sirgeo99 Posted March 22, 2013 ID:659733 Share Posted March 22, 2013 Getting repeated outgoing IP blocks.DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.13.2Run by George at 13:52:45 on 2013-03-22Microsoft Windows 8 6.2.9200.0.1252.44.1033.18.8050.2497 [GMT 0:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2013\avgrsa.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgfws.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\CxAudMsg64.exeC:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exeC:\windows\system32\dashost.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\windows\SysWOW64\irstrtsv.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\windows\system32\mfevtps.exeC:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\windows\SysWOW64\NLSSRV32.EXEC:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exeC:\windows\SysWOW64\PnkBstrA.exeC:\Program Files\CyberLink\Shared files\RichVideo64.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\svchost.exe -k HPServiceC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\System32\dwm.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\windows\system32\taskhostex.exeC:\windows\Explorer.EXEC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exeC:\Windows\System32\rundll32.exeC:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exeC:\Program Files\CONEXANT\ForteConfig\fmapp.exeC:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exeC:\Program Files (x86)\Lenovo\Energy Management\utility.exeC:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exeC:\Program Files (x86)\SugarSync\SugarSyncManager.exeC:\Users\George\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exeC:\Windows\System32\StikyNot.exeC:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Dolby Home Theater v4\pcee4.exeC:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exeC:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exeC:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEC:\Program Files (x86)\AVG\AVG2013\avgcfgex.exeC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\System32\RuntimeBroker.exeC:\windows\system32\wwahost.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\windows\system32\wwahost.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Java\jre7\bin\jp2launcher.exeC:\Program Files (x86)\Java\jre7\bin\java.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\msiexec.exeC:\windows\System32\svchost.exe -k swprvC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://lenovo13.msn.comuDefault_Page_URL = hxxp://lenovo13.msn.commWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=trueuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [spotify Web Helper] "C:\Users\George\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [skyDrive] "C:\Users\George\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgrounduRun: [spotify] "C:\Users\George\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exemRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostartmRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /smRun: [smart Update] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe -smRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exemRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"StartupFolder: C:\Users\George\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exeIE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.254TCP: Interfaces\{6E3AD43F-F8D2-481D-BF8B-497AC08AF5A0} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{6E3AD43F-F8D2-481D-BF8B-497AC08AF5A0}\244584572633D2B48393B4 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{6E3AD43F-F8D2-481D-BF8B-497AC08AF5A0}\55F42477966696 : DHCPNameServer = 147.188.128.102 147.188.129.250TCP: Interfaces\{7DE9452C-5D81-4C20-BF27-6675B945916D}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23TCP: Interfaces\{7DE9452C-5D81-4C20-BF27-6675B945916D}\244584F6D65684572623D27553E483 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{7DE9452C-5D81-4C20-BF27-6675B945916D}\55F42477966696 : DHCPNameServer = 147.188.128.102 147.188.129.250TCP: Interfaces\{7DE9452C-5D81-4C20-BF27-6675B945916D}\74F62746F6E637 : DHCPNameServer = 192.168.10.1TCP: Interfaces\{CA546FD2-637B-4E12-9576-CAC2FAF377CC} : DHCPNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dllFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromemASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettingsx64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppx64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exex64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /tx64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exex64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exex64-Run: [synLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /mx64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetchx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-2-8 71480]R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-2-8 311096]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880]R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\Drivers\excsd.sys [2012-11-5 95024]R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-11-5 645952]R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-11-5 39008]R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\Drivers\mfehidk.sys [2012-6-22 771096]R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\Drivers\mfewfpk.sys [2012-6-22 339776]R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2012-11-5 30056]R1 Avgfwfd;AVG network filter service;C:\windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-2-26 246072]R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-2-8 206136]R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-2-24 247608]R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\Drivers\excfs.sys [2012-11-5 23344]R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-2-19 1418184]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2012-11-5 201376]R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-5 7168]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-5 128896]R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-11-5 193576]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-5 165760]R2 Lenovo Smart Update Service;Lenovo Smart Update Service;C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [2012-11-5 66640]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-19 