Jump to content

Recommended Posts

Hi everyone,

 

Thanks to the generosity of everyone here in offering help. I think I have been infected with some Adware that I have not been successful in removing despite running multiple malware removers including Malwarebytes.

 

Problem: A random ad will open in a new tab in my chrome browser without warning. It links to sites like casino.com and vube.com, but right before it opens, it opens a site with URL: http://7.rotator.wigetmedia.com/servlet/ajrotator/319235/0/vh?ajecscp=1378206909662&z=wiget&dim=79059&kw=&click=

 

My logs are copied below, thanks for your help in advance!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume1
Install Date: 16/01/2013 9:01:43 PM
System Uptime: 2/09/2013 10:37:52 PM (23 hours ago)
.
Motherboard: LENOVO |  | 4286CTO
Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 234.371 GiB free.
E: is CDROM ()
Q: is FIXED (NTFS) - 12 GiB total, 3.062 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0001
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor) #2
PNP Device ID: ROOT\MS_NDISWANBH\0001
Service: NdisWan
.
==== System Restore Points ===================
.
RP48: 2/09/2013 10:47:57 PM - Post Malware Clean
.
==== Installed Programs ======================
.
8GadgetPack
Adobe AIR
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Broadcom InConcert Maestro
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Classic Shell
Command & Conquer™ Red Alert™ 3
Conexant 20672 SmartAudio HD
Create Recovery Media
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
e-tax 2012
e-tax 2013
Evernote v. 4.2.3
Facebook Video Calling 1.2.0.287
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Java 7 Update 25
Java Auto Updater
Java 6 Update 37
Junk Mail filter update
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Power Management Driver
Lenovo Registration
Lenovo Screen Reading Optimizer
Lenovo Settings - Camera Audio
Lenovo Settings Dependency Package
Lenovo Settings Mobile Hotspot
Lenovo SimpleTap
Lenovo Solution Center
Lenovo System Interface Driver
Lenovo System Update
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
Mesh Runtime
Message Center Plus
Messenger Plus! 6
Messenger Plus! for Skype
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Hotmail Connector 64-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Safe Web Lite
On Screen Display
Origin
PokerStars
Power Manager
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
RICOH_Media_Driver_v2.22.18.01
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SimCity 4 Rush Hour
Skype™ 6.5
Steam
swMSM
The Sims™ 3
ThinkPad FullScreen Magnifier
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad Wireless LAN Adapter Software
ThinkVantage Active Protection System
ThinkVantage AutoLock
ThinkVantage Fingerprint Software
ThinkVantage Password Manager
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
VIP Access
VLC media player 2.0.1
Weatherzone Tracker v2.04
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011)
Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016)
Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021)
Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
3/09/2013 10:31:29 AM, Error: Service Control Manager [7034]  - The LnvMHService service terminated unexpectedly. It has done this 1 time(s).
3/09/2013 10:30:47 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
2/09/2013 10:38:35 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {7160A13D-73DA-4CEA-95B9-37356478588A}  and APPID  Unavailable  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
1/09/2013 8:18:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/09/2013 8:15:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
1/09/2013 8:12:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/09/2013 8:12:26 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
1/09/2013 8:12:26 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
1/09/2013 8:12:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/09/2013 8:12:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/09/2013 8:12:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error:  A device attached to the system is not functioning.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/09/2013 8:11:29 PM, Error: Service Control Manager [7001]  - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error:  The dependency service or group failed to start.
1/09/2013 8:10:47 PM, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume Windows7_OS. The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1000000035507.  The name of the file is "<unable to determine file name>".
1/09/2013 8:06:46 PM, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume Windows7_OS. The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
.
==== End Of File ===========================
 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Jason Ng at 21:33:05 on 2013-09-03
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.61.2057.18.3979.1672 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\WINDOWS\system32\CxAudMsg64.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
C:\WINDOWS\SysWOW64\SAsrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Jason Ng\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [RESTART_STICKY_NOTES] C:\WINDOWS\System32\StikyNot.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\JASONN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{37B453C1-E7A8-4FA8-963A-3B3A8EFD0D3F} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6F15B934-BE1A-440B-829E-9CE82E3584CB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6F15B934-BE1A-440B-829E-9CE82E3584CB}\4516E6B6023547275616D602C4162637 : DHCPNameServer = 8.8.8.8 8.8.4.4 192.231.203.132 192.231.203.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
IFEO: sidebar.exe - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -run
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 60
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [PasswordManager] C:\Program Files\Lenovo\Password Manager\password_manager.exe
x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
