Jump to content

Searchnu browser hijack (Chrome Version 23.0.1271.97 m)


Recommended Posts

hi I am zamanmm. forgot my username/pw and lost my uncles email pw so i can't retrieve the forum pw. anyway this issue is my own and has nothing to do with the computers at my uncles business. I had searchnu installed on my comp and i uninstalled it and i thought it was gone but it seems it has hijacked my browsers new tab page. google is the default search engine. i am using windows 7. here are the logs. thanks for your help.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.05.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Elahi :: ELAHI-PC [administrator]

1/4/2013 9:59:43 PM

mbam-log-2013-01-04 (21-59-43).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 443319

Time elapsed: 1 hour(s), 2 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Elahi at 23:38:45 on 2013-01-04

#Option Extended Search is enabled.

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1593 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\windows\system32\mfevtps.exe

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Elahi\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Users\Elahi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\calc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\notepad.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

mStart Page = hxxp://lenovo.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121212165102.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [Facebook Update] "C:\Users\Elahi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [spotify Web Helper] "C:\Users\Elahi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [snp2uvc] C:\windows\vsnp2uvc.exe

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0FF2FCE5-68DA-48E8-B4B6-A4FD5A836EA6} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{6BF93E0C-C7D1-4B94-9CC5-C1857A9C5459} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{6BF93E0C-C7D1-4B94-9CC5-C1857A9C5459}\A716D616E613935333 : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll C:\PROGRA~3\Wincert\WIN32C~1.DLL

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://lenovo.msn.com

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20121212165058.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2012-10-9 57952]

R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-10-9 39008]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 339776]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-26 30056]

R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2012-10-9 13408]

R1 winioex;winioex;C:\windows\System32\drivers\winioex.sys [2012-10-9 15456]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-9 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 375728]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-11-30 72216]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-10-9 241016]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-10-9 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-10-9 177680]

R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-5 65657]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-9 2656280]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]

R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 69672]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]

R3 DelayMan;ACPI DelayMan Filter Service;C:\windows\System32\drivers\delayman.sys [2012-10-9 20064]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]

R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-10-9 174168]

R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2012-10-9 17880]

R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2012-10-9 57816]

R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2012-10-9 32088]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 309400]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 515528]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-11-18 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 15928]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]

S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2012-6-7 107432]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-10-9 437288]

S3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\System32\drivers\btwdpan.sys [2012-10-9 89640]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-10-9 39976]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-10-26 196440]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-10-9 225216]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 106112]

S3 motandroidusb;Mot ADB Interface Driver;C:\windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 motccgp;Motorola USB Composite Device Driver;C:\windows\System32\drivers\motccgp.sys [2012-6-11 22016]

S3 motccgpfl;MotCcgpFlService;C:\windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]

S3 MotDev;Motorola Inc. USB Device;C:\windows\System32\drivers\motodrv.sys [2009-5-8 53632]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-27 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 60 ================

.

2013-01-05 02:40:15 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Malwarebytes

2013-01-05 02:40:03 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-05 02:40:00 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-01-05 02:40:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-05 02:39:23 -------- d-----w- C:\Users\Elahi\AppData\Local\Programs

2013-01-05 02:30:11 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3D14140-420A-4670-9C77-4AB71706DA9F}\mpengine.dll

2012-12-31 02:31:09 -------- d-----w- C:\Users\Elahi\AppData\Local\DDMSettings

2012-12-27 02:03:04 -------- d-----w- C:\Users\Elahi\AppData\Local\{37AF441E-D763-429A-BB52-17BA1634FF32}

2012-12-27 02:02:42 -------- d-----w- C:\Users\Elahi\AppData\Local\{16B717A6-55C0-49D5-B4EF-9A336DAB5707}

2012-12-23 08:40:35 -------- d--h--w- C:\windows\msdownld.tmp

2012-12-23 08:40:35 -------- d-----w- C:\windows\SysWow64\directx

2012-12-22 08:00:15 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-22 08:00:14 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-22 08:00:14 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-22 08:00:14 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-20 14:46:23 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-20 14:46:23 -------- d-----w- C:\Program Files\iTunes

2012-12-20 14:46:23 -------- d-----w- C:\Program Files\iPod

2012-12-20 14:46:23 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-13 00:51:54 -------- d-----w- C:\Users\Elahi\AppData\Local\Diagnostics