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-19 682344]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-26 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-26 201304]R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-26 201304]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-26 201304]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-11-5 241016]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-11-5 218320]R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-11-5 182312]R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-7-16 216072]R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-1-30 1861288]R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-1-16 390672]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-5 364416]R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-3-19 990896]R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-27 121728]R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\Drivers\cfwids.sys [2012-6-22 69672]R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-23 342528]R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\windows\System32\Drivers\irstrtdv.sys [2012-11-5 43800]R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-8-10 25568]R3 LAD;Lenovo AOAC Driver;C:\windows\System32\Drivers\LAD.sys [2012-6-8 8704]R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-3-19 24176]R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\Drivers\mfeavfk.sys [2012-6-22 309400]R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\Drivers\mfefirek.sys [2012-6-22 515528]R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-11-5 683664]R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\Drivers\RTWlanU.sys [2012-9-17 1576080]R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2012-11-5 8225680]R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-6 36864]R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]S0 mfeelamk;McAfee Inc. mfeelamk;C:\windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" --> C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [?]S3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2012-6-29 100992]S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\windows\System32\Drivers\athurx.sys [2010-1-5 1847296]S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\Drivers\HipShieldK.sys [2012-12-26 196440]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-8-10 35296]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-11-5 332080]S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\Drivers\mferkdet.sys [2012-6-22 106112]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe --> C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [?]S3 NETwNe64;@oem13.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-8-7 4273192]S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\Drivers\RTWlanU.sys [2012-9-17 1576080]S3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-8-10 48096]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-11-5 102376]S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-10 188384]S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\windows\System32\Drivers\xusb22.sys [2012-7-26 89088].=============== File Associations ===============.FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2013-03-19 11:50:07 -------- d-----w- C:\Users\George\AppData\Roaming\AVG20132013-03-19 11:39:11 -------- d-----w- C:\Users\George\AppData\Local\AVG SafeGuard toolbar2013-03-19 11:39:09 -------- d-----w- C:\Users\George\AppData\Roaming\TuneUp Software2013-03-19 11:39:06 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar2013-03-19 11:39:01 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys2013-03-19 11:38:58 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search2013-03-19 11:38:58 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar2013-03-19 11:37:45 -------- d--h--w- C:\$AVG2013-03-19 11:37:45 -------- d-----w- C:\ProgramData\AVG20132013-03-19 11:37:09 -------- d-----w- C:\Program Files (x86)\AVG2013-03-19 11:35:58 -------- d-----w- C:\Users\George\AppData\Roaming\Malwarebytes2013-03-19 11:35:46 -------- d-----w- C:\ProgramData\Malwarebytes2013-03-19 11:35:45 24176 ----a-w- C:\windows\System32\drivers\mbam.sys2013-03-19 11:35:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-03-19 11:35:05 -------- d-----w- C:\Users\George\AppData\Local\Programs2013-03-19 11:34:22 -------- d--h--w- C:\ProgramData\Common Files2013-03-19 11:34:22 -------- d-----w- C:\Users\George\AppData\Local\MFAData2013-03-19 11:34:22 -------- d-----w- C:\Users\George\AppData\Local\Avg20132013-03-19 11:34:22 -------- d-----w- C:\ProgramData\MFAData2013-03-14 09:15:04 20992 ----a-w- C:\windows\System32\drivers\usb8023x.sys2013-03-14 09:15:04 20992 ----a-w- C:\windows\System32\drivers\usb8023.sys2013-03-13 12:01:53 13643264 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll2013-03-12 15:56:51 192784 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10196.bin2013-03-11 12:01:58 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin2013-02-28 13:13:34 -------- d-----w- C:\Users\George\AppData\Local\Adobe2013-02-27 08:50:28 443392 ----a-w- C:\windows\System32\ReAgent.dll2013-02-27 08:50:28 375808 ----a-w- C:\windows\SysWow64\ReAgent.dll2013-02-27 08:50:28 1010688 ----a-w- C:\windows\System32\reseteng.dll2013-02-26 23:40:46 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys2013-02-24 23:37:28 247608 ----a-w- C:\windows\System32\drivers\avgwfpa.sys2013-02-22 09:59:24 84648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll2013-02-22 09:59:24 78512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll2013-02-22 09:59:24 64160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll2013-02-22 09:59:24 42144 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll2013-02-22 09:59:24 24712 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll2013-02-22 09:59:22 42160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll2013-02-22 09:59:22 36016 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll2013-02-22 09:59:22 33448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll2013-02-22 09:59:22 25256 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll2013-02-22 09:59:22 116800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll2013-02-21 22:10:11 -------- d-----w- C:\Program Files\iPod2013-02-21 22:10:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-02-21 22:10:09 -------- d-----w- C:\Program Files\iTunes2013-02-21 22:10:09 -------- d-----w- C:\Program Files (x86)\iTunes.