x64-Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: sidebar.exe - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe -run
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\WINDOWS\System32\Drivers\DZHDD64.SYS [2012-1-27 29512]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2013-1-16 645952]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\System32\Drivers\ApsHM64.sys [2011-1-14 23664]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\WINDOWS\System32\Drivers\NSTx64\0200000.010\ccSetx64.sys [2012-3-10 167048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2012-12-23 283200]
R1 lenovo.smi;Lenovo System Interface Driver;C:\WINDOWS\System32\Drivers\smiifx64.sys [2011-8-17 15472]
R1 pelmoubt;Mouse Suite Bluetooth Driver;C:\WINDOWS\System32\Drivers\PELMoubt.SYS [2012-2-9 22016]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\WINDOWS\System32\BtwRSupportService.exe [2011-12-15 2246184]
R2 CxAudMsg;Conexant Audio Message Service;C:\WINDOWS\System32\CxAudMsg64.exe [2012-1-27 201376]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-1-16 501312]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-3-17 101736]
R2 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-1-16 496192]
R2 LENOVO.TVTVCAM;Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-1-16 661056]
R2 LocationTaskManager;Location Task Manager;C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2012-10-26 458304]
R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-6-9 125952]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-3-10 138760]
R2 PelService;Session Launcher Service;C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [2012-2-9 177152]
R2 SAService;Conexant SmartAudio service;C:\WINDOWS\System32\SAsrv.exe --> C:\WINDOWS\System32\SAsrv.exe [?]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-1-27 446800]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-3-17 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-17 142696]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-1-27 317440]
R3 risdxc;risdxc;C:\WINDOWS\System32\Drivers\risdxc64.sys [2012-1-27 105472]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\WINDOWS\System32\Drivers\rtwlane.sys [2012-6-30 1119232]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys [2013-1-16 44344]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 LnvHotSpotSvc;LnvMHService;C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [2013-1-16 460864]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 5U877;USB Video Device;C:\WINDOWS\System32\Drivers\5U877.sys [2012-1-27 166016]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudbus.sys [2013-8-6 103448]
S3 dgderdrv;dgderdrv;C:\WINDOWS\System32\Drivers\dgderdrv.sys [2010-10-25 20552]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-1-27 320576]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-8-6 37344]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pelbtm;Bluetooth Mouse Filter Driver;C:\WINDOWS\System32\Drivers\pelbtm.sys [2012-2-9 16384]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-1-27 1667216]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-1-27 1665680]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudmdm.sys [2013-8-6 203672]
S3 TFsExDisk;TFsExDisk;C:\WINDOWS\System32\Drivers\TFsExDisk.sys [2012-11-27 16392]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-09-03 05:38:06 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E355B94A-DE54-4C6D-A1C3-56C0EFAF6E67}\mpengine.dll
2013-09-02 10:01:57 -------- d-----w- C:\Users\Jason Ng\AppData\Roaming\SUPERAntiSpyware.com
2013-09-02 08:39:11 9515512 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-01 10:03:54 -------- d-----w- C:\WINDOWS\pss
2013-08-31 15:12:05 -------- d-----w- C:\WINDOWS\ERUNT
2013-08-15 09:47:40 -------- d-----w- C:\WINDOWS\System32\MRT
2013-08-14 06:40:18 694272 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2013-08-14 06:39:55 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-08-14 06:39:20 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-08-14 06:39:04 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-08-14 06:39:03 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 06:38:53 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-08-14 06:38:52 337408 ----a-w- C:\WINDOWS\System32\wintrust.dll
2013-08-14 06:38:52 261120 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2013-08-14 06:38:52 1568256 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-08-14 06:38:51 98304 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2013-08-14 06:38:51 87040 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2013-08-14 06:38:51 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2013-08-14 06:38:51 124416 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2013-08-14 06:38:50 74240 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2013-08-06 10:59:43 203672 ----a-w- C:\WINDOWS\System32\drivers\ssudmdm.sys
2013-08-06 10:59:43 103448 ----a-w- C:\WINDOWS\System32\drivers\ssudbus.sys
2013-08-06 10:55:48 37344 ----a-w- C:\WINDOWS\SysWow64\FsUsbExDisk.Sys
2013-08-06 10:55:48 233472 ----a-w- C:\WINDOWS\SysWow64\FsUsbExService.Exe
2013-08-06 10:55:48 110592 ----a-w- C:\WINDOWS\SysWow64\FsUsbExDevice.Dll
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-07-26 05:13:28 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-07-26 05:13:28 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-07-26 05:12:04 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-07-26 03:13:15 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-07-26 03:12:00 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-07-26 00:54:34 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-07-09 06:07:17 2233168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-07-02 00:44:14 36288 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2013-07-01 11:44:32 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-07-01 11:44:25 867240 ----a-w- C:\WINDOWS\SysWow64\npdeployJava1.dll
2013-07-01 11:44:25 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-06-27 22:04:51 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
.
============= FINISH: 21:35:39.99 ===============
 

