

RealPlayer

Registry patch for Windows Vista USB S3 PM Enablement

Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista 

Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

Rescue and Recovery

Rhapsody Player Engine

RSA SecurID Software Token 1.0.1 for Web SDK

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 

Segoe UI

Shop for HP Supplies

ShopAtHome.com Helper

ShopAtHome.com Toolbar

Skype Click to Call

Skype™ 6.9

SmartWebPrinting

SolutionCenter

SoundMAX

Spotify

Spybot - Search & Destroy

Status

System Migration Assistant

System Update

TeleTracker Online

ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900

ThinkPad EasyEject Utility 

ThinkPad FullScreen Magnifier

ThinkPad Mobility Center Customization

ThinkPad Modem

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

Thinkpad Wireless LAN Adapters Software (11a/b/g/n)

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Productivity Center

ThinkVantage Technologies Welcome Message

Toolbox

TrayApp

Ultimate Media Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VerizonWireless

VideoPerformer

VZAccess Manager

Wallpapers

WebCam for MSN Messenger

WebEx

WebReg

Windows Driver Package - Intel (e1express) Net  (02/27/2007 9.7.37.0)

Windows Driver Package - Intel (iaStor) hdc  (02/12/2007 7.0.0.1020)

Windows Driver Package - Intel hdc  (11/15/2006 8.2.0.1011)

Windows Driver Package - Intel hdc  (12/06/2006 6.8.0.3002)

Windows Driver Package - Intel System  (09/15/2006 7.0.0.1011)

Windows Driver Package - Intel System  (09/15/2006 8.0.0.1008)

Windows Driver Package - Intel System  (09/15/2006 8.0.0.1010)

Windows Driver Package - Intel System  (09/15/2006 8.2.0.1000)

Windows Driver Package - Intel USB  (09/15/2006 8.0.0.1008)

Windows Driver Package - Lenovo (IBMPMDRV) System  (02/27/2007 1.42)

Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)

Windows Driver Package - Ricoh Company (rismxdp) hdc  (11/18/2006 6.00.01.05)

Windows Driver Package - Ricoh Company MMC Host Controller (11/14/2006 6.00.01.04)

Windows Firewall Setting Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Worthware - CellSell H.A.C.I. Thin-Client  (162)

.

==== Event Viewer Messages From Past Week ========

.

10/30/2013 5:54:25 AM, Error: Microsoft-Windows-TBS [516]  - An error occurred while communicating with the TPM.  The driver returned 0x8007045d.

10/30/2013 4:01:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

10/30/2013 4:00:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

10/30/2013 3:57:20 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

10/30/2013 3:57:20 PM, Error: Service Control Manager [7000]  - The Windows Font Cache Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

10/30/2013 3:54:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.

10/30/2013 3:54:48 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/30/2013 3:54:45 PM, Error: netbt [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.

10/30/2013 10:05:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

10/30/2013 10:01:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

10/30/2013 1:23:56 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

10/30/2013 1:21:13 PM, Error: Service Control Manager [7022]  - The KtmRm for Distributed Transaction Coordinator service hung on starting.

10/30/2013 1:18:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

10/30/2013 1:18:47 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

10/30/2013 1:18:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

10/30/2013 1:14:38 PM, Error: EventLog [6008]  - The previous system shutdown at 11:27:48 AM on 10/30/2013 was unexpected.

10/29/2013 10:25:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

10/29/2013 10:23:23 PM, Error: Service Control Manager [7022]  - The Windows Font Cache Service service hung on starting.

10/29/2013 10:18:34 PM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network.

10/26/2013 11:42:02 AM, Error: TPM [13]  - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

.

