"recommended for you" malware

[B1nkster]

I have a popup in the lower-right hand corner "recommended for you."

From what I have researched this is malware. I have attempted to run dds - but it just automatically shuts down.

Can you please help me? Thank you.

- Brian Turner

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

-------------------

Next.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[B1nkster]

I figured out how to use DDS via safe mode.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by BrianTurner at 10:01:45 on 2012-06-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2860 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?l=dis&o=15768

uDefault_Page_URL = hxxp://www.lenovo.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [Driver Updater] "C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe" /minimized

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

StartupFolder: C:\Users\BRIANT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: UseDefaultTile = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: uscourts.gov

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: Interfaces\{208ACD85-A8F0-4656-B58A-97E1243B787F} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6D6EF979-FFC2-48DC-A857-4BD1294B1C71} : DhcpNameServer = 192.77.116.3 192.77.116.72

TCP: Interfaces\{6D6EF979-FFC2-48DC-A857-4BD1294B1C71}\144545334343 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6D6EF979-FFC2-48DC-A857-4BD1294B1C71}\2375942554436383 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6D6EF979-FFC2-48DC-A857-4BD1294B1C71}\85F4B48343 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\BrianTurner\AppData\Roaming\Mozilla\Firefox\Profiles\n1xcxfbw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\windows\system32\DRIVERS\ApsHM64.sys --> C:\windows\system32\DRIVERS\ApsHM64.sys [?]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

S1 avfsmn;avfsmn;C:\windows\system32\DRIVERS\avfsmn.sys --> C:\windows\system32\DRIVERS\avfsmn.sys [?]

S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-4-28 644392]

S2 avhips;AntiMalware Host-based Intrusion Prevention System;\??\C:\windows\system32\DRIVERS\avhips.sys --> C:\windows\system32\DRIVERS\avhips.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-8 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408]

S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-12 2337144]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-8 2320920]

S2 UpekSrvc;Upek Service;"C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe" --> C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe [?]

S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]

S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;C:\windows\system32\drivers\mferkdk.sys --> C:\windows\system32\drivers\mferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\system32\drivers\mfesmfk.sys --> C:\windows\system32\drivers\mfesmfk.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

.

=============== Created Last 30 ================

.

2012-06-02 16:37:25 607260 ------r- C:\dds.com

2012-06-02 16:15:00 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{960315F3-68DC-4207-9253-7A10FE7C9C19}\mpengine.dll

2012-06-01 21:49:25 -------- d-----w- C:\Users\BrianTurner\AppData\Roaming\Anvisoft

2012-06-01 21:48:26 24360 ----a-w- C:\windows\System32\drivers\avhips.sys

2012-06-01 21:48:26 20264 ----a-w- C:\windows\System32\drivers\avfsmn.sys

2012-06-01 21:47:56 -------- d-----w- C:\Program Files (x86)\Anvisoft

2012-06-01 21:29:56 200976 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys

2012-06-01 02:42:31 -------- d-----w- C:\Users\BrianTurner\AppData\Roaming\Malwarebytes

2012-06-01 02:42:21 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-01 02:42:19 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-06-01 02:42:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-01 02:27:07 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-26 06:24:44 -------- d-----w- C:\Users\BrianTurner\AppData\Local\Microsoft Games

2012-05-23 16:07:08 -------- d-----w- C:\Users\BrianTurner\AppData\Roaming\LolClient2

2012-05-20 20:47:39 -------- d-----w- C:\Users\BrianTurner\AppData\Local\VS Revo Group

2012-05-20 20:47:34 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys

2012-05-20 20:47:32 -------- d-----w- C:\Program Files\VS Revo Group

2012-05-10 22:34:41 1544704 ----a-w- C:\windows\System32\DWrite.dll

2012-05-10 22:34:41 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-05-10 22:34:39 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-10 22:34:38 3146240 ----a-w- C:\windows\System32\win32k.sys

2012-05-10 22:34:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 22:34:36 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-10 22:34:04 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys

2012-05-10 22:33:56 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-05-10 22:33:53 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 22:33:53 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 22:33:53 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 22:33:53 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-10 22:33:53 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-04 19:31:56 1397248 ----a-w- C:\windows\SysWow64\utilman.exe

2012-05-04 19:31:54 1402880 ----a-w- C:\windows\System32\utilman.exe

.