 

 

Link to post
Share on other sites

Hello jng and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Hi Borislav,

 

Thank you heaps for your help, I hope we can solve this together. Seems quite a few other people have found this issue but I haven't found a solution to this problem anywhere.

 

I ran the OTL Quick Scan and ticked Scan All Users, but I only got an OTL.txt, not an Extras.txt. The log is pasted as follows:

 

OTL logfile created on: 4/09/2013 5:05:33 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jason Ng\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 66.61% Memory free
6.51 Gb Paging File | 5.16 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.58 Gb Total Space | 232.97 Gb Free Space | 51.48% Space Free | Partition Type: NTFS
Drive Q: | 11.72 Gb Total Space | 3.06 Gb Free Space | 26.13% Space Free | Partition Type: NTFS
 
Computer Name: JASON-X220 | User Name: Jason Ng | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/04 16:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason Ng\Downloads\OTL.exe
PRC - [2013/06/29 10:49:28 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/27 15:13:05 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012/12/26 05:38:00 | 000,476,816 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2012/12/26 05:38:00 | 000,129,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/11/15 18:07:26 | 000,575,040 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
PRC - [2012/11/15 18:07:18 | 000,661,056 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012/11/15 18:07:06 | 000,496,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012/11/15 18:07:00 | 000,572,992 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012/11/15 18:06:32 | 000,501,312 | ---- | M] (Lenovo Corporation) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2012/11/13 10:25:34 | 002,646,592 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
PRC - [2012/10/26 15:44:32 | 000,458,304 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
PRC - [2012/10/26 15:44:12 | 000,013,888 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
PRC - [2012/04/19 00:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/11/10 09:00:10 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/09/02 13:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
PRC - [2011/09/01 14:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2011/07/12 18:17:06 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 17:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 17:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/05/26 08:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011/02/24 18:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Jason Ng\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/05/28 16:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/17 20:35:41 | 006,998,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\acf905c62ab9c1b77ca69e8b745e3fdb\System.Core.ni.dll
MOD - [2013/08/17 20:35:27 | 009,937,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/08/15 19:53:55 | 000,158,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PWMUIAux\10f2c930c8adef282fc7f100539c51bf\PWMUIAux.ni.exe
MOD - [2013/08/14 17:15:50 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6b49661877ca78101ebc697b9a6a95fd\System.Windows.Forms.ni.dll
MOD - [2013/08/14 17:15:29 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e4447d26cd9083018bd28ddd60a0248\System.Drawing.ni.dll
MOD - [2013/08/14 17:15:12 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5ee445d76a53f7f0ece31685fb193b90\PresentationFramework.ni.dll
MOD - [2013/08/14 17:14:31 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e160ec0c386568c802eff15bf297996b\PresentationCore.ni.dll
MOD - [2013/08/14 17:13:57 | 003,350,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\56543ab218fc1a48a39941558fe7d736\WindowsBase.ni.dll
MOD - [2013/08/14 17:13:45 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll
MOD - [2013/07/12 19:26:47 | 000,970,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PWMUICtl\228121123dd4b12295c92c05746bcddb\PWMUICtl.ni.dll
MOD - [2013/07/12 11:54:56 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\abb10610a31396b63a3cd6c4715b3780\PresentationFramework.Aero.ni.dll
MOD - [2013/07/12 11:51:53 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll
MOD - [2013/07/12 11:48:11 | 001,156,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\cd6b8416903164862eba3d170df40c90\System.Management.ni.dll
MOD - [2013/07/12 11:43:44 | 016,547,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2012/12/26 05:38:00 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\US\PWMROV.DLL
MOD - [2012/10/26 15:44:12 | 000,013,888 | ---- | M] () -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
MOD - [2012/07/06 12:02:32 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
MOD - [2010/04/07 03:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/07 03:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Jason Ng\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/05/28 16:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/07/02 10:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/29 10:49:28 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2013/06/25 08:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 19:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 16:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 16:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/28 06:52:04 | 000,061,224 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2013/04/09 14:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 12:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 12:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 09:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 09:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/15 18:07:18 | 000,661,056 | ---- | M] (Lenovo Corporation) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV:64bit: - [2012/11/15 18:07:06 | 000,496,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2012/11/15 18:06:32 | 000,501,312 | ---- | M] (Lenovo Corporation) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2012/11/13 10:24:52 | 000,460,864 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe -- (LnvHotSpotSvc)
SRV:64bit: - [2012/11/06 14:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 19:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 16:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 13:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 13:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 13:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 13:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 13:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 13:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 13:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 13:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 13:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 13:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 13:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 10:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/06/08 01:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2011/12/15 19:23:46 | 002,246,184 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2011/07/12 17:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 17:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 17:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/01/14 08:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/09/23 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/22 13:20:18 | 000,177,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe -- (PelService)
SRV - [2013/06/26 15:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/30 05:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/27 15:13:05 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2013/02/19 20:34:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/12/26 05:38:00 | 001,667,216 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/12/26 05:38:00 | 001,665,680 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/12/26 05:38:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2012/11/06 14:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/26 15:44:32 | 000,458,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe -- (LocationTaskManager)