==== End Of File ===========================

 

 

[Searchnu browser hijack (Chrome Version 23.0.1271.97 m)]

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 21:50:58

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Elahi - ELAHI-PC

# Boot Mode : Normal

# Running from : C:\Users\Elahi\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Elahi\AppData\Local\Temp\Searchqu.ini

File Found : C:\Users\Elahi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk

File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\Program Files (x86)\Searchqu Toolbar

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Elahi\AppData\Local\Ilivid

Folder Found : C:\Users\Elahi\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

Key Found : HKU\S-1-5-21-447736034-3068292486-3521329373-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Elahi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.15] : homepage = "hxxp://www.searchnu.com/421",

Found [l.1633] : homepage = "hxxp://www.searchnu.com/421",

-\\ Opera v12.12.1707.0

File : C:\Users\Elahi\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3579 octets] - [05/01/2013 21:50:58]

########## EOF - C:\AdwCleaner[R1].txt - [3639 octets] ##########

[Searchnu browser hijack (Chrome Version 23.0.1271.97 m)]

argh, i hit delete here is the report if it helps any. do not see any change in chrome.

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Elahi [Admin rights]

Mode : Remove -- Date : 01/05/2013 20:45:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPKT-24PK4T0 +++++

--- User ---

[MBR] 3c46450a4a303c2cbaec684edd621438

[bSP] 542738b89dd357cbdee61d3f44d1bb48 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_01052013_02d2045.txt >>

RKreport[1]_S_01052013_02d2044.txt ; RKreport[2]_D_01052013_02d2045.txt

[Searchnu browser hijack (Chrome Version 23.0.1271.97 m)]

hi I am zamanmm. forgot my username/pw and lost my uncles email pw so i can't retrieve the forum pw. anyway this issue is my own and has nothing to do with the computers at my uncles business. I had searchnu installed on my comp and i uninstalled it and i thought it was gone but it seems it has hijacked my browsers new tab page. google is the default search engine. i am using windows 7. here are the logs. thanks for your help.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.05.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Elahi :: ELAHI-PC [administrator]

1/4/2013 9:59:43 PM

mbam-log-2013-01-04 (21-59-43).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 443319

Time elapsed: 1 hour(s), 2 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Elahi at 23:38:45 on 2013-01-04

#Option Extended Search is enabled.

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1593 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\windows\system32\mfevtps.exe

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Elahi\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Users\Elahi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\calc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\notepad.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

mStart Page = hxxp://lenovo.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121212165102.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [Facebook Update] "C:\Users\Elahi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [spotify Web Helper] "C:\Users\Elahi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [snp2uvc] C:\windows\vsnp2uvc.exe

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0FF2FCE5-68DA-48E8-B4B6-A4FD5A836EA6} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{6BF93E0C-C7D1-4B94-9CC5-C1857A9C5459} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{6BF93E0C-C7D1-4B94-9CC5-C1857A9C5459}\A716D616E613935333 : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll C:\PROGRA~3\Wincert\WIN32C~1.DLL

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://lenovo.msn.com

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20121212165058.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2012-10-9 57952]

R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-10-9 39008]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 339776]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-26 30056]

R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2012-10-9 13408]

R1 winioex;winioex;C:\windows\System32\drivers\winioex.sys [2012-10-9 15456]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-9 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-11-30 72216]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-10-9 241016]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-10-9 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-10-9 177680]

R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-5 65657]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-9 2656280]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]

R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 69672]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]

R3 DelayMan;ACPI DelayMan Filter Service;C:\windows\System32\drivers\delayman.sys [2012-10-9 20064]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]

R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-10-9 174168]

R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2012-10-9 17880]

R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2012-10-9 57816]

R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2012-10-9 32088]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 309400]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 515528]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-11-18 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 15928]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]

S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2012-6-7 107432]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-10-9 437288]

S3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\System32\drivers\btwdpan.sys [2012-10-9 89640]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-10-9 39976]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-10-26 196440]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-10-9 225216]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 106112]

S3 motandroidusb;Mot ADB Interface Driver;C:\windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 motccgp;Motorola USB Composite Device Driver;C:\windows\System32\drivers\motccgp.sys [2012-6-11 22016]

S3 motccgpfl;MotCcgpFlService;C:\windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]

S3 MotDev;Motorola Inc. USB Device;C:\windows\System32\drivers\motodrv.sys [2009-5-8 53632]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-27 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 60 ================

.