==================== Find3M ====================.2013-03-05 23:07:25 78168 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-05 23:07:25 692568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-03-02 08:22:18 361984 ----a-w- C:\windows\SysWow64\MFMediaEngine.dll2013-03-02 02:44:30 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll2013-02-19 13:32:59 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-02-19 13:32:57 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll2013-02-19 13:32:57 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll2013-02-15 07:58:59 39936 ----a-w- C:\windows\apppatch\apppatch64\acspecfc.dll2013-02-15 06:35:40 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll2013-02-12 01:30:04 44032 ----a-w- C:\windows\SysWow64\UXInit.dll2013-02-12 00:56:19 53760 ----a-w- C:\windows\System32\UXInit.dll2013-02-12 00:25:18 4041728 ----a-w- C:\windows\System32\win32k.sys2013-02-08 04:37:56 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys2013-02-08 04:37:54 311096 ----a-w- C:\windows\System32\drivers\avgloga.sys2013-02-08 04:37:50 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys2013-02-08 04:37:42 206136 ----a-w- C:\windows\System32\drivers\avgldx64.sys2013-02-08 04:37:40 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys2013-02-07 04:09:56 69864 ----a-w- C:\windows\System32\drivers\pdc.sys2013-02-07 03:34:58 10115072 ----a-w- C:\windows\System32\twinui.dll2013-02-07 03:33:47 2302464 ----a-w- C:\windows\System32\authui.dll2013-02-07 03:33:42 2146816 ----a-w- C:\windows\System32\actxprxy.dll2013-02-07 01:34:00 8856576 ----a-w- C:\windows\SysWow64\twinui.dll2013-02-07 01:33:03 2033664 ----a-w- C:\windows\SysWow64\authui.dll2013-02-07 01:33:01 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll2013-02-05 22:31:11 622080 ----a-w- C:\windows\System32\drivers\srv2.sys2013-02-05 22:29:09 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys2013-02-05 22:28:48 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys2013-02-05 22:28:36 215552 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys2013-02-05 04:58:01 1766912 ----a-w- C:\windows\SysWow64\wininet.dll2013-02-05 04:56:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll2013-02-05 04:56:27 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-02-05 04:56:27 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-02-05 03:55:27 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-02-05 01:44:50 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll2013-02-04 22:39:47 2246656 ----a-w- C:\windows\System32\wininet.dll2013-02-04 22:39:39 907776 ----a-w- C:\windows\System32\uxtheme.dll2013-02-04 22:38:55 3966464 ----a-w- C:\windows\System32\jscript9.dll2013-02-04 22:38:53 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-02-02 11:19:44 496872 ----a-w- C:\windows\System32\drivers\usbhub.sys2013-02-02 11:19:44 446184 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS2013-02-02 11:19:41 329960 ----a-w- C:\windows\System32\drivers\storport.sys2013-02-02 11:19:33 61672 ----a-w- C:\windows\System32\drivers\crashdmp.sys2013-02-02 10:54:54 1933544 ----a-w- C:\windows\System32\drivers\ntfs.sys2013-02-02 10:28:54 993512 ----a-w- C:\windows\System32\drivers\ndis.sys2013-02-02 10:28:54 2226408 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-02-02 09:42:07 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll2013-02-02 08:40:58 375808 ----a-w- C:\windows\SysWow64\wbem\WmiPrvSE.exe2013-02-02 08:40:55 80896 ----a-w- C:\windows\SysWow64\tasklist.exe2013-02-02 08:40:55 79360 ----a-w- C:\windows\SysWow64\taskkill.exe2013-02-02 08:40:36 155136 ----a-w- C:\windows\SysWow64\XpsRasterService.dll2013-02-02 08:40:35 370688 ----a-w- C:\windows\SysWow64\WWanAPI.dll2013-02-02 08:40:27 131072 ----a-w- C:\windows\SysWow64\wbem\WmiDcPrv.dll2013-02-02 08:40:26 410624 ----a-w- C:\windows\SysWow64\wlroamextension.dll2013-02-02 08:40:22 197632 ----a-w- C:\windows\SysWow64\Windows.Networking.Connectivity.dll2013-02-02 08:40:22 10792448 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll2013-02-02 08:40:01 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll2013-02-02 08:39:59 325632 ----a-w- C:\windows\SysWow64\schannel.dll2013-02-02 08:39:47 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll2013-02-02 08:39:34 55296 ----a-w- C:\windows\SysWow64\nlaapi.dll2013-02-02 08:39:34 15872 ----a-w- C:\windows\SysWow64\nlmproxy.dll2013-02-02 08:39:34 12288 ----a-w- C:\windows\SysWow64\nlmsprep.dll2013-02-02 08:39:33 115712 ----a-w- C:\windows\SysWow64\netprofm.dll2013-02-02 08:39:28 5090816 ----a-w- C:\windows\SysWow64\mstscax.dll2013-02-02 08:39:15 157696 ----a-w- C:\windows\SysWow64\mbsmsapi.dll2013-02-02 08:38:54 567808 ----a-w- C:\windows\SysWow64\duser.dll2013-02-02 08:24:19 107520 ----a-w- C:\windows\System32\taskkill.exe2013-02-02 08:24:19 102400 ----a-w- C:\windows\System32\tasklist.exe2013-02-02 08:23:44 228352 ----a-w- C:\windows\System32\XpsRasterService.dll2013-02-02 08:23:43 475136 ----a-w- C:\windows\System32\WWanAPI.dll2013-02-02 08:23:37 611840 ----a-w- C:\windows\System32\wpd_ci.dll2013-02-02 08:23:37 105472 ----a-w- C:\windows\System32\wpdbusenum.dll2013-02-02 08:23:30 830464 ----a-w- C:\windows\System32\wbem\WmiPrvSD.dll2013-02-02 08:23:28 543232 ----a-w- C:\windows\System32\wlroamextension.dll2013-02-02 08:23:19 293376 ----a-w- C:\windows\System32\Windows.Networking.Connectivity.dll2013-02-02 08:23:18 731648 ----a-w- C:\windows\System32\win32spl.dll2013-02-02 08:23:16 87552 ----a-w- C:\windows\System32\wersvc.dll2013-02-02 08:22:28 448512 ----a-w- C:\windows\System32\SettingSync.dll2013-02-02 08:22:22 416256 ----a-w- C:\windows\System32\schannel.dll2013-02-02 08:21:45 467456 ----a-w- C:\windows\System32\netprofmsvc.dll2013-02-02 08:21:44 385024 ----a-w- C:\windows\System32\ncsi.dll2013-02-02 08:21:38 5977600 ----a-w- C:\windows\System32\mstscax.dll2013-02-02 08:21:10 225280 ----a-w- C:\windows\System32\mbsmsapi.dll2013-02-02 08:20:47 260096 ----a-w- C:\windows\System32\hotspotauth.dll2013-02-02 08:20:31 729600 ----a-w- C:\windows\System32\duser.dll2013-02-02 07:30:05 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-02-02 07:25:52 297984 ----a-w- C:\windows\System32\drivers\ks.sys2013-02-02 07:25:26 82944 ----a-w- C:\windows\System32\drivers\hidclass.sys2013-02-02 07:25:23 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys2013-02-02 05:41:57 1437184 ----a-w- C:\windows\SysWow64\GdiPlus.dll2013-02-02 05:31:54 1690624 ----a-w- C:\windows\System32\GdiPlus.dll2013-01-24 10:32:08 2177648 ----a-w- C:\windows\System32\coin93.dll2013-01-15 21:53:56 751141 ----a-w- C:\windows\unins000.exe2013-01-14 17:49:06 281288 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr2013-01-14 17:49:06 281288 ----a-w- C:\windows\SysWow64\PnkBstrB.exe2013-01-14 03:56:14 6967016 ----a-w- C:\windows\System32\ntoskrnl.exe2013-01-12 14:55:27 281288 ----a-w- C:\windows\SysWow64\PnkBstrB.ex02013-01-11 19:54:25 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe2013-01-10 01:53:32 28904 ----a-w- C:\windows\System32\drivers\msgpiowin32.sys2013-01-10 01:40:39 1448168 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys2013-01-10 01:40:38 303848 ----a-w- C:\windows\System32\drivers\dxgmms1.sys.