2012-12-12 08:58:45 -------- d-----w- C:\Program Files\AutoHotkey

2012-12-12 04:28:32 -------- d-----w- C:\ProgramData\Browser Manager

2012-12-12 04:06:28 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 04:06:28 2048 ----a-w- C:\windows\System32\tzres.dll

2012-12-12 04:04:04 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-12-12 04:04:04 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-12-12 01:51:06 200704 ----a-w- C:\windows\SysWow64\vbalExpBar6.ocx

2012-12-12 01:50:58 115920 ----a-w- C:\windows\SysWow64\msinet.OCX

2012-12-12 01:50:57 40960 ----a-w- C:\windows\SysWow64\SSubTmr6.dll

2012-12-12 01:50:57 15360 ----a-w- C:\windows\SysWow64\inetfr.DLL

2012-12-12 01:50:56 484352 ----a-w- C:\windows\SysWow64\lame_enc.dll

2012-12-12 01:50:56 -------- d-----w- C:\Users\Elahi\AppData\Roaming\FreeBurner

2012-12-12 01:50:56 -------- d-----w- C:\ProgramData\Wincert

2012-12-12 01:50:51 -------- d-----w- C:\ProgramData\boost_interprocess

2012-12-12 01:50:49 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar

2012-12-12 01:50:19 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner

2012-12-12 01:45:54 397312 ----a-w- C:\windows\SysWow64\TubeFinder.exe

2012-12-12 01:45:53 9728 ----a-w- C:\windows\SysWow64\PCCLPFR.DLL

2012-12-12 01:45:53 84512 ----a-w- C:\windows\SysWow64\PICCLP32.OCX

2012-12-12 01:45:53 364544 ----a-w- C:\windows\SysWow64\PropertyGrid.ocx

2012-12-12 01:45:53 141312 ----a-w- C:\windows\SysWow64\MSCMCFR.DLL

2012-12-12 01:45:53 119568 ----a-w- C:\windows\SysWow64\VB6FR.DLL

2012-12-12 01:45:53 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx

2012-12-12 01:45:53 101888 ----a-w- C:\windows\SysWow64\VB6STKIT.DLL

2012-12-12 01:45:52 32768 ----a-w- C:\windows\SysWow64\CMDLGFR.DLL

2012-12-12 01:45:52 24576 ----a-w- C:\windows\SysWow64\ControlSubX.ocx

2012-12-12 01:45:52 152848 ----a-w- C:\windows\SysWow64\COMDLG32.OCX

2012-12-12 01:45:51 -------- d-----w- C:\Users\Elahi\AppData\Roaming\FreeFLVConverter

2012-12-12 01:44:57 -------- d-----w- C:\Users\Elahi\AppData\Local\iLivid

2012-12-12 01:44:57 -------- d-----w- C:\Program Files (x86)\Free FLV Converter

2012-12-11 09:16:27 -------- d-----w- C:\Users\Elahi\AppData\Roaming\KSCraft

2012-12-11 09:16:16 -------- d-----w- C:\Program Files (x86)\Kort's Spellcraft Calculator

2012-12-11 02:37:54 -------- d-----w- C:\Program Files (x86)\GearBunnies

2012-12-09 08:20:33 -------- d-----w- C:\Users\Elahi\AppData\Roaming\DaocTB

2012-12-09 08:20:22 -------- d-----w- C:\Program Files (x86)\DAOC-Charplan

2012-12-09 07:57:28 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Electronic Arts

2012-12-06 01:45:53 -------- d-----w- C:\Program Files (x86)\Motorola Mobility

2012-12-06 01:45:53 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2012-12-02 02:52:58 -------- d-----w- C:\Users\Elahi\AppData\Local\{CFD65AB0-4155-4465-8E29-ED18C085E79A}

2012-12-02 00:45:18 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Xfire

2012-12-02 00:44:27 -------- d-----w- C:\ProgramData\Xfire

2012-12-02 00:44:24 -------- d-----w- C:\Program Files (x86)\Xfire

2012-12-01 08:15:31 -------- d-----w- C:\ProgramData\Symantec

2012-12-01 08:15:18 -------- d-----w- C:\ProgramData\Norton

2012-12-01 08:15:15 -------- d-----w- C:\ProgramData\NortonInstaller

2012-12-01 03:21:24 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn Rescue Applet