2013-01-05 02:40:15 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Malwarebytes

2013-01-05 02:40:03 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-05 02:40:00 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-01-05 02:40:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-05 02:39:23 -------- d-----w- C:\Users\Elahi\AppData\Local\Programs

2013-01-05 02:30:11 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3D14140-420A-4670-9C77-4AB71706DA9F}\mpengine.dll

2012-12-31 02:31:09 -------- d-----w- C:\Users\Elahi\AppData\Local\DDMSettings

2012-12-27 02:03:04 -------- d-----w- C:\Users\Elahi\AppData\Local\{37AF441E-D763-429A-BB52-17BA1634FF32}

2012-12-27 02:02:42 -------- d-----w- C:\Users\Elahi\AppData\Local\{16B717A6-55C0-49D5-B4EF-9A336DAB5707}

2012-12-23 08:40:35 -------- d--h--w- C:\windows\msdownld.tmp

2012-12-23 08:40:35 -------- d-----w- C:\windows\SysWow64\directx

2012-12-22 08:00:15 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-22 08:00:14 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-22 08:00:14 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-22 08:00:14 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-20 14:46:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-20 14:46:23 -------- d-----w- C:\Program Files\iTunes

2012-12-20 14:46:23 -------- d-----w- C:\Program Files\iPod

2012-12-20 14:46:23 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-13 00:51:54 -------- d-----w- C:\Users\Elahi\AppData\Local\Diagnostics

2012-12-12 08:58:45 -------- d-----w- C:\Program Files\AutoHotkey

2012-12-12 04:28:32 -------- d-----w- C:\ProgramData\Browser Manager

2012-12-12 04:06:28 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 04:06:28 2048 ----a-w- C:\windows\System32\tzres.dll

2012-12-12 04:04:04 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-12-12 04:04:04 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-12-12 01:51:06 200704 ----a-w- C:\windows\SysWow64\vbalExpBar6.ocx

2012-12-12 01:50:58 115920 ----a-w- C:\windows\SysWow64\msinet.OCX

2012-12-12 01:50:57 40960 ----a-w- C:\windows\SysWow64\SSubTmr6.dll

2012-12-12 01:50:57 15360 ----a-w- C:\windows\SysWow64\inetfr.DLL

2012-12-12 01:50:56 484352 ----a-w- C:\windows\SysWow64\lame_enc.dll

2012-12-12 01:50:56 -------- d-----w- C:\Users\Elahi\AppData\Roaming\FreeBurner

2012-12-12 01:50:56 -------- d-----w- C:\ProgramData\Wincert

2012-12-12 01:50:51 -------- d-----w- C:\ProgramData\boost_interprocess

2012-12-12 01:50:49 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar

2012-12-12 01:50:19 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner

2012-12-12 01:45:54 397312 ----a-w- C:\windows\SysWow64\TubeFinder.exe

2012-12-12 01:45:53 9728 ----a-w- C:\windows\SysWow64\PCCLPFR.DLL

2012-12-12 01:45:53 84512 ----a-w- C:\windows\SysWow64\PICCLP32.OCX

2012-12-12 01:45:53 364544 ----a-w- C:\windows\SysWow64\PropertyGrid.ocx

2012-12-12 01:45:53 141312 ----a-w- C:\windows\SysWow64\MSCMCFR.DLL

2012-12-12 01:45:53 119568 ----a-w- C:\windows\SysWow64\VB6FR.DLL

2012-12-12 01:45:53 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx

2012-12-12 01:45:53 101888 ----a-w- C:\windows\SysWow64\VB6STKIT.DLL

2012-12-12 01:45:52 32768 ----a-w- C:\windows\SysWow64\CMDLGFR.DLL

2012-12-12 01:45:52 24576 ----a-w- C:\windows\SysWow64\ControlSubX.ocx

2012-12-12 01:45:52 152848 ----a-w- C:\windows\SysWow64\COMDLG32.OCX

2012-12-12 01:45:51 -------- d-----w- C:\Users\Elahi\AppData\Roaming\FreeFLVConverter

2012-12-12 01:44:57 -------- d-----w- C:\Users\Elahi\AppData\Local\iLivid

2012-12-12 01:44:57 -------- d-----w- C:\Program Files (x86)\Free FLV Converter

2012-12-11 09:16:27 -------- d-----w- C:\Users\Elahi\AppData\Roaming\KSCraft

2012-12-11 09:16:16 -------- d-----w- C:\Program Files (x86)\Kort's Spellcraft Calculator