============= FINISH: 13:52:59.77 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume4Install Date: 26/12/2012 07:30:32System Uptime: 20/03/2013 16:44:57 (45 hours ago).Motherboard: LENOVO | | Lenovo Processor: Intel® Core i7-3517U CPU @ 1.90GHz | CPU Socket - U3E1 | 1900/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 884 GiB total, 771.48 GiB free.D: is FIXED (NTFS) - 25 GiB total, 21.628 GiB free..==== Disabled Device Manager Items =============.Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}Description: USB-IF xHCI USB Host ControllerDevice ID: ROOT\UOIP_BUS_DRIVER\0000Manufacturer: Intel CorporationName: USB-IF xHCI USB Host ControllerPNP Device ID: ROOT\UOIP_BUS_DRIVER\0000Service: XHCIPort.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Intel® Centrino® Wireless-N 2230Device ID: PCI\VEN_8086&DEV_0888&SUBSYS_42628086&REV_C4\4&250823DF&0&00E2Manufacturer: Intel CorporationName: Intel® Centrino® Wireless-N 2230PNP Device ID: PCI\VEN_8086&DEV_0888&SUBSYS_42628086&REV_C4\4&250823DF&0&00E2Service: NETwNe64.==== System Restore Points ===================.RP21: 20/03/2013 03:03:28 - Scheduled Checkpoint.==== Installed Programs ======================.64 Bit HP CIO Components Installer7-Zip 9.20Absolute ReminderAdobe Flash Player 11 PluginAdobe Reader XI (11.0.02)Alcor Micro USB Card ReaderAmazon Browser AppAPB ReloadedApple Application SupportApple Mobile Device SupportApple Software UpdateµTorrentAVG 2013BonjourBufferChmC4500Conexant HD AudioCyberLink PowerDirector 11D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDeus Ex: Human RevolutionDiRT 3DivX SetupDolby Home Theater v4DropboxEnergy ManagementExpressCacheEzvidGoogle ChromeGoogle Update HelperGPBaseService2HP Customer Participation Program 14.0HP Photo CreationsHP Photosmart C4500 All-In-One Driver Software 14.0 Rel. 6HP Solution Center 14.0HP UpdateHPPhotoGadgetHPProductAssistantHPSSupplyIntel AppUp(SM) centerIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® Rapid Start TechnologyIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® WiDiIntel® Trusted Connect Service ClientiTunesJava 7 Update 13Java Auto UpdaterLenovo EasyCameraLenovo MediaShow6Lenovo OneKey RecoveryLenovo Smart UpdateLenovo YouCamLenovoDrv_x64Logitech Unifying Software 2.10Malwarebytes Anti-Malware version 1.70.0.1100MarketResearchMcAfee Internet SecurityMicrosoft Application Error ReportingMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office 365 Home Premium - en-usMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106Movie MakerMSVCRTMSVCRT RedistsMSVCRT110MSVCRT110_amd64Network64Newblue Art Effects for PowerDirectorNitro Pro 7NVIDIA Control Panel 305.46NVIDIA Graphics Driver 305.46NVIDIA Install ApplicationNVIDIA Optimus 1.10.8NVIDIA PhysXNVIDIA PhysX System Software 9.12.0613NVIDIA Update 1.10.8NVIDIA Update ComponentsOffice 15 Click-to-Run Extensibility ComponentOffice 15 Click-to-Run Licensing ComponentOffice 15 Click-to-Run Localization ComponentOpenALPCSX2 - Playstation 2 EmulatorPhoto CommonPhoto GalleryPS_AIO_04_C4500_Software_MinPunkBuster ServicesRapture3D 2.4.8 GameRavagedRealtek Ethernet Controller DriverScanSecurity Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionShared C Run-time for x64Shop for HP SuppliesSolutionCenterSpotifySteamSugarSync ManagerSynaptics Pointing Device DriverToolboxUpdate for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUserGuideVC80CRTRedist - 8.0.50727.6195Visual Studio 2010 x64 RedistributablesVLC media player 2.0.5WebRegWindows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)Windows Driver Package - Lenovo Corporation (LAD) System (06/08/2012 1.0.0.3)Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language Pack.==== Event Viewer Messages From Past Week ========.22/03/2013 11:25:18, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.21/03/2013 15:01:56, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 12620/03/2013 16:50:33, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.20/03/2013 16:47:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xfffffa803fd03b00, 0xfffff8021a19c800). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 032013-23843-01.20/03/2013 16:46:14, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Zero Configuration Service service failed to start due to the following error: The system cannot find the file specified.20/03/2013 16:46:06, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The system cannot find the file specified.20/03/2013 16:45:48, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The system cannot find the file specified.20/03/2013 16:38:34, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.20/03/2013 16:38:10, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.20/03/2013 00:37:10, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.18/03/2013 11:12:09, Error: Service Control Manager [7034] - The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff gringo_pr Posted March 22, 2013 Staff ID:659806 Share Posted March 22, 2013 Hello sirgeo99 Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.[*]Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.[*]Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.[*]Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo Link to post Share on other sites More sharing options...
sirgeo99 Posted March 23, 2013 Author ID:660190 Share Posted March 23, 2013 Hi Gringo,Thanks very much for helping me out with this, I've done what you asked and pasted the results below.SECURITY CHECK Results of screen317's Security Check version 0.99.61 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware AVG Internet Security 2013 Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader XI Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ADW CLEANER# AdwCleaner v2.115 - Logfile created 03/23/2013 at 16:02:44# Updated 17/03/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : George - GEORGEPC# Boot Mode : Normal# Running from : C:\Users\George\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Users\George\AppData\LocalLow\boost_interprocess***** [Registry] *****Key Deleted : HKCU\Software\SoftonicKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16519[OK] Registry is clean.-\\ Google Chrome v25.0.1364.172File : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.1] : icon_url ={"backup":{"_signature":"vZiIlzTvVwJY/jF1RNq2HCm+IJ+Qm/M9P+GO6DE9vW4=","_version":4,"extensions":{"i[...]*************************AdwCleaner[R1].txt - [17189 octets] - [23/03/2013 16:01:49]AdwCleaner[s1].txt - [3805 octets] - [23/03/2013 16:02:44]########## EOF - C:\AdwCleaner[s1].txt - [3865 octets] ##########ROGUEKILLERRogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : George [Admin rights]Mode : Remove -- Date : 03/23/2013 16:11:58| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 5 ¤¤¤[RUN][bLACKLISTDLL] HKLM\[...]\Run : BTMTrayAgent (rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp) -> DELETED[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: RDM-II XM020C +++++--- User ---[MBR] 7ccd61cb688afa4a4958e3530a339705[bSP] a37d2464de8929802cdfe0cac02a1c3c : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++--- User ---[MBR] 51210672ea5aa68e5c862e1b737abc46[bSP] 5ca68b6eb19247caaaa03340f3bb6e0d : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[2]_D_03232013_02d1611.txt >>RKreport[1]_S_03232013_02d1610.txt ; RKreport[2]_D_03232013_02d1611.txtLooking forward to hearing back from you,All the best, Sirgeo99 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted March 23, 2013 Staff ID:660224 Share Posted March 23, 2013 Hello sirgeo99 I Would like you to do the following.Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
sirgeo99 Posted March 24, 2013 Author ID:660394 Share Posted March 24, 2013 Combofix says it will not run on windows 8, not sure what to do next.PC feels like it's running fine but I'm still getting random outgoing IP blocks, one example IP i seem to block a lot is - 217.41.223.104. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted March 24, 2013 Staff ID:660469 Share Posted March 24, 2013 Hello sirgeo99 Lets get a deeper look into the system and lets see if something shows up.Download and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Click on Run Scan at the top left hand corner.When done, two Notepad files will open.OTL.txt <-- Will be opened and the that I need posted back hereExtra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later[*]Please post the contents of OTL.txt in your next reply.Gringo Link to post Share on other sites More sharing options...
sirgeo99 Posted March 25, 2013 Author ID:660742 Share Posted March 25, 2013 OTL logfile created on: 25/03/2013 11:44:58 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\George\Downloads64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16519)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy7.86 Gb Total Physical Memory | 3.62 Gb Available Physical Memory | 45.99% Memory free15.86 Gb Paging File | 10.76 Gb Available in Paging File | 67.85% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 884.18 Gb Total Space | 767.01 Gb Free Space | 86.75% Space Free | Partition Type: NTFSDrive D: | 25.00 Gb Total Space | 21.63 Gb Free Space | 86.51% Space Free | Partition Type: NTFSComputer Name: GEORGEPC | User Name: George | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\George\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Users\George\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()PRC - C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE (Microsoft Corporation)PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)PRC - C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel)PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)PRC - C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe (Lenovo)PRC - C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe (Lenovo)PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)PRC - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)========== Modules (No Company Name) ==========MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll ()MOD - C:\Program Files\Microsoft Office 15\root\office15\jitv.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()MOD - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll ()MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()MOD - C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll ()MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll ()MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()========== Services (SafeList) ==========SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe File not foundSRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe File not foundSRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe File not foundSRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe File not foundSRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (NitroDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software)SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)SRV - (vToolbarUpdater15.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)SRV - (Lenovo Smart Update Service) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe (Lenovo)SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)========== Driver Services (SafeList) ==========DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\Drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\Drivers\usb8023x.sys (Microsoft Corporation)DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\Drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\Drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\Drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)DRV:64bit: - (cfwids) -- C:\Windows\SysNative\Drivers\cfwids.sys (McAfee, Inc.)DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\Drivers\mfewfpk.sys (McAfee, Inc.)DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\Drivers\mferkdet.sys (McAfee, Inc.)DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\Drivers\mfehidk.sys (McAfee, Inc.)DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\Drivers\mfeelamk.sys (McAfee, Inc.)DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\Drivers\mfefirek.sys (McAfee, Inc.)DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\Drivers\mfeavfk.sys (McAfee, Inc.)DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\Drivers\mfeapfk.sys (McAfee, Inc.)DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\Drivers\LhdX64.sys (Lenovo.)DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\Drivers\AcpiVpc.sys (Lenovo Corporation)DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\Drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)DRV:64bit: - (RtlWlanu) -- C:\Windows\SysNative\Drivers\RTWlanU.sys (Realtek Semiconductor Corporation )DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\Drivers\RTWlanU.sys (Realtek Semiconductor Corporation )DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\Drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation)DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows ® Win 7 DDK provider)DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows ® Win 7 DDK provider)DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)DRV:64bit: - (xusb22) -- C:\Windows\SysNative\Drivers\xusb22.sys (Microsoft Corporation)DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\Drivers\rtsuvc.sys (Realtek Semiconductor Corp.)DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\Drivers\AmUStor.sys (Alcor Micro, Corp.)DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\Drivers\CHDRT64.sys (Conexant Systems Inc.)DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)DRV:64bit: - (wsvd) -- C:\Windows\SysNative\Drivers\wsvd.sys ("CyberLink)DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )DRV:64bit: - (LAD) -- C:\Windows\SysNative\Drivers\LAD.sys (TODO: <Company name>)DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\Drivers\HipShieldK.sys (McAfee, Inc.)DRV:64bit: - (excsd) -- C:\Windows\SysNative\Drivers\excsd.sys (Diskeeper Corporation)DRV:64bit: - (excfs) -- C:\Windows\SysNative\Drivers\excfs.sys (Diskeeper Corporation)DRV:64bit: - (dc3d) -- C:\Windows\SysNative\Drivers\dc3d.sys (Microsoft Corporation)DRV:64bit: - (athur) -- C:\Windows\SysNative\Drivers\athurx.sys (Atheros Communications, Inc.)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{8742F2D5-FA9A-4440-850A-9BA6C1BAF972}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{8742F2D5-FA9A-4440-850A-9BA6C1BAF972}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1738348317-473644215-4084133036-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comIE - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]IE - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]IE - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.comIE - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/10 18:08:44 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/12/28 15:41:08 | 000,000,000 | ---D | M]========== Chrome ==========CHR - Extension: No name found = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\CHR - Extension: No name found = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: No name found = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: No name found = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/07/26 05:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hostsO2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)O4:64bit: - HKLM..\Run: [synLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [smart Update] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe (Lenovo)O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)O4 - HKU\S-1-5-21-1738348317-473644215-4084133036-1002..\Run: [skyDrive] C:\Users\George\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1738348317-473644215-4084133036-1002..\Run: [spotify] C:\Users\George\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)O4 - HKU\S-1-5-21-1738348317-473644215-4084133036-1002..\Run: [spotify Web Helper] C:\Users\George\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O4 - HKU\S-1-5-21-1738348317-473644215-4084133036-1002..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O4 - HKU\S-1-5-21-1738348317-473644215-4084133036-1002..\Run: [sugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\George\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1738348317-473644215-4084133036-1002\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E3AD43F-F8D2-481D-BF8B-497AC08AF5A0}: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA546FD2-637B-4E12-9576-CAC2FAF377CC}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\osf - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/03/24 13:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee[2013/03/23 16:06:23 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AVG Secure Search[2013/03/20 16:45:21 | 000,000,000 | ---D | C] -- C:\windows\Minidump[2013/03/19 11:50:07 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\AVG2013[2013/03/19 11:39:11 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AVG SafeGuard toolbar[2013/03/19 11:39:09 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\TuneUp Software[2013/03/19 11:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2013/03/19 11:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar[2013/03/19 11:39:01 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys[2013/03/19 11:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search[2013/03/19 11:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar[2013/03/19 11:37:45 | 000,000,000 | -H-D | C] -- C:\$AVG[2013/03/19 11:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013[2013/03/19 11:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG[2013/03/19 11:35:58 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Malwarebytes[2013/03/19 11:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/03/19 11:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/03/19 11:35:45 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys[2013/03/19 11:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/03/19 11:35:05 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Programs[2013/03/19 11:34:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files[2013/03/19 11:34:22 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\MFAData[2013/03/19 11:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[2013/03/19 11:34:22 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Avg2013[2013/03/14 09:15:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023x.sys[2013/03/14 09:15:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys[2013/03/13 12:02:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll[2013/03/13 12:02:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll[2013/03/13 12:02:09 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll[2013/03/13 12:02:09 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll[2013/03/13 12:02:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll[2013/03/13 12:02:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll[2013/03/13 12:02:08 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll[2013/03/13 12:02:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll[2013/03/13 12:02:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll[2013/03/13 12:02:08 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe[2013/03/13 12:02:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll[2013/03/13 12:02:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll[2013/03/13 12:02:05 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll[2013/03/13 12:02:05 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll[2013/03/13 12:02:04 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll[2013/03/13 12:02:04 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll[2013/03/13 12:02:03 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll[2013/03/13 12:02:03 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys[2013/03/13 12:02:02 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll[2013/03/13 12:02:02 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll[2013/03/13 12:01:53 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll[2013/03/13 12:01:52 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll[2013/03/13 12:01:52 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll[2013/03/13 12:01:50 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll[2013/03/13 12:01:50 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll[2013/03/13 12:01:50 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll[2013/03/13 12:01:49 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll[2013/03/13 12:01:49 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll[2013/03/13 12:01:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll[2013/03/13 12:01:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll[2013/03/13 12:01:48 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll[2013/03/13 12:01:48 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll[2013/03/13 12:01:48 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll[2013/03/13 12:01:48 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys[2013/03/13 12:01:47 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll[2013/03/13 12:01:47 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS[2013/03/13 12:01:47 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll[2013/03/13 12:01:47 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll[2013/03/13 12:01:47 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll[2013/03/13 12:01:47 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll[2013/03/13 12:01:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe[2013/03/13 12:01:47 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe[2013/03/13 12:01:46 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll[2013/03/13 12:01:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll[2013/03/13 12:01:46 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys[2013/03/13 12:01:46 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll[2013/03/13 12:01:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe[2013/03/13 12:01:46 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys[2013/03/13 12:01:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll[2013/03/13 12:01:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys[2013/03/13 12:01:45 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe[2013/03/13 12:01:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll[2013/03/13 12:01:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll[2013/03/13 12:01:39 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll[2013/03/13 12:01:38 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll[2013/02/28 13:13:34 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Adobe[2013/02/28 10:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe[2013/02/28 10:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe[2013/02/27 08:50:28 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll[2013/02/27 08:50:28 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll[2013/02/27 08:50:28 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll[2013/02/26 23:40:46 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgidsdrivera.sys[2013/02/24 23:37:28 | 000,247,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgwfpa.sys[3 C:\Users\George\Documents\*.tmp files -> C:\Users\George\Documents\*.tmp -> ][1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/03/25 11:44:00 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync[2013/03/25 11:38:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2013/03/24 16:39:53 | 000,000,024 | ---- | M] () -- C:\Users\George\random.dat[2013/03/24 16:37:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2013/03/24 16:34:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2013/03/24 16:30:25 | 000,000,045 | ---- | M] () -- C:\Users\George\jagex_cl_oldschool_LIVE.dat[2013/03/23 18:31:06 | 000,000,045 | ---- | M] () -- C:\Users\George\jagex_cl_runescape_LIVE.dat[2013/03/23 16:05:32 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2013/03/23 16:05:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2013/03/23 16:05:04 | 2458,267,647 | -HS- | M] () -- C:\hiberfil.sys[2013/03/23 16:03:21 | 000,000,121 | ---- | M] () -- C:\windows\DeleteOnReboot.bat[2013/03/20 16:52:58 | 000,850,046 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2013/03/20 16:45:14 | 1859,786,959 | ---- | M] () -- C:\windows\MEMORY.DMP[2013/03/20 00:37:49 | 003,933,729 | ---- | M] () -- C:\Users\George\Documents\abby boozed.wma[2013/03/19 22:40:13 | 000,000,157 | ---- | M] () -- C:\windows\SysWow64\SystemPreferences.xml[2013/03/19 11:39:09 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk[2013/03/19 11:38:55 