2012-12-01 02:38:17 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn Rescue

2012-12-01 02:36:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Rescue Technician Console

2012-11-30 23:17:55 -------- d-----w- C:\Users\Elahi\AppData\Local\LogMeIn

2012-11-30 23:17:52 60328 ----a-w- C:\windows\System32\Spool\prtprocs\x64\LMIproc.dll

2012-11-30 23:17:52 35240 ----a-w- C:\windows\System32\LMIport.dll

2012-11-30 23:17:51 88008 ----a-w- C:\windows\System32\LMIRfsClientNP.dll

2012-11-30 23:17:51 72216 ----a-w- C:\windows\System32\drivers\LMIRfsDriver.sys

2012-11-30 23:17:50 83880 ----a-w- C:\windows\System32\LMIinit.dll

2012-11-30 23:17:49 -------- d-----w- C:\ProgramData\LogMeIn

2012-11-30 23:17:43 -------- d-----w- C:\Program Files (x86)\LogMeIn

2012-11-30 06:03:39 -------- d-----w- C:\Users\Elahi\AppData\Roaming\thriXXX

2012-11-29 21:48:54 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Utherverse

2012-11-29 17:52:01 -------- d-----w- C:\Users\Elahi\AppData\Local\{DFDA83EF-05C4-4C1F-AB8B-439EC42133DE}

2012-11-29 05:38:45 -------- d-----w- C:\Program Files (x86)\Utherverse Digital Inc

2012-11-26 02:55:02 -------- d-----w- C:\ProgramData\Synaptics

2012-11-26 02:52:04 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Synaptics

2012-11-24 23:16:44 -------- d-----w- C:\Users\Elahi\AppData\Local\Apps

2012-11-24 23:16:43 -------- d-----w- C:\Users\Elahi\AppData\Local\Deployment

2012-11-24 10:43:28 -------- d-----w- C:\Users\Elahi\AppData\Roaming\qliner

2012-11-18 17:01:09 -------- d-----w- C:\Users\Elahi\AppData\Local\{04E99714-A77B-4EBB-9449-95F304198793}

2012-11-16 02:30:30 42440 ----a-w- C:\windows\SysWow64\xfcodec.dll

2012-11-16 02:30:28 28104 ----a-w- C:\windows\System32\xfcodec64.dll

2012-11-14 05:14:39 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-11-14 05:14:39 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-11-14 05:14:39 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-11-14 05:14:39 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 05:11:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\DSETUP.dll

2012-11-14 05:11:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\DXSETUP.exe

2012-11-14 05:11:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726471311cdc22602\dsetup32.dll

2012-11-14 05:11:04 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\DSETUP.dll

2012-11-14 05:11:04 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\DXSETUP.exe

2012-11-14 05:11:04 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6f8cb5791cdc22601\dsetup32.dll

2012-11-14 05:10:55 -------- d-----w- C:\Users\Elahi\AppData\Local\Windows Live

2012-11-14 05:09:57 -------- d-----w- C:\Users\Elahi\AppData\Local\{BF9E77AE-AA03-4087-850C-A668DCCBFAB0}

2012-11-14 05:09:43 -------- d-----w- C:\Users\Elahi\AppData\Roaming\Windows Live Writer

2012-11-14 05:09:43 -------- d-----w- C:\Users\Elahi\AppData\Local\Windows Live Writer

2012-11-14 05:08:02 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-11-14 05:08:02 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2012-11-14 05:08:02 744448 ----a-w- C:\windows\System32\WUDFx.dll

2012-11-14 05:08:02 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2012-11-14 05:08:02 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2012-11-14 05:08:02 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2012-11-14 05:08:02 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2012-11-13 20:29:04 354216 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl

2012-11-09 10:02:56 -------- d-----w- C:\Users\Elahi\AppData\Local\Cisco

2012-11-09 10:02:36 -------- d-----w- C:\ProgramData\Cisco

2012-11-06 16:19:58 539960 ----a-w- C:\windows\SysWow64\SynCOM.dll

2012-11-06 16:19:24 461624 ----a-w- C:\windows\System32\drivers\SynTP.sys

2012-11-06 16:19:24 229176 ----a-w- C:\windows\System32\SynTPAPI.dll

2012-11-06 16:19:22 177976 ----a-w- C:\windows\System32\SynTPCo14.dll

2012-11-06 16:19:22 113976 ----a-w- C:\windows\SysWow64\SynTPCOM.dll

.