2012-12-11 02:37:54 -------- d-----w- C:\Program Files (x86)\GearBunnies

2012-12-09 08:20:33 -------- d-----w- C:\Users\Elahi\AppData\Roaming\DaocTB

2012-12-09 08:20:22 -------- d-----w- C:\Program Files (x86)\DAOC-Charplan

2012-12-09 07:57:28 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Electronic Arts

2012-12-06 01:45:53 -------- d-----w- C:\Program Files (x86)\Motorola Mobility

2012-12-06 01:45:53 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2012-12-02 02:52:58 -------- d-----w- C:\Users\Elahi\AppData\Local\{CFD65AB0-4155-4465-8E29-ED18C085E79A}

2012-12-02 00:45:18 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Xfire

2012-12-02 00:44:27 -------- d-----w- C:\ProgramData\Xfire

2012-12-02 00:44:24 -------- d-----w- C:\Program Files (x86)\Xfire

2012-12-01 08:15:31 -------- d-----w- C:\ProgramData\Symantec

2012-12-01 08:15:18 -------- d-----w- C:\ProgramData\Norton

2012-12-01 08:15:15 -------- d-----w- C:\ProgramData\NortonInstaller

2012-12-01 03:21:24 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn Rescue Applet

2012-12-01 02:38:17 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn Rescue

2012-12-01 02:36:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Rescue Technician Console

2012-11-30 23:17:55 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn

2012-11-30 23:17:52 60328 ----a-w- C:\windows\System32\Spool\prtprocs\x64\LMIproc.dll

2012-11-30 23:17:52 35240 ----a-w- C:\windows\System32\LMIport.dll

2012-11-30 23:17:51 88008 ----a-w- C:\windows\System32\LMIRfsClientNP.dll

2012-11-30 23:17:51 72216 ----a-w- C:\windows\System32\drivers\LMIRfsDriver.sys

2012-11-30 23:17:50 83880 ----a-w- C:\windows\System32\LMIinit.dll

2012-11-30 23:17:49 -------- d-----w- C:\ProgramData\LogMeIn

2012-11-30 23:17:43 -------- d-----w- C:\Program Files (x86)\LogMeIn

2012-11-30 06:03:39 -------- d-----w- C:\Users\Elahi\AppData\Roaming\thriXXX

2012-11-29 21:48:54 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Utherverse

2012-11-29 17:52:01 -------- d-----w- C:\Users\Elahi\AppData\Local\{DFDA83EF-05C4-4C1F-AB8B-439EC42133DE}

2012-11-29 05:38:45 -------- d-----w- C:\Program Files (x86)\Utherverse Digital Inc

2012-11-26 02:55:02 -------- d-----w- C:\ProgramData\Synaptics

2012-11-26 02:52:04 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Synaptics

2012-11-24 23:16:44 -------- d-----w- C:\Users\Elahi\AppData\Local\Apps

2012-11-24 23:16:43 -------- d-----w- C:\Users\Elahi\AppData\Local\Deployment

2012-11-24 10:43:28 -------- d-----w- C:\Users\Elahi\AppData\Roaming\qliner

2012-11-18 17:01:09 -------- d-----w- C:\Users\Elahi\AppData\Local\{04E99714-A77B-4EBB-9449-95F304198793}

2012-11-16 02:30:30 42440 ----a-w- C:\windows\SysWow64\xfcodec.dll

2012-11-16 02:30:28 28104 ----a-w- C:\windows\System32\xfcodec64.dll

2012-11-14 05:14:39 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-11-14 05:14:39 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-11-14 05:14:39 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-11-14 05:14:39 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 05:11:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\DSETUP.dll

2012-11-14 05:11:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\DXSETUP.exe

2012-11-14 05:11:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\dsetup32.dll

2012-11-14 05:11:04 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\DSETUP.dll

2012-11-14 05:11:04 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\DXSETUP.exe

2012-11-14 05:11:04 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\dsetup32.dll