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys[2013/03/19 11:35:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/03/16 19:51:58 | 000,724,738 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2013/03/16 19:51:58 | 000,137,374 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2013/03/16 19:47:43 | 000,432,984 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[2013/03/05 23:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe[2013/03/05 23:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl[2013/03/02 08:22:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll[2013/03/02 02:44:30 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll[2013/02/28 10:31:33 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgidsdrivera.sys[2013/02/24 23:37:28 | 000,247,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgwfpa.sys[3 C:\Users\George\Documents\*.tmp files -> C:\Users\George\Documents\*.tmp -> ][1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]========== Files Created - No Company Name ==========[2013/03/25 11:44:00 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync[2013/03/23 16:03:15 | 000,000,121 | ---- | C] () -- C:\windows\DeleteOnReboot.bat[2013/03/20 16:45:14 | 1859,786,959 | ---- | C] () -- C:\windows\MEMORY.DMP[2013/03/20 00:37:49 | 003,933,729 | ---- | C] () -- C:\Users\George\Documents\abby boozed.wma[2013/03/19 11:39:09 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk[2013/03/19 11:35:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/03/16 19:47:32 | 000,432,984 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT[2013/02/28 10:31:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk[2013/02/28 10:31:33 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2013/02/23 11:53:35 | 000,000,045 | ---- | C] () -- C:\Users\George\jagex_cl_oldschool_LIVE.dat[2013/01/31 11:43:47 | 000,000,045 | ---- | C] () -- C:\Users\George\jagex_cl_runescape_LIVE.dat[2013/01/31 11:43:47 | 000,000,024 | ---- | C] () -- C:\Users\George\random.dat[2013/01/15 21:56:54 | 000,006,144 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2013/01/15 21:56:22 | 000,751,141 | ---- | C] () -- C:\windows\unins000.exe[2013/01/15 21:56:22 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\LAGARITH.DLL[2013/01/15 21:56:22 | 000,060,787 | ---- | C] () -- C:\windows\unins000.dat[2013/01/11 19:31:10 | 000,281,288 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe[2013/01/11 19:31:09 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe[2013/01/10 10:28:35 | 000,000,582 | ---- | C] () -- C:\windows\hpomdl30.dat.temp[2013/01/09 19:13:42 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll[2013/01/08 08:57:22 | 000,225,612 | ---- | C] () -- C:\windows\hpoins30.dat[2013/01/08 08:57:22 | 000,000,582 | ---- | C] () -- C:\windows\hpomdl30.dat[2012/12/26 07:31:43 | 000,004,985 | ---- | C] () -- C:\Users\George\AppData\Roaming\AbsoluteReminder.xml[2012/11/05 11:19:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl[2012/11/05 11:01:27 | 000,866,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2012/08/23 03:38:15 | 000,597,244 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin[2012/08/23 03:37:59 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll[2012/08/23 03:37:56 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll[2012/07/25 20:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin[2012/07/25 20:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat[2012/04/20 21:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat========== ZeroAccess Check ==========[2012/12/26 12:21:12 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 23:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 23:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== Alternate Data Streams ==========@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences< End of report > Link to post Share on other sites More sharing options...
Staff gringo_pr Posted March 25, 2013 Staff ID:660768 Share Posted March 25, 2013 Hello sirgeo99 I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.Run OTL ScriptDouble-click OTL.exe to start the program.Copy and Paste the following code into the text box.:OTLFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\osf - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]Then click the Run Fix button at the top.Click .OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFilesIt will be named - mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.Let me know How things are doingGringo Link to post Share on other sites More sharing options...
sirgeo99 Posted March 26, 2013 Author ID:661105 Share Posted March 26, 2013 ========== OTL ==========64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.File Protocol\Handler\ms-help - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.File Protocol\Handler\osf - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.File Protocol\Handler\wlpg - No CLSID value found not found.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\George\Downloads\cmd.bat deleted successfully.C:\Users\George\Downloads\cmd.txt deleted successfully.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: George->Java cache emptied: 66464163 bytesUser: GuestUser: PublicUser: UpdatusUserTotal Java Files Cleaned = 63.00 mb[EMPTYFLASH]User: All UsersUser: DefaultUser: Default UserUser: George->Flash cache emptied: 2724 bytesUser: GuestUser: PublicUser: UpdatusUserTotal Flash Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.69.0 log created on 03262013_140845Just run the test, the PC is still running fine but I had another random IP block just before running this script so I am not sure whether it's been able to fix the problem or not. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted March 26, 2013 Staff ID:661118 Share Posted March 26, 2013 OK check things over and let me know if you get anotherlet me know if you have a browser open at the time and which browser.Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted March 30, 2013 Staff ID:662810 Share Posted March 30, 2013 GreetingsI have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our toolsGringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 3, 2013 Staff ID:664371 Share Posted April 3, 2013 Hello 48 Hour bumpIt has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 6, 2013 ID:665561 Share Posted April 6, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts