uliajay14 Posted June 9, 2013 ID:689291 Share Posted June 9, 2013 I am going to post the DDS and Attach files. For some reason, I am unable to hit enter and provide carriage returns. My apologies. Thanks. DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16576Run by Julia at 16:01:09 on 2013-06-09Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.1466 [GMT -4:00].AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Windows\system32\CxAudMsg64.exeC:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeC:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXEC:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Services\IPT\jhi_service.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\PROGRA~2\PHAROS~1\Core\CTskMstr.exeC:\Windows\SysWOW64\SAsrv.exeC:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exeC:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exeC:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exeC:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exeC:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Lenovo\System Update\SUService.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\rundll32.exeC:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXEC:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXEC:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exeC:\Windows\System32\rundll32.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\TpShocks.exeC:\Program Files\CONEXANT\ForteConfig\fmapp.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Lenovo\Communications Utility\TpKnrres.exeC:\Program Files\Lenovo\AutoLock\ALCKRESI.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\RunDll32.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exeC:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exeC:\Windows\system32\taskhost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Users\Julia\AppData\Local\Facebook\Update\FacebookUpdate.exeC:\Windows\system32\taskeng.exeC:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02212013uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENPuURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dllmURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dllmWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dllBHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dllBHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dllTB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dlluRun: [Facebook Update] "C:\Users\Julia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimizeduRun: [AdobeBridge] <no file>mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exemRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /bootmRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startupmRun: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htmLSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dllTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{4E27899F-9BC3-45C2-A334-6087CF8C0425} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{D43218A0-0A87-404A-8EFA-DF8C6F8ABA65} : DHCPNameServer = 75.75.75.75 75.75.76.76Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLLSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [TpShocks] TpShocks.exex64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exex64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXEx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htmx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-9-7 31344]R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-12-15 23664]R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-12-29 15472]R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2013-2-21 144672]R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-9-7 198784]R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-8-28 168448]R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-8-28 131072]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-7 40808]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-12-29 45496]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-9-7 59240]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-12-29 93032]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-30 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-30 701512]R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-9-7 101376]R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-9-7 166016]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-7 317440]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-30 25928]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-9-7 947816]R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-9-7 425000]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-7 39464]S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-9-7 477032]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-27 1038088]S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-9-7 31152]S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2013-2-21 36640]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2013-2-21 25608].=============== Created Last 30 ================.2013-05-15 20:27:11 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-05-15 20:27:10 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-05-15 20:27:10 144384 ----a-w- C:\Windows\System32\cdd.dll2013-05-15 20:26:58 1930752 ----a-w- C:\Windows\System32\authui.dll2013-05-15 20:26:57 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-05-15 20:26:57 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-05-15 20:26:57 111448 ----a-w- C:\Windows\System32\consent.exe2013-05-15 20:26:50 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-05-15 20:26:50 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-05-15 20:26:49 3153920 ----a-w- C:\Windows\System32\win32k.sys.==================== Find3M ====================.2013-05-16 15:56:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-16 15:56:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe.============= FINISH: 16:02:11.10 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 9/14/2011 9:31:45 PMSystem Uptime: 6/9/2013 3:53:12 AM (13 hours ago).Motherboard: LENOVO | | 4177CTOProcessor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU | 1775/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 281 GiB total, 182.27 GiB free.Q: is FIXED (NTFS) - 16 GiB total, 7.047 GiB free..==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: AntiLog32Device ID: ROOT\LEGACY_ANTILOG32\0000Manufacturer:Name: AntiLog32PNP Device ID: ROOT\LEGACY_ANTILOG32\0000Service: AntiLog32.==== System Restore Points ===================.RP94: 2/21/2013 3:47:57 PM - Removed Sophos AutoUpdateRP95: 2/21/2013 3:48:36 PM - Installed Sophos AutoUpdateRP96: 2/27/2013 3:00:20 AM - Windows UpdateRP97: 3/21/2013 11:51:11 PM - Scheduled CheckpointRP98: 3/22/2013 3:00:50 AM - Windows UpdateRP99: 3/27/2013 3:00:22 AM - Windows UpdateRP100: 4/3/2013 10:13:36 AM - Scheduled CheckpointRP101: 4/11/2013 3:00:19 AM - Windows UpdateRP102: 4/24/2013 4:19:52 PM - Scheduled CheckpointRP103: 4/25/2013 3:00:18 AM - Windows UpdateRP104: 5/8/2013 8:52:10 PM - Scheduled CheckpointRP105: 5/29/2013 5:23:11 PM - Windows UpdateRP106: 5/30/2013 5:50:03 PM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Anchor Service CS4Adobe Anchor Service x64 CS4Adobe Bridge CS4Adobe CMaps CS4Adobe CMaps x64 CS4Adobe Color - Photoshop Specific CS4Adobe Color EU Extra Settings CS4Adobe Color JA Extra Settings CS4Adobe Color NA Recommended Settings CS4Adobe Color Video Profiles CS CS4Adobe CSI CS4Adobe CSI CS4 x64Adobe Default Language CS4Adobe Device Central CS4Adobe Drive CS4Adobe Drive CS4 x64Adobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Flash Player 11 ActiveXAdobe Fonts AllAdobe Fonts All x64Adobe Linguistics CS4Adobe Linguistics CS4 x64Adobe Media PlayerAdobe Output ModuleAdobe PDF Library Files CS4Adobe PDF Library Files x64 CS4Adobe Photoshop CS4Adobe Photoshop CS4 (64 Bit)Adobe Photoshop CS4 SupportAdobe Reader 9.5.1Adobe Search for HelpAdobe Service Manager ExtensionAdobe SetupAdobe Type Support CS4Adobe Type Support x64 CS4Adobe Update Manager CS4Adobe WinSoft Linguistics PluginAdobe WinSoft Linguistics Plugin x64Adobe XMP Panels CS4AdobeColorCommonSetCMYKAdobeColorCommonSetRGBAmazon MP3 Downloader 1.0.12Apple Application SupportApple Mobile Device SupportBroadcom InConcert MaestroBurn.Now 4.5Cisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleConexant 20672 SmartAudio HDConnectCopyTrans Suite Remove OnlyCorel Burn.Now Lenovo EditionCorel DVD MovieFactory 7Corel DVD MovieFactory Lenovo EditionCorel WinDVDCreate Recovery MediaD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDirect DiscRecorderEpson ConnectEpson Customer ParticipationEpson Event ManagerEPSON NX230 Series Printer UninstallEPSON ScanFacebook Video Calling 1.2.0.287Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGraphPad Prism 5Integrated Camera Driver Installer Package Ver.1.1.0.1147Integrated Camera TWAINIntel® Control CenterIntel® Identity Protection Technology 1.1.2.0Intel® Processor GraphicsJunk Mail filter updatekulerLenovo Auto Scroll UtilityLenovo RegistrationLenovo System Interface DriverLenovo ThinkVantage ToolboxLenovo User GuideLenovo Warranty InformationLenovo WelcomeLTCM ClientMalwarebytes Anti-Malware version 1.75.0.1300Media Player Classic - Home Cinema 1.6.1.4235 x64Mesh RuntimeMessage Center PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)On Screen DisplayPDF Settings CS4PharosPhotoshop Camera RawPhotoshop Camera Raw_x64RapidBootRegistry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7RICOH_Media_Driver_v2.13.18.02Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSkype™ 5.10Sophos Anti-VirusSophos AutoUpdateSuite Shared Configuration CS4System UpdateThinkPad Bluetooth with Enhanced Data Rate SoftwareThinkPad FullScreen MagnifierThinkPad Power Management DriverThinkPad Power ManagerThinkPad UltraNav DriverThinkPad UltraNav UtilityThinkPad Wireless LAN Adapter SoftwareThinkVantage Active Protection SystemThinkVantage AutoLockThinkVantage Communications UtilityUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionuTorrentControl2 ToolbarVIPAccessWindows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144)Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)Windows Driver Package - Intel System (10/04/2010 9.2.0.1015)Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013)Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)Windows Driver Package - Ricoh Company SD Host Controller (03/23/2011 6.10.10.30)Windows Driver Package - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesXFINITY Toolbar.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted June 9, 2013 ID:689305 Share Posted June 9, 2013 Hello uliajay14 and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.What problems do you experience? Link to post Share on other sites More sharing options...
uliajay14 Posted June 10, 2013 Author ID:689537 Share Posted June 10, 2013 My computer is generally slow. It must have a bunch of malware on it. I want to clean it well. Link to post Share on other sites More sharing options...