2012-11-14 05:10:55 -------- d-----w- C:\Users\Elahi\AppData\Local\Windows Live

2012-11-14 05:09:57 -------- d-----w- C:\Users\Elahi\AppData\Local\{BF9E77AE-AA03-4087-850C-A668DCCBFAB0}

2012-11-14 05:09:43 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Windows Live Writer

2012-11-14 05:09:43 -------- d-----w- C:\Users\Elahi\AppData\Local\Windows Live Writer

2012-11-14 05:08:02 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-11-14 05:08:02 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2012-11-14 05:08:02 744448 ----a-w- C:\windows\System32\WUDFx.dll

2012-11-14 05:08:02 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2012-11-14 05:08:02 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2012-11-14 05:08:02 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2012-11-14 05:08:02 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2012-11-13 20:29:04 354216 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl

2012-11-09 10:02:56 -------- d-----w- C:\Users\Elahi\AppData\Local\Cisco

2012-11-09 10:02:36 -------- d-----w- C:\ProgramData\Cisco

2012-11-06 16:19:58 539960 ----a-w- C:\windows\SysWow64\SynCOM.dll

2012-11-06 16:19:24 461624 ----a-w- C:\windows\System32\drivers\SynTP.sys

2012-11-06 16:19:24 229176 ----a-w- C:\windows\System32\SynTPAPI.dll

2012-11-06 16:19:22 177976 ----a-w- C:\windows\System32\SynTPCo14.dll

2012-11-06 16:19:22 113976 ----a-w- C:\windows\SysWow64\SynTPCOM.dll

.

==================== Find6M ====================

.

2012-12-12 07:40:41 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 07:40:41 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-11-26 02:46:44 1048376 ----a-w- C:\windows\System32\SynCOM.dll

2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 11:40:24 69672 ----a-w- C:\windows\System32\drivers\cfwids.sys

2012-11-09 11:37:42 339776 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2012-11-09 11:37:30 177680 ----a-w- C:\windows\System32\mfevtps.exe

2012-11-09 11:36:40 10288 ----a-w- C:\windows\System32\drivers\mfeclnk.sys

2012-11-09 11:36:30 106112 ----a-w- C:\windows\System32\drivers\mferkdet.sys

2012-11-09 11:35:50 771096 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2012-11-09 11:34:58 515528 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2012-11-09 11:34:18 309400 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2012-11-09 11:33:58 178840 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2012-11-03 01:40:28 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys

2012-10-27 01:17:08 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-27 01:17:07 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-10-27 01:17:07 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-09 23:29:55 512 ----a-w- C:\windows\current.bin