==================== Find3M ====================

.

2012-03-21 03:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys

2012-03-21 03:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys

.

============= FINISH: 10:03:10.72 ===============

[B1nkster]

Thank you so much for your help! I figured out dds and posted it ---> can't figure out how to upload a file, or else I could post the "zipped attach file."

Let me know if you want that.

Roguekiller report:

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: BrianTurner [Admin rights]

Mode: Scan -- Date: 06/02/2012 10:24:28

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\BRIANT~1\Desktop\dds.scr) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

149.5.18.172 www.google-analytics.com.

149.5.18.172 ad-emea.doubleclick.net.

149.5.18.172 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++

--- User ---

[MBR] 154a6df73d0e5d4cda85cca5c624bdc2

[bSP] 72863cc0d5b2679f532c38494ea55429 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 564298 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1155889152 | Size: 30720 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1218803712 | Size: 15360 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Thank you so much for your help! I figured out dds and posted it ---> can't figure out how to upload a file, or else I could post the "zipped attach file."

I prefer you post the logs, not attach them.

You have to use the "More Reply Options" at the bottom right hand corner to attach logs.

------------------

Run RogueKiller again and click scan, when the scan completes..

Click the "HostFix" on the right hand column.

-----------------------

Next........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[B1nkster]

I ran OTL - had to run it in safe mode.

Here is OTL.txt

OTL logfile created on: 6/2/2012 10:51:18 AM - Run 1

OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\BrianTurner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 73.28% Memory free

7.60 Gb Paging File | 6.60 Gb Available in Paging File | 86.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 551.07 Gb Total Space | 415.27 Gb Free Space | 75.36% Space Free | Partition Type: NTFS

Drive D: | 30.00 Gb Total Space | 29.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: BRIANTURNER-PC | User Name: BrianTurner | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/02 10:28:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BrianTurner\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe -- (UpekSrvc)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/11/20 06:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)

SRV:64bit: - [2010/02/17 23:26:38 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/10/21 16:47:08 | 000,047,632 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)

SRV - [2012/05/22 08:30:46 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/04/28 01:40:48 | 000,644,392 | ---- | M] (Anvisoft) [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)

SRV - [2012/04/25 06:50:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/12/09 14:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/12/09 14:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/07/13 18:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/27 02:28:26 | 000,024,360 | ---- | M] (Anvisoft) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\avhips.sys -- (avhips)

DRV:64bit: - [2012/04/27 02:28:24 | 000,020,264 | ---- | M] (Anvisoft) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avfsmn.sys -- (avfsmn)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/03/30 11:47:40 | 000,041,160 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)

DRV:64bit: - [2011/03/30 11:47:38 | 000,049,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 02:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)

DRV:64bit: - [2010/03/18 15:20:00 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/12 09:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/02/24 09:31:42 | 000,215,040 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)

DRV:64bit: - [2010/02/22 16:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/02/10 13:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/01/28 17:55:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/01/15 18:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2010/01/14 20:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/01/14 20:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/01/14 20:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/12/17 10:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/12/08 16:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)

DRV:64bit: - [2009/11/29 22:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2009/10/21 16:47:00 | 000,023,568 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)

DRV:64bit: - [2009/10/21 16:46:58 | 000,135,184 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)

DRV:64bit: - [2009/10/19 00:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/09/15 10:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)

DRV:64bit: - [2009/07/13 16:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)

DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/06 21:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2008/08/06 12:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15768