Maniac Posted June 10, 2013 ID:689666 Share Posted June 10, 2013 Step 1Please uninstall the following applications:uTorrentControl2 ToolbarXFINITY ToolbarStep 2Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 4 Download on the desktop RogueKiller Quit all programs Start RogueKiller.exe Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logRogueKiller log Link to post Share on other sites More sharing options...
uliajay14 Posted June 11, 2013 Author ID:689924 Share Posted June 11, 2013 Attached is the Junkware Removal Tool log, the AdwCleaner log and the RogueKiller log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Home Premium x64Ran by Julia on Mon 06/10/2013 at 17:53:17.77~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3072253Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA979A83-1E14-45CC-B5BD-32152A713250}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\partner"Successfully deleted: [Folder] "C:\Users\Julia\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Julia\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Julia\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{4FFE62C5-B226-461B-A5F0-BB113CF279B2}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{74F45FE9-679A-4EA5-A39C-59ADFA8B7CC3}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{7BCDBF2D-F5FF-426B-AC2E-14D354CF02EF}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{8BC20736-F760-4118-8A7F-3F3FDDEC9DCC}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{A998F1D4-C498-4F9B-9DCF-6E8116C2C801}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{BD46437E-2C85-4803-981A-347637D3A53D}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{BE2530FC-38C2-4525-BD45-46A037248C5B}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{CE8597EF-3D57-49CD-BD3D-7273BD6F9102}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{D8556DB2-1CC8-4080-94FD-539A62B2DCAA}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{E3B438A4-D4E7-4F57-A2EB-A40C12412111}Successfully deleted: [Empty Folder] C:\Users\Julia\appdata\local\{ED56E4BF-4387-4267-AB0A-B489E4DE05C1}~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 06/10/2013 at 17:57:19.80End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v2.303 - Logfile created 06/10/2013 at 18:06:11# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Julia - JULIA-THINK# Boot Mode : Normal# Running from : C:\Users\Julia\Desktop\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorageFolder Deleted : C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portalKey Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16576[OK] Registry is clean.-\\ Google Chrome v12.0.742.112File : C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.24] : icon_url = "hxxp://search.conduit.com/fav.ico",Deleted [l.27] : keyword = "search.conduit.com",Deleted [l.30] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]Deleted [l.31] : suggest_url = "hxxp://search.conduit.com/"File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[s1].txt - [3641 octets] - [10/06/2013 18:06:11]########## EOF - C:\AdwCleaner[s1].txt - [3701 octets] ##########RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Julia [Admin rights]Mode : Scan -- Date : 06/11/2013 12:00:20| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: HITACHI HTS723232A7A364 +++++--- User ---[MBR] e65d22ca76355a4beec5e71e046c1a8e[bSP] 83e8f9cc9ec39b6e49f9595abc2f9b0a : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 288043 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592371712 | Size: 16000 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] 21b6670fd3d6f0462acc19094be23826[bSP] a426dc81e32acec7b7cc0cfc1a02fbb7 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 288043 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592371712 | Size: 16000 MoFinished : << RKreport[1]_S_06112013_02d1200.txt >>RKreport[1]_S_06112013_02d1200.txt Link to post Share on other sites More sharing options...