2012-10-09 23:27:44 512 ----a-w- C:\windows\previous.bin

2012-10-09 23:25:32 21 ----a-w- C:\windows\System32\kk.cmd

2012-10-09 23:24:09 39008 ----a-w- C:\windows\System32\drivers\LhdX64.sys

2012-10-09 23:24:09 19872 ----a-w- C:\windows\System32\LenovoSDKEmSubSystem.dll

2012-10-09 23:24:07 29792 ----a-w- C:\windows\System32\drivers\AcpiVpc.sys

2012-10-09 23:22:06 57952 ----a-w- C:\windows\System32\drivers\fbfmon.sys

2012-10-09 23:22:06 44896 ----a-w- C:\windows\System32\FbDefrag.exe

2012-10-09 23:22:06 15968 ----a-w- C:\windows\System32\NFbfmon.dll

2012-10-09 23:22:06 13408 ----a-w- C:\windows\System32\drivers\BPntDrv.sys

2012-10-09 23:14:18 87392 ----a-w- C:\windows\SysWow64\LenovoRIC.interface.dll

2012-10-09 23:14:18 83296 ----a-w- C:\windows\SysWow64\GetASData.dll

2012-10-09 23:14:18 82944 ----a-w- C:\windows\System32\LenovoRIC.interface.dll

2012-10-09 23:14:18 80480 ----a-w- C:\windows\SysWow64\WinIoEx.dll

2012-10-09 23:14:18 74240 ----a-w- C:\windows\System32\GetASData.dll

2012-10-09 23:14:18 58720 ----a-w- C:\windows\SysWow64\LenovoRIC.stub.dll

2012-10-09 23:14:18 557056 ----a-w- C:\windows\System32\LenovoRIC.stub.dll

2012-10-09 23:14:18 2353152 ----a-w- C:\windows\System32\ColorBlindnessDLL.dll

2012-10-09 23:14:18 20064 ----a-w- C:\windows\System32\drivers\delayman.sys

2012-10-09 23:14:18 1771872 ----a-w- C:\windows\SysWow64\ColorBlindnessDLL.dll

2012-10-09 23:14:18 15456 ----a-w- C:\windows\System32\drivers\winioex.sys

2012-10-09 23:14:18 15456 ----a-w- C:\windows\System32\codelayman.dll

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

2012-10-02 19:51:15 3536817 ----a-w- C:\windows\System32\nvcoproc.bin

2012-10-02 19:51:11 3293544 ----a-w- C:\windows\System32\nvsvc64.dll

2012-10-02 19:51:04 6200680 ----a-w- C:\windows\System32\nvcpl.dll

2012-10-02 19:50:57 891240 ----a-w- C:\windows\System32\nvvsvc.exe

2012-10-02 19:50:57 866664 ----a-w- C:\windows\System32\nv3dappshext.dll

2012-10-02 19:50:57 63336 ----a-w- C:\windows\System32\nvshext.dll

2012-10-02 19:50:57 55144 ----a-w- C:\windows\System32\nv3dappshextr.dll

2012-10-02 19:50:57 2557800 ----a-w- C:\windows\System32\nvsvcr.dll

2012-10-02 19:50:57 118120 ----a-w- C:\windows\System32\nvmctray.dll

2012-10-02 19:50:56 440168 ----a-w- C:\windows\SysWow64\oemdspif.dll

2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll

2012-09-18 09:32:44 55096 ----a-w- C:\windows\System32\LMouFiltCoInst.dll

2012-09-18 09:32:32 75064 ----a-w- C:\windows\System32\drivers\LHidFilt.Sys

.

============= FINISH: 23:39:35.04 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/26/2012 4:22:34 PM

System Uptime: 1/4/2013 9:57:45 PM (2 hours ago)

.

Motherboard: LENOVO | | Base Board Product Name

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 422 GiB total, 339.165 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 25.624 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

7-Zip 9.21

7-Zip 9.22beta

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoHotkey 1.1.09.00

Bonjour

Broadcom Gigabit NetLink Controller

Broadcom InConcert Maestro

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

Curse Client

D3DX10

DAOC-Charplan

Dark Age of Camelot

Diablo III

DivX Setup

Download Updater (AOL LLC)

Energy Management

eReg

Facebook Video Calling 1.2.0.287

Free Easy Burner V 5.1

Free FLV Converter V 7.5.0

GearBunnyX and Classic 1.102

Google Chrome

Google Update Helper

iLivid

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Wireless Display

InterActual Player

iTunes

Java 7 Update 9

Java Auto Updater

JMicron Flash Media Controller Driver

Junk Mail filter update

Kort's Spellcraft Calculator

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo EasyCamera

Lenovo EE Boot Optimizer

Lenovo Games Console

Lenovo OneKey Recovery

Lenovo R.I.C. (Robust Intelligent Companion)

Lenovo YouCam

Logitech SetPoint 6.50

LogMeIn

LogMeIn Rescue Technician Console

Malwarebytes Anti-Malware version 1.70.0.1100

Mathematica Extras 8.0 (2063897)

McAfee AntiVirus Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Motorola Device Manager

Motorola Device Software Update

Motorola Mobile Drivers Installation 5.9.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

Onekey Theater

ooVoo

Opera 12.12

Power2Go

Realtek High Definition Audio Driver

Red Light Center 3D Client

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Shared C Run-time for x64

Skype™ 6.0

Spotify

SRS Control Panel

Steam

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

UserGuide

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client for Windows x64

VeriFace

Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988)

World of Warcraft

Xfire

.

==== Event Viewer Messages From Past Week ========

.

1/4/2013 12:10:39 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

1/4/2013 12:10:39 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

1/4/2013 10:00:55 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1/4/2013 10:00:55 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

.

==== End Of File ===========================