==================== Find6M ====================

.

2012-12-12 07:40:41 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 07:40:41 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-11-26 02:46:44 1048376 ----a-w- C:\windows\System32\SynCOM.dll

2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 11:40:24 69672 ----a-w- C:\windows\System32\drivers\cfwids.sys

2012-11-09 11:37:42 339776 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2012-11-09 11:37:30 177680 ----a-w- C:\windows\System32\mfevtps.exe

2012-11-09 11:36:40 10288 ----a-w- C:\windows\System32\drivers\mfeclnk.sys

2012-11-09 11:36:30 106112 ----a-w- C:\windows\System32\drivers\mferkdet.sys

2012-11-09 11:35:50 771096 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2012-11-09 11:34:58 515528 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2012-11-09 11:34:18 309400 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2012-11-09 11:33:58 178840 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2012-11-03 01:40:28 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys

2012-10-27 01:17:08 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-27 01:17:07 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-10-27 01:17:07 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-09 23:29:55 512 ----a-w- C:\windows\current.bin

2012-10-09 23:27:44 512 ----a-w- C:\windows\previous.bin

2012-10-09 23:25:32 21 ----a-w- C:\windows\System32\kk.cmd

2012-10-09 23:24:09 39008 ----a-w- C:\windows\System32\drivers\LhdX64.sys

2012-10-09 23:24:09 19872 ----a-w- C:\windows\System32\LenovoSDKEmSubSystem.dll

2012-10-09 23:24:07 29792 ----a-w- C:\windows\System32\drivers\AcpiVpc.sys

2012-10-09 23:22:06 57952 ----a-w- C:\windows\System32\drivers\fbfmon.sys

2012-10-09 23:22:06 44896 ----a-w- C:\windows\System32\FbDefrag.exe

2012-10-09 23:22:06 15968 ----a-w- C:\windows\System32\NFbfmon.dll

2012-10-09 23:22:06 13408 ----a-w- C:\windows\System32\drivers\BPntDrv.sys

2012-10-09 23:14:18 87392 ----a-w- C:\windows\SysWow64\LenovoRIC.interface.dll

2012-10-09 23:14:18 83296 ----a-w- C:\windows\SysWow64\GetASData.dll

2012-10-09 23:14:18 82944 ----a-w- C:\windows\System32\LenovoRIC.interface.dll

2012-10-09 23:14:18 80480 ----a-w- C:\windows\SysWow64\WinIoEx.dll

2012-10-09 23:14:18 74240 ----a-w- C:\windows\System32\GetASData.dll

2012-10-09 23:14:18 58720 ----a-w- C:\windows\SysWow64\LenovoRIC.stub.dll

2012-10-09 23:14:18 557056 ----a-w- C:\windows\System32\LenovoRIC.stub.dll

2012-10-09 23:14:18 2353152 ----a-w- C:\windows\System32\ColorBlindnessDLL.dll

2012-10-09 23:14:18 20064 ----a-w- C:\windows\System32\drivers\delayman.sys

2012-10-09 23:14:18 1771872 ----a-w- C:\windows\SysWow64\ColorBlindnessDLL.dll

2012-10-09 23:14:18 15456 ----a-w- C:\windows\System32\drivers\winioex.sys

2012-10-09 23:14:18 15456 ----a-w- C:\windows\System32\codelayman.dll

2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

2012-10-02 19:51:15 3536817 ----a-w- C:\windows\System32\nvcoproc.bin

2012-10-02 19:51:11 3293544 ----a-w- C:\windows\System32\nvsvc64.dll

2012-10-02 19:51:04 6200680 ----a-w- C:\windows\System32\nvcpl.dll

2012-10-02 19:50:57 891240 ----a-w- C:\windows\System32\nvvsvc.exe

2012-10-02 19:50:57 866664 ----a-w- C:\windows\System32\nv3dappshext.dll

2012-10-02 19:50:57 63336 ----a-w- C:\windows\System32\nvshext.dll

2012-10-02 19:50:57 55144 ----a-w- C:\windows\System32\nv3dappshextr.dll

2012-10-02 19:50:57 2557800 ----a-w- C:\windows\System32\nvsvcr.dll

2012-10-02 19:50:57 118120 ----a-w- C:\windows\System32\nvmctray.dll

2012-10-02 19:50:56 440168 ----a-w- C:\windows\SysWow64\oemdspif.dll

2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll

2012-09-18 09:32:44 55096 ----a-w- C:\windows\System32\LMouFiltCoInst.dll

2012-09-18 09:32:32 75064 ----a-w- C:\windows\System32\drivers\LHidFilt.Sys

.

============= FINISH: 23:39:35.04 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/26/2012 4:22:34 PM

System Uptime: 1/4/2013 9:57:45 PM (2 hours ago)

.

Motherboard: LENOVO | | Base Board Product Name