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\..\SearchScopes\{2291ECE7-190A-425A-B8B1-11421E2A82D4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYUS&apn_uid=D0035FE2-7B65-461D-A1DD-A3B7F5B91509&apn_sauid=DDD3282D-5297-4DBF-89E7-55A4A35150E5&

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files\MIE\AlternaTIFF\npatif64.dll (Medical Informatics Engineering, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 06:50:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 12:11:32 | 000,000,000 | ---D | M]

[2011/05/28 09:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrianTurner\AppData\Roaming\Mozilla\Extensions

[2012/05/17 11:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrianTurner\AppData\Roaming\Mozilla\Firefox\Profiles\n1xcxfbw.default\extensions

[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\BrianTurner\AppData\Roaming\Mozilla\Firefox\Profiles\n1xcxfbw.default\searchplugins\askcom.xml

[2012/02/20 10:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/01/13 19:39:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/04/25 06:50:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/08/27 09:38:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: Skype Extension = C:\Users\BrianTurner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\

O1 HOSTS File: ([2012/03/21 12:51:42 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 149.5.18.172 www.google-analytics.com.

O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.

O1 - Hosts: 149.5.18.172 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)

O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001..\Run: [Driver Updater] C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe (MEDIA FOG LTD)

O4 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2229854543-2735755789-1938109201-1001\..Trusted Domains: uscourts.gov ([]https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.77.116.3 192.77.116.72

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{208ACD85-A8F0-4656-B58A-97E1243B787F}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D6EF979-FFC2-48DC-A857-4BD1294B1C71}: DhcpNameServer = 192.77.116.3 192.77.116.72

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4eb18057-f388-11e0-a4ee-f07bcbf79eb1}\Shell - "" = AutoRun

O33 - MountPoints2\{4eb18057-f388-11e0-a4ee-f07bcbf79eb1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{9105b7f1-46d3-11e1-8fed-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{9105b7f1-46d3-11e1-8fed-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{cd1603a3-894a-11e0-a831-f07bcbf79eb1}\Shell - "" = AutoRun

O33 - MountPoints2\{cd1603a3-894a-11e0-a831-f07bcbf79eb1}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\_Content.rtf

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/02 10:28:43 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\BrianTurner\Desktop\OTL.exe

[2012/06/02 10:22:36 | 000,000,000 | ---D | C] -- C:\Users\BrianTurner\Desktop\RK_Quarantine

[2012/06/02 09:37:25 | 000,607,260 | R--- | C] (Swearware) -- C:\dds.com

[2012/06/01 14:49:25 | 000,000,000 | ---D | C] -- C:\Users\BrianTurner\AppData\Roaming\Anvisoft

[2012/06/01 14:48:43 | 000,000,000 | ---D | C] -- C:\Users\BrianTurner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft

[2012/06/01 14:48:26 | 000,024,360 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\avhips.sys

[2012/06/01 14:48:26 | 000,020,264 | ---- | C] (Anvisoft) -- C:\windows\SysNative\drivers\avfsmn.sys

[2012/06/01 14:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft

[2012/06/01 14:29:56 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysWow64\drivers\tmcomm.sys

[2012/05/31 19:42:31 | 000,000,000 | ---D | C] -- C:\Users\BrianTurner\AppData\Roaming\Malwarebytes

[2012/05/31 19:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/31 19:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/31 19:42:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/05/31 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/25 23:24:44 | 000,000,000 | ---D | C] -- C:\Users\BrianTurner\AppData\Local\Microsoft Games

[2012/05/23 09:07:08 | 000,000,000 | ---D | C] -- C:\Users\BrianTurner\AppData\Roaming\LolClient2

[2012/05/20 13:47:39 | 000,000,000 | ---D | C] -- C:\Users\BrianTurner\AppData\Local\VS Revo Group

[2012/05/20 13:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/05/20 13:47:34 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys

[2012/05/20 13:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/05/16 08:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/05/16 08:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/05/16 08:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012/06/02 10:49:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/06/02 10:49:32 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/02 10:28:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BrianTurner\Desktop\OTL.exe

[2012/06/02 10:14:30 | 000,013,664 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/02 10:14:30 | 000,013,664 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/02 10:09:34 | 000,004,153 | ---- | M] () -- C:\Users\BrianTurner\Desktop\Attach.zip

[2012/06/02 10:09:06 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/02 10:06:20 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/02 09:37:27 | 000,607,260 | R--- | M] (Swearware) -- C:\dds.com

[2012/06/01 14:48:43 | 000,001,195 | ---- | M] () -- C:\Users\BrianTurner\Desktop\Anvi Smart Defender.lnk

[2012/06/01 14:38:18 | 000,114,684 | ---- | M] () -- C:\Users\BrianTurner\AppData\Local\census.cache

[2012/06/01 14:38:14 | 000,078,203 | ---- | M] () -- C:\Users\BrianTurner\AppData\Local\ars.cache

[2012/06/01 14:29:30 | 000,000,036 | ---- | M] () -- C:\Users\BrianTurner\AppData\Local\housecall.guid.cache

[2012/05/31 19:42:26 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/23 20:03:23 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/05/23 16:40:09 | 000,001,303 | ---- | M] () -- C:\Users\BrianTurner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2012/05/22 08:28:38 | 471,217,697 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012/05/11 09:52:42 | 000,538,224 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/05/11 02:52:08 | 000,754,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/05/11 02:52:08 | 000,633,586 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/05/11 02:52:08 | 000,110,572 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/06/02 10:09:30 | 000,004,153 | ---- | C] () -- C:\Users\BrianTurner\Desktop\Attach.zip

[2012/06/01 14:48:43 | 000,001,195 | ---- | C] () -- C:\Users\BrianTurner\Desktop\Anvi Smart Defender.lnk

[2012/06/01 14:38:18 | 000,114,684 | ---- | C] () -- C:\Users\BrianTurner\AppData\Local\census.cache

[2012/06/01 14:38:14 | 000,078,203 | ---- | C] () -- C:\Users\BrianTurner\AppData\Local\ars.cache

[2012/06/01 14:29:30 | 000,000,036 | ---- | C] () -- C:\Users\BrianTurner\AppData\Local\housecall.guid.cache

[2012/05/31 19:42:26 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/24 14:54:36 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe

[2011/10/05 09:59:58 | 000,339,968 | ---- | C] () -- C:\windows\SysWow64\vistaesr.exe

[2011/06/01 21:00:40 | 000,754,228 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/05/19 12:47:20 | 000,870,544 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin

[2011/05/19 12:47:20 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll

[2011/05/19 12:47:20 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

[2011/05/19 12:47:19 | 000,050,036 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin

[2011/05/19 12:47:18 | 000,127,896 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin

[2010/09/08 08:51:54 | 002,110,728 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2010/09/08 08:51:54 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2010/09/08 08:51:43 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

[2010/09/08 08:41:32 | 000,001,305 | ---- | C] () -- C:\windows\vm331Rmv.ini

========== LOP Check ==========

[2012/05/27 09:10:49 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\.purple

[2011/07/13 22:03:24 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\acccore

[2012/06/01 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Anvisoft

[2011/08/23 14:19:02 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Bullzip

[2012/01/24 14:53:51 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Carambis

[2011/08/03 17:21:08 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Downloaded Installations

[2011/08/29 15:16:57 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\enchant

[2011/09/09 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\gtk-2.0

[2011/05/31 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Lenovo

[2011/05/28 09:49:42 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\LolClient

[2012/05/23 09:07:08 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\LolClient2

[2011/05/28 08:57:41 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Protector Suite

[2012/05/25 23:23:31 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Spotify

[2011/08/12 12:38:20 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\TeamViewer

[2012/02/06 21:37:57 | 000,000,000 | ---D | M] -- C:\Users\BrianTurner\AppData\Roaming\Zeon