SRV - [2012/07/26 13:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/04/19 00:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/11/10 09:00:10 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/09/02 13:27:08 | 000,446,800 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)
SRV - [2011/09/01 14:23:44 | 000,447,104 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2011/02/24 18:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV:64bit: - [2013/07/09 18:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 10:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/02 08:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 16:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/21 10:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/21 10:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/11 07:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/06/01 21:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 21:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/01 13:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/04 17:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 17:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/28 06:52:04 | 000,044,800 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2013/04/24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/02 20:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 20:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 20:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/19 20:34:56 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/01/16 20:04:45 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/01/10 11:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/26 05:38:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2012/12/26 05:38:00 | 000,020,328 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012/11/27 13:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 14:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 13:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/11/02 14:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/17 22:19:22 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/10/12 18:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 17:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 17:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/28 20:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/09/20 17:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 17:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 15:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 15:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 15:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 15:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 15:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 15:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 15:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 15:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 15:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 15:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 15:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 15:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 15:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 15:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 15:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 15:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 15:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 14:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 14:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 13:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 12:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 12:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 12:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 12:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 12:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 12:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 12:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 12:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 12:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 12:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 12:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 12:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 12:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 12:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 12:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 12:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 12:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 12:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/26 12:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/26 12:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 12:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/26 12:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/26 12:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 12:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 12:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/09 12:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/04 12:39:00 | 000,105,472 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2012/06/30 12:00:53 | 001,119,232 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/06/21 13:59:50 | 001,586,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012/01/27 11:44:54 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/09/22 08:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/08/18 11:00:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/09 09:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NSTx64\0200000.010\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2011/05/30 17:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV:64bit: - [2011/03/05 12:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011/01/14 08:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/14 08:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/21 02:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/18 17:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/11/06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/25 19:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/10/25 19:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/09/07 15:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009/04/23 13:58:16 | 000,022,016 | ---- | M] (Primax Electronics Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\PELMoubt.SYS -- (pelmoubt)
DRV:64bit: - [2007/09/20 12:11:18 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pelbtm.sys -- (pelbtm)
DRV - [2013/07/18 15:34:28 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012/02/08 21:41:52 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/08 21:41:52 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/25 19:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enAU479
IE - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jason Ng\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2013/09/04 16:26:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/03/20 11:18:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension [2013/01/16 21:03:14 | 000,000,000 | ---D | M]
 
[2012/12/16 02:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Chrome YouTube Downloader = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.17_0\
CHR - Extension: NetBank = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnpedghacgigoamalnfnikaagobdbjp\1.0.0.4_0\
CHR - Extension: ThinkVantage Password Manager = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab\4.10.6_0\
CHR - Extension: AdBlock = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Auto Refresh Plus = C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.22_0\
 