Maniac Posted June 12, 2013 ID:690196 Share Posted June 12, 2013 Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply Link to post Share on other sites More sharing options...
uliajay14 Posted June 12, 2013 Author ID:690251 Share Posted June 12, 2013 Attached is the aswMBR log aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-06-12 12:50:59-----------------------------12:50:59.506 OS Version: Windows x64 6.1.7601 Service Pack 112:50:59.506 Number of processors: 4 586 0x2A0712:50:59.506 ComputerName: JULIA-THINK UserName: Julia12:51:00.364 Initialize success12:51:09.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-112:51:09.232 Disk 0 Vendor: HITACHI_ EC2Z Size: 305245MB BusType: 312:51:09.341 Disk 0 MBR read successfully12:51:09.341 Disk 0 MBR scan12:51:09.356 Disk 0 unknown MBR code12:51:09.356 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 204812:51:09.356 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288043 MB offset 245964812:51:09.388 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 59237171212:51:09.450 Disk 0 scanning C:\Windows\system32\drivers12:51:14.224 Service scanning12:51:29.574 Modules scanning12:51:29.590 Disk 0 trace - called modules:12:51:29.621 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll12:51:29.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fa7060]12:51:30.151 3 CLASSPNP.SYS[fffff880011cc43f] -> nt!IofCallDriver -> [0xfffffa8004d4b550]12:51:30.151 5 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d50050]12:51:30.167 Scan finished successfully12:52:52.775 Disk 0 MBR has been saved successfully to "C:\Users\Julia\Desktop\MBR.dat"12:52:52.791 The log file has been saved successfully to "C:\Users\Julia\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Maniac Posted June 12, 2013 ID:690330 Share Posted June 12, 2013 Please re-run aswMBR.exeClick on [scan] buttonOn completion of the scan click the [FixMBR]Once the scan finishes click Save log button to save the log to your DesktopCopy and paste the contents of aswMBR.txt back here for review Link to post Share on other sites More sharing options...
uliajay14 Posted June 12, 2013 Author ID:690339 Share Posted June 12, 2013 Attached is the contents of aswMBR.txt aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-06-12 18:05:28-----------------------------18:05:28.224 OS Version: Windows x64 6.1.7601 Service Pack 118:05:28.224 Number of processors: 4 586 0x2A0718:05:28.224 ComputerName: JULIA-THINK UserName: Julia18:05:28.942 Initialize success18:05:34.004 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-118:05:34.004 Disk 0 Vendor: HITACHI_ EC2Z Size: 305245MB BusType: 318:05:34.113 Disk 0 MBR read successfully18:05:34.113 Disk 0 MBR scan18:05:34.113 Disk 0 unknown MBR code18:05:34.113 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 204818:05:34.113 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288043 MB offset 245964818:05:34.144 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 59237171218:05:34.175 Disk 0 scanning C:\Windows\system32\drivers18:05:38.855 Service scanning18:05:53.681 Modules scanning18:05:53.681 Disk 0 trace - called modules:18:05:53.713 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll18:05:53.713 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fa7060]18:05:54.227 3 CLASSPNP.SYS[fffff880011cc43f] -> nt!IofCallDriver -> [0xfffffa8004d4b550]18:05:54.227 5 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d50050]18:05:54.227 Scan finished successfully18:06:11.795 Verifying18:06:21.810 Disk 0 Windows 601 MBR fixed successfully18:08:15.300 Disk 0 MBR has been saved successfully to "C:\Users\Julia\Desktop\MBR.dat"18:08:15.316 The log file has been saved successfully to "C:\Users\Julia\Desktop\aswMBR2.txt" Link to post Share on other sites More sharing options...