[2011/11/14 16:10:21 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

[B1nkster]

Extras.txt

OTL Extras logfile created on: 6/2/2012 10:51:18 AM - Run 1

OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\BrianTurner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 73.28% Memory free

7.60 Gb Paging File | 6.60 Gb Available in Paging File | 86.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 551.07 Gb Total Space | 415.27 Gb Free Space | 75.36% Space Free | Partition Type: NTFS

Drive D: | 30.00 Gb Total Space | 29.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: BRIANTURNER-PC | User Name: BrianTurner | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files (x86)\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"C:\Program Files (x86)\ExamSoft\SofTest\softest.exe" = C:\Program Files (x86)\ExamSoft\SofTest.exe:*:Enabled:SofTest

"C:\Program Files (x86)\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files (x86)\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"C:\Program Files (x86)\ExamSoft\SofTest\softest.exe" = C:\Program Files (x86)\ExamSoft\SofTest.exe:*:Enabled:SofTest

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01510EB9-7597-4E72-BD3E-128855EBA061}" = lport=2869 | protocol=6 | dir=in | app=system |

"{07C24ED1-72C0-41B5-AA9B-CFE768B391D8}" = rport=445 | protocol=6 | dir=out | app=system |

"{0DE1B35C-1BBF-42B4-9937-00DF1B3BDFBC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{23F272E3-C815-4240-A90E-ED58A6514B60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{373B9FD8-5D76-4C4F-80EF-BB26CE38A00B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{436222E5-6620-4FEA-AA04-44538FAAFA4F}" = lport=137 | protocol=17 | dir=in | app=system |

"{4F8E896F-6A01-4045-9619-CB67225EFDDF}" = rport=138 | protocol=17 | dir=out | app=system |

"{53AC2A95-B7CA-4B78-B99D-E316C8C84583}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{55133EDA-8675-45FB-96C3-BDF051AF6CA7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{5D1A3D88-1566-41C5-A8E1-0A79EB61F09B}" = lport=139 | protocol=6 | dir=in | app=system |

"{60DCFF60-7E93-4A28-ACCC-17588CA6AA04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{68602323-6FF0-43E5-8EA3-70437C091E56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6CEE2F81-7BD7-4A8B-88F0-AC8166233365}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{72C02CF2-10CC-481A-AF24-EE8E31A8422B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{737AFA3D-C16F-40B2-859C-C8BD49272675}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{838EB110-EABB-4E69-A212-42F1D51E9133}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A09EA810-3411-479C-AA3D-A1DD88C6A835}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A3D1BC36-549F-4BDA-B3E1-4C13D111F8BB}" = lport=10243 | protocol=6 | dir=in | app=system |

"{AB3668EF-1241-4098-9D17-511B2B25B175}" = lport=445 | protocol=6 | dir=in | app=system |

"{B2353B60-2076-44C6-B30A-F2B1A77CF959}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{CF00E798-2974-4A03-BFC0-83DBFE5F7C96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D4573874-0DD6-4B30-BB17-F5E3FBDEE681}" = lport=138 | protocol=17 | dir=in | app=system |

"{D5934FE9-4EF0-49D6-A931-792AA178BD52}" = rport=137 | protocol=17 | dir=out | app=system |

"{F128AABF-426C-4DA4-B529-7099ABBAA4A3}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03470EF3-8A7A-4675-8061-6C8D80394147}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{06B624FB-3608-4A27-91DF-E946B08D0C80}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{099071CD-CE80-48D7-808E-FFC1F2CE72B9}" = protocol=6 | dir=in | app=c:\windows\system32\recdisc.exe |

"{0C43BAEF-9331-4FDD-94C6-A1F6C6819A15}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{1B5C3D9D-D37D-4E39-80C2-542BB8372610}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{1B83808E-1E60-4125-9B49-040AC7192726}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{2070B884-AB01-4C93-9266-79253A1D0A53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{20F11E9B-D141-4917-A623-420917032F40}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |

"{22DB9BE0-F6D4-4980-A490-45CB63747DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |

"{25B7B07E-A1F8-4430-BD03-307941515618}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2E0468D1-1008-44FC-AC09-DA1513F74A53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2EBB6117-374A-453A-96D1-F7A3ABB96632}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{303704B7-4252-46AC-AA53-5254757A2BB7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{35D03B5F-38AB-4A1C-9E2A-C5FE699472EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3AEB433F-FC8F-4588-82AF-6BC969644738}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3FA7DCBA-A64A-46AA-BADE-590B33EB79BD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |

"{45084095-8D5A-476B-BEBF-C596250FDA83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4CA58E05-52C6-4114-B725-E483CE7FB2AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4CE82665-0020-4F83-83AF-936AFC65DB1A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{5015F1C4-5B9F-429E-BAEF-BFB49CFBC8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{5CB35829-A62B-4F88-B825-E6032DFC2AF0}" = protocol=6 | dir=out | app=system |

"{5EB1CD1C-401D-451F-B6D3-E4B103CE81AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{82E77CEF-D30F-4519-BF04-DCEFFC2CA355}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{8544E44A-4BF5-4CED-ADBF-86E00E5E5649}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{90D5256A-9B77-43A2-9185-1EFFBBA0CFF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A0235C3D-7535-4BF3-A420-048BC17CF486}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A05B3B58-42B1-4DF3-8224-FE1421755556}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A4489557-18DF-4D9C-AE79-63E556DF1EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{A6313FC5-2BEE-4159-BB7B-9DC0F373EA6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{AF19A6A8-803B-4E29-888B-B0E407B9FCDF}" = protocol=17 | dir=in | app=c:\windows\system32\recdisc.exe |

"{B033DE44-3F8A-4DDD-845B-D23D3DF83669}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B44B9FC3-3C7D-4D7A-95F3-88275B2DAAA0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B4787316-F7AC-4D5D-822B-D9B5A6F8AC4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BC70BDA7-4555-49FD-80F4-A5E25D2B2F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{BF7E7613-D93D-40C5-BD3E-FF6074715980}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{C023C476-20F9-4739-A002-AB937B8B29B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C2ACBEA4-33E5-4DFE-916F-B002CB06BDEF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{C3742E3A-8D47-4261-B1D6-8F233B32ACBC}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{CF5A64DB-D45C-42B5-9E93-A48DC3739B70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D11E7AF6-CBB8-4A67-978A-CE62E8842084}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D4ED18EA-B25B-458E-8521-34ED94845E85}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |

"{D7DDD9B9-32DE-43C6-823B-FAFB3DBE641C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D905EE0B-BF54-4EFA-8CE1-6511B155111A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{DDD5D9EE-A773-4C76-B6DD-54FABD9583B4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{E17ED190-57B4-4C4A-B1E3-8FB0AC17C91C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E2D3ED80-2D01-4181-9E96-4750C8D00E93}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E64771F7-43DA-4B97-B35C-DFE051C6E11C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{E9A59469-D71C-42EA-8015-2CC43B6A75A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{FB3F33F4-851E-41CB-8BF7-264DBFA10C35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FF19012A-C56A-4FC9-9562-DAAFAFD851E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"TCP Query User{51793FBE-E267-4BE0-A302-E7B09A75B707}C:\users\brianturner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\brianturner\appdata\roaming\spotify\spotify.exe |

"TCP Query User{C1E1FB7E-C682-4125-B167-EFBFC1C5A832}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"TCP Query User{D532FBEC-4AA2-45B4-BBB8-BFEC0D12E8ED}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |

"UDP Query User{29ED8689-D347-4D1D-8868-9650E075871D}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |

"UDP Query User{37FFC2A1-4A81-4181-8B4E-731359410B95}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"UDP Query User{637E3CBF-7963-4336-8F85-8D296A7A03CA}C:\users\brianturner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\brianturner\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{E3D1FE62-7550-45EC-A44A-C4903D2FA3E7}" = HotDocs Player 10 (64bit)

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)

"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

"7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)

"85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463

"Kyocera Product Library" = Kyocera Product Library

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Drivers" = NVIDIA Drivers

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{979FC049-0832-4893-AE18-D658DF7A94BF}" = SofTest

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera

"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Anvi Smart Defender" = Anvi Smart Defender 1.01

"Driver Updater" = Carambis Driver Updater

"Google Calendar Sync" = Google Calendar Sync

"Google Chrome" = Google Chrome

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Pidgin" = Pidgin

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"TeamViewer 6" = TeamViewer 6

"VeriFace" = VeriFace

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2229854543-2735755789-1938109201-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/4/2012 3:32:59 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 999

Error - 2/4/2012 3:32:59 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 2/4/2012 3:33:00 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/4/2012 3:33:00 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2169

Error - 2/4/2012 3:33:00 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2169

Error - 2/4/2012 3:41:12 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/4/2012 3:41:12 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 493884

Error - 2/4/2012 3:41:12 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 493884

Error - 2/4/2012 5:26:14 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/4/2012 5:26:14 PM | Computer Name = BrianTurner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1404

[ System Events ]

Error - 6/2/2012 1:50:33 PM | Computer Name = BrianTurner-PC | Source = DCOM | ID = 10005

Description =

Error - 6/2/2012 1:50:31 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/2/2012 1:50:32 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/2/2012 1:50:33 PM | Computer Name = BrianTurner-PC | Source = DCOM | ID = 10005

Description =

Error - 6/2/2012 1:50:34 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/2/2012 1:50:35 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/2/2012 1:50:36 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/2/2012 1:50:36 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/2/2012 1:50:36 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/2/2012 1:50:36 PM | Computer Name = BrianTurner-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

< End of report >

[MrCharlie]

Please run RogueKiller and ComboFix as I asked:

http://forums.malwarebytes.org/index.php?showtopic=110610&view=findpost&p=557007

MrC

[B1nkster]

I ran rogue killer and combofix. I am currently stuck at deleting folders In combofix: \local\tempDIR

[B1nkster]

Wow. Never mind after 20 minutes it moved on...will post log shortly. (I haven't opened any programs while combofix has been operating - using my phone)

Btw thank you again.

[B1nkster]

Combofix Log:

ComboFix 12-06-02.02 - BrianTurner 06/02/2012 11:30:47.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2560 [GMT -7:00]

Running from: c:\users\BrianTurner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\BrianTurner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14293389-7B06-4965-AE6D-8A5E6CC5B0DF}.xps

c:\users\BrianTurner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6CE19B0A-1E2B-471D-B65A-F30284244607}.xps

c:\users\BrianTurner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9079CA5E-9C8E-40E4-B7D3-BED5DEC1685D}.xps

c:\users\BrianTurner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{972464B9-A3BF-4A74-8D86-C482B00D8541}.xps

c:\users\BrianTurner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A6837020-A7B3-4D15-899C-2CB1C3E9CE43}.xps

c:\users\BrianTurner\AppData\Local\TempDIR

c:\windows\SysWow64\devil.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))

.

.

2012-06-02 19:22 . 2012-06-02 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-02 16:37 . 2012-06-02 16:37 607260 ------r- C:\dds.com

2012-06-02 16:15 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{960315F3-68DC-4207-9253-7A10FE7C9C19}\mpengine.dll

2012-06-01 21:49 . 2012-06-01 21:49 -------- d-----w- c:\users\BrianTurner\AppData\Roaming\Anvisoft

2012-06-01 21:48 . 2012-04-27 09:28 24360 ----a-w- c:\windows\system32\drivers\avhips.sys

2012-06-01 21:48 . 2012-04-27 09:28 20264 ----a-w- c:\windows\system32\drivers\avfsmn.sys

2012-06-01 21:47 . 2012-06-01 21:47 -------- d-----w- c:\program files (x86)\Anvisoft

2012-06-01 21:29 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-06-01 02:42 . 2012-06-01 02:42 -------- d-----w- c:\users\BrianTurner\AppData\Roaming\Malwarebytes

2012-06-01 02:42 . 2012-06-01 02:42 -------- d-----w- c:\programdata\Malwarebytes

2012-06-01 02:42 . 2012-06-01 02:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-01 02:42 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-01 02:27 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-26 06:24 . 2012-05-26 06:25 -------- d-----w- c:\users\BrianTurner\AppData\Local\Microsoft Games

2012-05-23 16:07 . 2012-05-23 16:07 -------- d-----w- c:\users\BrianTurner\AppData\Roaming\LolClient2

2012-05-20 20:47 . 2012-05-20 20:47 -------- d-----w- c:\users\BrianTurner\AppData\Local\VS Revo Group

2012-05-20 20:47 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-20 20:47 . 2012-05-20 20:47 -------- d-----w- c:\program files\VS Revo Group

2012-05-16 15:50 . 2012-05-16 15:50 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-16 15:50 . 2012-05-16 15:50 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-10 22:34 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 22:34 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 22:34 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 22:33 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 22:33 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 22:33 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 22:33 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 22:33 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-10 22:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-31 06:05 . 2012-05-10 22:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-10 22:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-10 22:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-10 22:34 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-03-21 03:44 . 2010-10-25 04:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44 . 2010-10-25 04:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-11-18 03:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

"Driver Updater"="c:\program files (x86)\Carambis\Driver Updater\dupdater.exe" [2011-09-27 4871264]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-08 1242448]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-16 536576]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]

"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2009-11-11 167008]

"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-09-08 3122440]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-04-28 618280]

.

c:\users\BrianTurner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-2-17 1083680]

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"UseDefaultTile"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]

R2 UpekSrvc;Upek Service;c:\program files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 avfsmn;avfsmn;c:\windows\system32\DRIVERS\avfsmn.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-04-28 644392]

S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\avhips.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 05:55]

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 05:55]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2010-09-08 15:51 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-06 908320]

"TpShocks"="c:\windows\System32\TpShocks.exe" [2009-09-02 231264]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-12 4448704]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-12 7056832]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-01 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-01 390680]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-01 410136]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-09 16414824]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ask.com/?l=dis&o=15768

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

Trusted Zone: uscourts.gov

TCP: DhcpNameServer = 192.77.116.3 192.77.116.72

FF - ProfilePath - c:\users\BrianTurner\AppData\Roaming\Mozilla\Firefox\Profiles\n1xcxfbw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-02 12:45:03

ComboFix-quarantined-files.txt 2012-06-02 19:44

.

Pre-Run: 449,112,276,992 bytes free

Post-Run: 449,580,937,216 bytes free

.

- - End Of File - - 2D28406813A30DFFEC26BEA25E8233AC

[MrCharlie]

Once again, can you run RogueKiller and post the log please!!! MrC

[B1nkster]

roguekiller report:

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: BrianTurner [Admin rights]

Mode: Scan -- Date: 06/02/2012 13:50:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\BRIANT~1\Desktop\dds.scr) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++

--- User ---

[MBR] 154a6df73d0e5d4cda85cca5c624bdc2

[bSP] 72863cc0d5b2679f532c38494ea55429 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 564298 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1155889152 | Size: 30720 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1218803712 | Size: 15360 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[B1nkster]

Everything seems to be working better now....let me know my next step.

In addition, I was running Microsoft essentials prior to this virus. Do you have recommendations regarding security software? Malware bytes I assume?

[MrCharlie]

Good.....Look at my Preventive Maintenance for recommendations on protection.

A little clean-up to do.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!