O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3:64bit: - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation)
O4:64bit: - HKLM..\Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Lenovo)
O4:64bit: - HKLM..\Run: [PasswordManager] C:\Program Files\Lenovo\Password Manager\password_manager.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\WINDOWS\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [F.lux] C:\Users\Jason Ng\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [Facebook Update] C:\Users\Jason Ng\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exe File not found
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4142977412-1557321089-3802878651-1000..\Run: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
O4 - Startup: C:\Users\Jason Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 149.171.96.2 149.171.192.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37B453C1-E7A8-4FA8-963A-3B3A8EFD0D3F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F15B934-BE1A-440B-829E-9CE82E3584CB}: DhcpNameServer = 149.171.96.2 149.171.192.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\sidebar.exe: Debugger - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe ()
O27 - HKLM IFEO\sidebar.exe: Debugger - C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe ()
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/15 11:51:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/11 02:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/04 02:51:22 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2013/09/04 02:51:18 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\Local Settings
[2013/09/02 20:01:57 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/01 20:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/09/01 01:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/15 19:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2013/08/13 13:37:02 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\Desktop\Livewire
[2013/08/12 23:28:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/08/12 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/08/11 14:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2013/08/06 22:20:58 | 000,000,000 | ---D | C] -- C:\Users\Jason Ng\Desktop\Pictures
[2013/08/06 20:59:43 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\SysNative\drivers\ssudmdm.sys
[2013/08/06 20:59:43 | 000,103,448 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\SysNative\drivers\ssudbus.sys
[2013/08/06 20:55:48 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\SysWow64\FsUsbExService.Exe
[3 C:\Users\Jason Ng\Desktop\*.tmp files -> C:\Users\Jason Ng\Desktop\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[13 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/04 17:04:01 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/04 16:30:56 | 000,848,230 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/09/04 16:30:56 | 000,723,700 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/09/04 16:30:56 | 000,136,838 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/09/04 16:28:03 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/04 16:27:04 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/04 16:25:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/09/04 16:25:10 | 3338,018,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/04 06:39:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4142977412-1557321089-3802878651-1000UA.job
[2013/09/03 21:39:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4142977412-1557321089-3802878651-1000Core.job
[2013/08/25 13:38:48 | 000,732,911 | ---- | M] () -- C:\Users\Jason Ng\Desktop\hungry-jacks-vouchers.pdf
[2013/08/24 04:46:04 | 000,158,057 | ---- | M] () -- C:\Users\Jason Ng\Desktop\Family Law Act.rtf
[2013/08/21 16:46:23 | 000,001,277 | ---- | M] () -- C:\Users\Jason Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/08/13 23:28:13 | 000,065,103 | ---- | M] () -- C:\Users\Jason Ng\Desktop\P1-BM657_EMERGE_G_20130811183032.jpg
[3 C:\Users\Jason Ng\Desktop\*.tmp files -> C:\Users\Jason Ng\Desktop\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[13 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/03 21:11:49 | 000,387,583 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/08/25 13:38:13 | 000,732,911 | ---- | C] () -- C:\Users\Jason Ng\Desktop\hungry-jacks-vouchers.pdf
[2013/08/24 04:34:58 | 000,158,057 | ---- | C] () -- C:\Users\Jason Ng\Desktop\Family Law Act.rtf
[2013/08/13 23:28:11 | 000,065,103 | ---- | C] () -- C:\Users\Jason Ng\Desktop\P1-BM657_EMERGE_G_20130811183032.jpg
[2013/08/06 20:55:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysWow64\FsUsbExDevice.Dll
[2013/08/06 20:55:48 | 000,037,344 | ---- | C] () -- C:\WINDOWS\SysWow64\FsUsbExDisk.Sys
[2013/02/28 13:00:00 | 000,002,495 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv
[2013/02/19 20:35:12 | 000,963,388 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2013/02/19 20:34:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/01/16 21:45:24 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/01/16 21:37:26 | 000,000,576 | ---- | C] () -- C:\Users\Jason Ng\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012/12/23 12:34:27 | 000,000,715 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/10/29 11:09:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2012/10/29 11:09:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2012/10/29 11:09:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2012/10/29 11:09:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2012/10/29 11:09:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/10/10 01:22:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012/07/26 18:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012/07/26 18:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012/07/26 17:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/26 11:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012/07/26 06:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/26 06:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012/06/11 16:28:05 | 000,000,261 | ---- | C] () -- C:\Users\Jason Ng\AppData\Roaming\Battery Meter_Settings.ini
[2012/06/11 16:26:55 | 000,001,302 | ---- | C] () -- C:\Users\Jason Ng\AppData\Roaming\Network Meter_Settings.ini
[2012/06/03 00:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/03/10 15:53:12 | 000,735,230 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/02/09 01:46:00 | 000,007,593 | ---- | C] () -- C:\Users\Jason Ng\AppData\Local\Resmon.ResmonCfg
[2012/01/27 11:15:42 | 000,066,856 | ---- | C] () -- C:\WINDOWS\SysWow64\SynTPEnhPS.dll
 
========== ZeroAccess Check ==========
 
[2013/01/17 10:54:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 16:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 15:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/23 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\DAEMON Tools Lite
[2012/05/04 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Dropbox
[2012/02/08 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Leadertech
[2013/01/17 00:44:39 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Lenovo
[2013/01/17 09:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\LSC
[2012/07/14 17:33:57 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Origin
[2013/01/17 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\PCDr
[2012/02/08 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\PwrMgr
[2013/06/26 16:06:58 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Red Alert 3
[2012/11/27 23:39:32 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Samsung
[2012/05/10 01:49:31 | 000,000,000 | ---D | M] -- C:\Users\Jason Ng\AppData\Roaming\Temp
 
========== Purity Check ==========
 
 
 
< End of report >
Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
In your next reply, post the following log files:
  • OTL Fix log
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

OTL Fix Log

 

All processes killed

========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason Ng\Downloads\cmd.bat deleted successfully.
C:\Users\Jason Ng\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default.migrated
 
User: Jason Ng
->Temp folder emptied: 352793062 bytes
->Temporary Internet Files folder emptied: 168925119 bytes
->Java cache emptied: 2148874 bytes
->Google Chrome cache emptied: 394523167 bytes
->Flash cache emptied: 185087 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1517002 bytes
%systemroot%\System32 .tmp files removed: 11065344 bytes
%systemroot%\System32 (64bit) .tmp files removed: 17014232 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93526326 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 10627740468 bytes
 
Total Files Cleaned = 11,129.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09052013_182426
 
Files\Folders moved on Reboot...
C:\Users\Jason Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\WINDOWS\temp\chrome_installer.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Junkware Removal Tool Log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by Jason Ng on Thu 05/09/2013 at 18:41:38.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/09/2013 at 18:54:14.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner Log
 
# AdwCleaner v3.002 - Report created 05/09/2013 at 19:00:43
# Updated 01/09/2013 by Xplode
# Operating System : Windows 8 Pro with Media Center  (64 bits)
# Username : Jason Ng - JASON-X220
# Running from : C:\Users\Jason Ng\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Google Chrome v29.0.1547.62
 
[ File : C:\Users\Jason Ng\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [846 octets] - [05/09/2013 18:59:26]
AdwCleaner[s1].txt - [770 octets] - [05/09/2013 19:00:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [829 octets] ##########
 
Thanks!
Link to post
Share on other sites

A post by user Bernie56 was deleted:  It said...

 

Hello all

A friend pointed out the following:
http://www.malekal.com/2013/09/03/popup-de-publicites-popcash-et-yuna-software-messenger-plus/

which states that the problem stems from Messenger Plus from Yuna Software.

Accordingly, I uninstalled that software and I am monitoring the internet traffic on my machine with Fiddler Web Debugger (http://fiddler2.com/). Although it is a bit early to tell, it seems that the problem was resolved. I will need to wait another 24 hours to be sure.

Note that the uninstall of Messenger Plus crashed when it removed the program. I will need to clean it up.

Thanks
---------------------

 

Following this, I uninstalled this program last night and 24 hours later, I have still had no popups, which had been appearing daily for over a week at a similar time each day. If in another 24 hours I have still not experienced any popups, I would believe that this is the offending program.

Link to post
Share on other sites

Hi Borislav,

 

I live in Sydney and it usually pops up sometime between 7 - 10pm local time. It is currently 11pm Sunday, and since uninstalling on Friday night, I still have not experienced any popups. As I mentioned earlier, I had been getting the problem daily on a consistent basis, so it is becoming more convincing that the "Messenger Plus for Skype" from Yuna Software is the offending program.

 

I have had that program for a while with no problems, so it does seem a bit unusual for it to pop up recently. I also still have the first version of the program which is for the now defunct Windows Live Messenger but it doesn't appear to cause me any problems.

 

And sorry I didn't answer your post earlier, the browser being affected was google chrome. Thanks!

 

Cheers

Link to post
Share on other sites

Glad everything is fine there!

Let's clean these tools:

Step 1

Please run OTL and click on CleanUp button.

Step 2

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.