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 422 GiB total, 339.165 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 25.624 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

7-Zip 9.21

7-Zip 9.22beta

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoHotkey 1.1.09.00

Bonjour

Broadcom Gigabit NetLink Controller

Broadcom InConcert Maestro

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

Curse Client

D3DX10

DAOC-Charplan

Dark Age of Camelot

Diablo III

DivX Setup

Download Updater (AOL LLC)

Energy Management

eReg

Facebook Video Calling 1.2.0.287

Free Easy Burner V 5.1

Free FLV Converter V 7.5.0

GearBunnyX and Classic 1.102

Google Chrome

Google Update Helper

iLivid

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Wireless Display

InterActual Player

iTunes

Java 7 Update 9

Java Auto Updater

JMicron Flash Media Controller Driver

Junk Mail filter update

Kort's Spellcraft Calculator

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo EasyCamera

Lenovo EE Boot Optimizer

Lenovo Games Console

Lenovo OneKey Recovery

Lenovo R.I.C. (Robust Intelligent Companion)

Lenovo YouCam

Logitech SetPoint 6.50

LogMeIn

LogMeIn Rescue Technician Console

Malwarebytes Anti-Malware version 1.70.0.1100

Mathematica Extras 8.0 (2063897)

McAfee AntiVirus Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Motorola Device Manager

Motorola Device Software Update

Motorola Mobile Drivers Installation 5.9.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

Onekey Theater

ooVoo

Opera 12.12

Power2Go

Realtek High Definition Audio Driver

Red Light Center 3D Client

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Shared C Run-time for x64

Skype™ 6.0

Spotify

SRS Control Panel

Steam

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

UserGuide

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client for Windows x64

VeriFace

Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988)

World of Warcraft

Xfire

.

==== Event Viewer Messages From Past Week ========

.

1/4/2013 12:10:39 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

1/4/2013 12:10:39 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

1/4/2013 10:00:55 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

1/4/2013 10:00:55 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

argh, i hit delete :( here is the report if it helps any. do not see any change in chrome.

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Elahi [Admin rights]

Mode : Remove -- Date : 01/05/2013 20:45:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPKT-24PK4T0 +++++

--- User ---

[MBR] 3c46450a4a303c2cbaec684edd621438

[bSP] 542738b89dd357cbdee61d3f44d1bb48 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_01052013_02d2045.txt >>

RKreport[1]_S_01052013_02d2044.txt ; RKreport[2]_D_01052013_02d2045.txt

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for adware, toolbar and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 21:50:58

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Elahi - ELAHI-PC

# Boot Mode : Normal

# Running from : C:\Users\Elahi\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Elahi\AppData\Local\Temp\Searchqu.ini

File Found : C:\Users\Elahi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk

File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\Program Files (x86)\Searchqu Toolbar

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Elahi\AppData\Local\Ilivid

Folder Found : C:\Users\Elahi\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

Key Found : HKU\S-1-5-21-447736034-3068292486-3521329373-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Elahi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.15] : homepage = "hxxp://www.searchnu.com/421",

Found [l.1633] : homepage = "hxxp://www.searchnu.com/421",

-\\ Opera v12.12.1707.0

File : C:\Users\Elahi\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3579 octets] - [05/01/2013 21:50:58]

########## EOF - C:\AdwCleaner[R1].txt - [3639 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Let me know how it is also.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.