Maniac Posted June 13, 2013 ID:690606 Share Posted June 13, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look herePlease visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
uliajay14 Posted June 13, 2013 Author ID:690668 Share Posted June 13, 2013 Attached is ComboFix.txt ComboFix 13-06-12.02 - Julia 06/13/2013 10:16:47.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2027 [GMT -4:00]Running from: c:\users\Julia\Desktop\ComboFix.exeAV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Julia\Documents\~WRL0005.tmpc:\users\Julia\Documents\~WRL3588.tmpc:\users\Julia\Documents\~WRL3916.tmpQ:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2013-05-13 to 2013-06-13 )))))))))))))))))))))))))))))))..2013-06-13 14:30 . 2013-06-13 14:30 -------- d-----w- c:\users\Jeff\AppData\Local\temp2013-06-13 14:30 . 2013-06-13 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp2013-06-12 16:59 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-10 21:53 . 2013-06-10 21:53 -------- d-----w- c:\windows\ERUNT2013-06-10 21:52 . 2013-06-10 21:52 -------- d-----w- C:\JRT2013-05-15 20:27 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-05-15 20:27 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-05-15 20:27 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll2013-05-15 20:26 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll2013-05-15 20:26 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll2013-05-15 20:26 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll2013-05-15 20:26 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe2013-05-15 20:26 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll2013-05-15 20:26 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-05-15 20:26 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-05-15 20:26 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-05-15 20:26 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-13 07:01 . 2011-09-21 00:45 75825640 ----a-w- c:\windows\system32\MRT.exe2013-06-12 16:56 . 2012-04-10 00:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-12 16:56 . 2011-10-14 01:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-29 21:19 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-04-13 05:49 . 2013-05-15 20:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 20:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 20:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 20:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 20:27 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 20:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-04-24 14:07 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-04 18:50 . 2013-04-30 14:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-19 06:04 . 2013-04-10 19:43 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:46 . 2013-04-10 19:43 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 19:43 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 19:43 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 19:43 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 19:43 112640 ----a-w- c:\windows\system32\smss.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Julia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-08 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-23 1544040]"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-02-21 900160].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]@="service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]"DisableMonitoring"=dword:00000001.R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:56].2013-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4161733392-4162015121-2545797441-1001Core.job- c:\users\Julia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 01:52].2013-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4161733392-4162015121-2545797441-1001UA.job- c:\users\Julia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 01:52].2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 02:22].2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 02:22].2013-06-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06].2013-06-13 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TpShocks"="TpShocks.exe" [2010-12-09 380776]"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 167960]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 391704]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 418840]"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-04-05 41320]"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll.------- Supplementary Scan -------.uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02212013uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 75.75.75.75 75.75.76.76.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-AdobeBridge - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-06-13 11:03:11ComboFix-quarantined-files.txt 2013-06-13 15:02.Pre-Run: 196,570,161,152 bytes freePost-Run: 197,378,768,896 bytes free.- - End Of File - - 99046CDC64E111984352A7B7377C9AEED41D8CD98F00B204E9800998ECF8427E Link to post Share on other sites More sharing options...
Maniac Posted June 15, 2013 ID:691389 Share Posted June 15, 2013 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.[*]Check "YES, I accept the Terms of Use."[*]Click the Start button.[*]Accept any security warnings from your browser.[*]Under Scan Settings, check "Scan Archives" and "Remove found threats" [*]Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
uliajay14 Posted June 17, 2013 Author ID:692079 Share Posted June 17, 2013 I ran the ESET online scan, but I could not find the export button at the end. The scan said it found no threats, so should I still run the scan again so I can post the file in a reply or should I not bother since there were no threats detected? Link to post Share on other sites More sharing options...
Maniac Posted June 17, 2013 ID:692198 Share Posted June 17, 2013 Any progress? Link to post Share on other sites More sharing options...
uliajay14 Posted June 19, 2013 Author ID:693317 Share Posted June 19, 2013 I ran the ESET online scan, but I could not find the export button at the end. The scan said it found no threats, so should I still run the scan again so I can post the file in a reply or should I not bother since there were no threats detected? Link to post Share on other sites More sharing options...
Maniac Posted June 20, 2013 ID:693499 Share Posted June 20, 2013 I mean progress with your system. No, you don't have to send me any log file, because there is nothing I want to see. Link to post Share on other sites More sharing options...
uliajay14 Posted June 20, 2013 Author ID:693531 Share Posted June 20, 2013 It seems to be moving a lot faster, thank you! Link to post Share on other sites More sharing options...
Maniac Posted June 20, 2013 ID:693571 Share Posted June 20, 2013 Glad I could help! Step 1Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesStep 3 Please uninstall ESET Online Scanner. Step 4 Some malware prevention tips: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 27, 2013 Root Admin ID:696097 Share Posted June 27, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts