Jump to content

Delta Search -- Help!


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19475  BrowserJavaVersion: 10.25.2
Run by zamanmm at 16:37:40 on 2013-10-30
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3061.1266 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\QUBEE WCM\GPCommonService.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\lxddcoms.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe
C:\Windows\system32\ptumlcmsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = localhost;*.local
uWinlogon: Shell = explorer.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\coupons.com couponbar\tbcore3.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\users\zamanmm\appdata\roaming\shopathome\shopathometoolbar\tbcore3U.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\zamanmm\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [shopAtHomeWatcher] c:\users\zamanmm\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RPT Msgsrv] "c:\program files\panasonic\panasonic-dms\rpt network printer port\Msgsrv.exe" /NRPT Network Printer /S
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\jobsta~1.lnk - c:\program files\panasonic\panasonic-dms\lrecvtrap\LRecvTrap.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{803FC278-F797-4213-9E4F-829AE9D9FD55} : DHCPNameServer = 180.234.0.193 180.234.0.197
TCP: Interfaces\{C9697EE0-222B-4F23-A61D-0A5C7B10426B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CFFA5286-0D07-40C6-BABC-811702F106B0} : DHCPNameServer = 180.234.0.193 180.234.0.197
TCP: Interfaces\{D3510E5F-6489-45C4-9374-CA9B3DDA2BC9} : DHCPNameServer = 180.234.0.193 180.234.0.197
TCP: Interfaces\{DB3C85D0-8D16-468C-8E13-33AFE808BDA4} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\240\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-11 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-11 934488]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-31 37664]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20131022.001\BHDrvx86.sys [2013-10-22 1096280]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-11 134744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-5 242240]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20131029.002\IDSvix86.sys [2013-10-30 393816]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-7-23 13680]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-11 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-11 352344]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-25 43912]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-8 21504]
R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-2-29 90112]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-7-23 127336]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-2-29 15360]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.4.0.40\ccsvchst.exe [2013-6-11 144368]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2013-4-7 195840]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-7-6 35088]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-9-14 113168]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-3 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-7-23 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-7-23 142696]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-6-7 478712]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-27 108120]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-7-23 101736]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2012-6-28 38440]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2012-6-7 57256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\240\g2ax_service.exe [2010-10-12 161144]
S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-2-29 131072]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-9-14 59664]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-9-14 168208]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-9-14 168208]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-9-14 168848]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-9-14 168208]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-10-3 10112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-10-20 11:56:01 -------- d-----w- c:\program files\Coupons.com CouponBar
2013-10-10 14:30:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-10 14:30:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-10 14:30:27 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-10-10 14:30:27 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-10 14:30:27 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-10 14:30:27 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-10 14:30:27 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-10 14:30:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-10 14:30:27 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-10-10 14:30:20 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 14:28:57 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 14:27:54 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 14:27:53 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 14:27:53 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 14:27:53 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 14:27:52 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 14:27:52 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-10 14:27:40 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-10 14:27:22 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 14:27:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 14:27:06 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-10 14:27:06 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
.
==================== Find3M  ====================
.
2013-10-09 12:48:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 12:48:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-02 20:43:01 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-23 12:57:49 916992 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 12:51:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 12:51:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 12:51:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-23 12:51:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-09-23 12:49:22 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 11:14:03 385024 ----a-w- c:\windows\system32\html.iec
2013-09-23 09:29:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-23 09:27:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-03 00:48:28 440704 ----a-w- c:\windows\CouponPrinter.ocx
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
============= FINISH: 16:38:36.48 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/18/2008 3:45:52 PM
System Uptime: 10/30/2013 3:53:04 PM (1 hours ago)
.
Motherboard: LENOVO |  | 76591PU
Processor: Intel® Core2 Duo CPU     T7300  @ 2.00GHz | None | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 6.455 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: 
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000
Manufacturer: 
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000
Service: 
.
Class GUID: 
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000
Manufacturer: 
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000
Service: 
.
Class GUID: 
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000
Manufacturer: 
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&00010008_PID&B003\7&F3B558D&0&D03761A07A84_C00000000
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP1887: 10/30/2013 10:00:13 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
7-Zip 9.22beta
Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Security Toolbar
Bonjour
Brother P-touch Address Book 1.1
Brother P-touch Editor 5.0
Brother P-touch Software
Brother QL-570 User's Guide
BufferChm
Business Contact Manager for Outlook 2007 SP2
Canon MP Navigator 2.2
Canon MP530
Canon MP530 User Registration
Canon Utilities Easy-PhotoPrint
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 
Client Security Solution
Coupon Printer for Windows
CouponBar
D3DX10
DAEMON Tools Lite
Destinations
DeviceDiscovery
DocMgr
DocProc
Download Updater (AOL LLC)
EPSON Printer Software
EPSON Scan
Fax
getPlus® for Adobe
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist Customer 1.5.0.240
GPBaseService2
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP LaserJet P2030 Series
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
hppusgP2030
HPSSupply
Hyper Electronics Mappers Utilities
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
iTunes
Java 7 Update 25
Java Auto Updater
Java 6 Update 29
Java 6 Update 7
Java SE Runtime Environment 6
JavaFX 2.1.1
Junk Mail filter update
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Power Management Driver
Lenovo Registration
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Livestation
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech Updater
Logitech Webcam Software
Logitech® Camera Driver
Maintenance Manager
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Mavis Beacon Teaches Typing 18
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
MyDsc2
NETGEAR Genie
Network
Norton 360 Premier Edition
OCR Software by I.R.I.S. 13.0
Octoshape add-in for Adobe Flash Player
On Screen Display
Panasonic Job Status Utility
Panasonic Printer Drivers
Panasonic Printing System
Panasonic RPT Network Printer Port
Panasonic Windows Firewall Setting Tool
PANTECH UML290
Picasa 3
Presentation Director
Productivity Center Supplement for ThinkPad
QUBEE WiMAX Connection Manager
Quick Logo Designer 5.0
RealPlayer
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista 
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Rescue and Recovery
Rhapsody Player Engine
RSA SecurID Software Token 1.0.1 for Web SDK
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Segoe UI
Shop for HP Supplies
ShopAtHome.com Helper
ShopAtHome.com Toolbar
Skype Click to Call
Skype™ 6.9
SmartWebPrinting
SolutionCenter
SoundMAX
Spotify
Spybot - Search & Destroy
Status
System Migration Assistant
System Update
TeleTracker Online
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility 
ThinkPad FullScreen Magnifier
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Toolbox
TrayApp
Ultimate Media Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VerizonWireless
VideoPerformer
VZAccess Manager
Wallpapers
WebCam for MSN Messenger
WebEx
WebReg
Windows Driver Package - Intel (e1express) Net  (02/27/2007 9.7.37.0)
Windows Driver Package - Intel (iaStor) hdc  (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc  (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc  (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System  (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System  (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System  (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System  (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB  (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System  (02/27/2007 1.42)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
Windows Driver Package - Ricoh Company (rismxdp) hdc  (11/18/2006 6.00.01.05)
Windows Driver Package - Ricoh Company MMC Host Controller (11/14/2006 6.00.01.04)
Windows Firewall Setting Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Worthware - CellSell H.A.C.I. Thin-Client  (162)
.
==== Event Viewer Messages From Past Week ========
.
10/30/2013 5:54:25 AM, Error: Microsoft-Windows-TBS [516]  - An error occurred while communicating with the TPM.  The driver returned 0x8007045d.
10/30/2013 4:01:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
10/30/2013 4:00:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
10/30/2013 3:57:20 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
10/30/2013 3:57:20 PM, Error: Service Control Manager [7000]  - The Windows Font Cache Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/30/2013 3:54:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.
10/30/2013 3:54:48 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/30/2013 3:54:45 PM, Error: netbt [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.
10/30/2013 10:05:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).
10/30/2013 10:01:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
10/30/2013 1:23:56 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
10/30/2013 1:21:13 PM, Error: Service Control Manager [7022]  - The KtmRm for Distributed Transaction Coordinator service hung on starting.
10/30/2013 1:18:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
10/30/2013 1:18:47 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/30/2013 1:18:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/30/2013 1:14:38 PM, Error: EventLog [6008]  - The previous system shutdown at 11:27:48 AM on 10/30/2013 was unexpected.
10/29/2013 10:25:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/29/2013 10:23:23 PM, Error: Service Control Manager [7022]  - The Windows Font Cache Service service hung on starting.
10/29/2013 10:18:34 PM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network.
10/26/2013 11:42:02 AM, Error: TPM [13]  - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs...

 

Kevin

Link to post
Share on other sites

# AdwCleaner v3.010 - Report created 30/10/2013 at 16:54:24
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista Business Service Pack 2 (32 bits)
# Username : zamanmm - ZAMANS-PC
# Running from : C:\Users\zamanmm\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater17.0.12
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Program Files\VideoPerformer
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\zamanmm\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\zamanmm\AppData\Local\PackageAware
Folder Deleted : C:\Users\zamanmm\AppData\Local\TempDir
Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\Delta
Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\zamanmm\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\zamanmm\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\zamanmm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer
Folder Deleted : C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Windows\System32\Tasks\BrowserProtect
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B86C9883-5DC6-40CC-9FE1-CC9D48DEF137}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B86C9883-5DC6-40CC-9FE1-CC9D48DEF137}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\580ded8bd3ced17
Key Deleted : HKLM\SOFTWARE\580ded8bd3ced17
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.19475
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Google Chrome v
 
[ File : C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18688 octets] - [30/10/2013 16:51:06]
AdwCleaner[s0].txt - [18838 octets] - [30/10/2013 16:54:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [18899 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013
Ran by zamanmm (administrator) on ZAMANS-PC on 30-10-2013 17:15:17
Running from C:\Users\zamanmm\Downloads
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Cisco WebEx LLC) C:\Windows\system32\atashost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Green Packet Inc.) C:\Program Files\QUBEE WCM\GPCommonService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
( ) C:\Windows\system32\lxddcoms.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Panasonic) C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe
(DEVGURU Co., LTD) C:\Windows\system32\ptumlcmsvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
() C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
() C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-08-13] (Synaptics, Inc.)
HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-07-10] (Analog Devices, Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-01-09] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [116088 2013-04-17] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RPT Msgsrv] - C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe [57344 2007-04-11] ()
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [Google Update] - C:\Users\zamanmm\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-05-05] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-10-04] (Google Inc.)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Winlogon: [shell] explorer.exe, <==== ATTENTION 
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM - {9CF68506-1165-4F58-AF48-E132E900B7A9} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {2BF21224-6482-4BDD-9468-CBC04E43465A} URL = http://websearch.shopathome.com?user_id={A01BB326-795B-45B1-B8F2-F2C91A6D2E4C}&q={searchTerms}
SearchScopes: HKCU - {9CF68506-1165-4F58-AF48-E132E900B7A9} URL = 
SearchScopes: HKCU - {A0C442CC-4F8D-48A6-81EF-9A9925374CAA} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO: ShopAtHome.com Cash Back Helper - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\zamanmm\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Move Media Player 7) - C:\Users\zamanmm\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (Coupons.com Toolbar) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0
CHR Extension: (Skype Click to Call) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Norton Identity Protection) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\zamanmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\zamanmm\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 atashost; C:\Windows\system32\atashost.exe [43912 2010-08-25] (Cisco WebEx LLC)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
S3 GoToAssist Express Customer; C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe [161144 2010-10-12] (Citrix Online, a division of Citrix Systems, Inc.)
R2 GPCommonService; C:\Program Files\QUBEE WCM\GPCommonService.exe [90112 2010-05-27] (Green Packet Inc.)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-29] (Lenovo Group Limited)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-07-20] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-07-26] (Logitech Inc.)
R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)
R2 Panasonic Trap Monitor Service; C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe [69632 2004-02-24] (Panasonic)
R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc.exe [113168 2010-11-02] (DEVGURU Co., LTD)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-02-06] (Lenovo Group Limited)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited)
R2 tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [45056 2007-01-08] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [38440 2012-06-07] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [57256 2012-06-07] (Cisco Systems, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-05] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131029.002\IDSvix86.sys [393816 2013-10-28] (Symantec Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109592 2007-07-20] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-07-20] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-07-18] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-07-18] (Logitech Inc.)
S3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu.sys [131072 2010-05-06] (MediaTek Inc.)
R2 MTKWMPROT; C:\Windows\System32\DRIVERS\mtkwmptv.sys [15360 2010-05-06] (MediaTek Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131030.001\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20131030.001\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-07-06] (CACE Technologies, Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2010-11-02] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2010-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [32123 2004-12-08] (Service & Quality Technology.)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2007-04-10] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\FRST
2013-10-30 16:53 - 2013-10-30 16:53 - 01089275 _____ (Farbar) C:\Users\zamanmm\Downloads\FRST.exe
2013-10-30 16:52 - 2013-10-30 16:52 - 00018688 _____ C:\Users\zamanmm\Downloads\AdwCleaner[R0].txt
2013-10-30 16:51 - 2013-10-30 16:58 - 00000000 ____D C:\AdwCleaner
2013-10-30 16:50 - 2013-10-30 16:50 - 01060070 _____ C:\Users\zamanmm\Downloads\AdwCleaner.exe
2013-10-30 16:37 - 2013-10-30 16:37 - 00688992 ____R (Swearware) C:\Users\zamanmm\Downloads\dds.scr
2013-10-23 21:33 - 2013-10-23 21:33 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Mozilla
2013-10-21 18:45 - 2013-10-21 18:45 - 00002104 _____ C:\{F411E7B8-6C91-4727-99BD-BADBF052C76E}
2013-10-20 07:56 - 2013-10-20 08:04 - 00000000 ____D C:\Program Files\Coupons.com CouponBar
2013-10-10 10:30 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-10 10:30 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-10 10:30 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-10 10:30 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-10 10:30 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-10 10:30 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-10 10:30 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-10 10:30 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-10 10:30 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-10 10:30 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 10:29 - 2013-09-23 08:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 10:29 - 2013-09-23 08:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 10:29 - 2013-09-23 08:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 10:29 - 2013-09-23 08:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-10 10:29 - 2013-09-23 08:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-10 10:29 - 2013-09-23 08:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 10:29 - 2013-09-23 08:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 10:29 - 2013-09-23 08:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 10:29 - 2013-09-23 08:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 10:29 - 2013-09-23 08:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-10 10:29 - 2013-09-23 08:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 10:29 - 2013-09-23 08:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-10 10:29 - 2013-09-23 08:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-10 10:29 - 2013-09-23 07:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-10 10:29 - 2013-09-23 05:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 10:29 - 2013-09-23 05:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 10:29 - 2013-09-23 05:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 10:29 - 2013-09-23 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-10 10:29 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 10:29 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-10 10:29 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:29 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 10:28 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 10:27 - 2013-07-12 05:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 10:27 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 10:27 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 10:27 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 10:27 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 10:27 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 10:27 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 10:27 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 10:27 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 10:27 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 10:27 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
 
==================== One Month Modified Files and Folders =======
 
2013-10-30 17:15 - 2012-08-13 15:35 - 00000396 ____H C:\Windows\Tasks\User_Feed_Synchronization-{DB1F06DB-C5AA-402C-8CD5-553AAD0E9856}.job
2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\FRST
2013-10-30 17:12 - 2008-07-18 15:44 - 01765851 _____ C:\Windows\WindowsUpdate.log
2013-10-30 17:10 - 2009-07-01 10:55 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000UA.job
2013-10-30 17:05 - 2008-08-01 01:18 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Skype
2013-10-30 17:05 - 2008-07-18 16:30 - 06842503 _____ C:\Users\Public\Documents\AccConnAdvanced.html
2013-10-30 17:01 - 2007-03-02 08:15 - 00025269 _____ C:\Windows\system32\PROCDB.INI
2013-10-30 17:00 - 2013-06-03 12:12 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-10-30 17:00 - 2011-09-24 15:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc7aec95b5ec60.job
2013-10-30 17:00 - 2007-03-02 08:15 - 00000480 _____ C:\Windows\system32\IPSCtrl.INI
2013-10-30 17:00 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 17:00 - 2006-11-02 08:47 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 17:00 - 2006-11-02 08:47 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 16:59 - 2008-07-18 15:45 - 00002140 _____ C:\Windows\bthservsdp.dat
2013-10-30 16:59 - 2006-11-02 09:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-30 16:58 - 2013-10-30 16:51 - 00000000 ____D C:\AdwCleaner
2013-10-30 16:53 - 2013-10-30 16:53 - 01089275 _____ (Farbar) C:\Users\zamanmm\Downloads\FRST.exe
2013-10-30 16:52 - 2013-10-30 16:52 - 00018688 _____ C:\Users\zamanmm\Downloads\AdwCleaner[R0].txt
2013-10-30 16:50 - 2013-10-30 16:50 - 01060070 _____ C:\Users\zamanmm\Downloads\AdwCleaner.exe
2013-10-30 16:49 - 2011-10-24 09:46 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 16:47 - 2012-04-05 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 16:38 - 2013-06-17 16:53 - 00024125 _____ C:\Users\zamanmm\Desktop\dds.txt
2013-10-30 16:38 - 2013-06-17 16:53 - 00019041 _____ C:\Users\zamanmm\Desktop\attach.txt
2013-10-30 16:37 - 2013-10-30 16:37 - 00688992 ____R (Swearware) C:\Users\zamanmm\Downloads\dds.scr
2013-10-30 15:53 - 2006-11-02 09:00 - 00745240 _____ C:\Windows\PFRO.log
2013-10-30 15:44 - 2012-08-14 17:12 - 00452608 _____ C:\Windows\system32\TPAPSLOG.LOG
2013-10-30 08:10 - 2011-10-18 15:02 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894235439-4067020577-3388496322-1000Core1cc8dc88cb16ea1.job
2013-10-29 10:47 - 2008-07-18 16:12 - 00000000 ____D C:\SWSHARE
2013-10-27 08:51 - 2011-04-14 14:23 - 00000000 ____D C:\Users\zamanmm\AppData\Local\CrashDumps
2013-10-23 21:33 - 2013-10-23 21:33 - 00000000 ____D C:\Users\zamanmm\AppData\Roaming\Mozilla
2013-10-21 18:45 - 2013-10-21 18:45 - 00002104 _____ C:\{F411E7B8-6C91-4727-99BD-BADBF052C76E}
2013-10-20 08:04 - 2013-10-20 07:56 - 00000000 ____D C:\Program Files\Coupons.com CouponBar
2013-10-20 08:01 - 2012-04-07 14:53 - 00000000 ____D C:\Program Files\Coupons
2013-10-18 22:01 - 2008-08-01 01:17 - 00000000 ____D C:\ProgramData\Skype
2013-10-18 22:00 - 2010-04-03 14:18 - 00000000 ___RD C:\Program Files\Skype
2013-10-18 16:46 - 2009-05-05 15:51 - 00002103 _____ C:\Users\zamanmm\Desktop\Google Chrome.lnk
2013-10-15 21:23 - 2008-09-09 14:54 - 00002587 _____ C:\Users\zamanmm\Desktop\Microsoft Office Word 2007.lnk
2013-10-15 12:21 - 2011-03-18 11:12 - 00024361 _____ C:\Windows\setupact.log
2013-10-11 17:01 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 16:50 - 2006-11-02 06:33 - 00784006 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 16:40 - 2006-11-02 08:47 - 00409200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 16:39 - 2008-08-13 15:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 16:33 - 2008-09-23 10:54 - 00029509 _____ C:\Windows\system32\lvcoinst.log
2013-10-10 11:11 - 2008-09-09 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 11:04 - 2013-07-31 10:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 10:50 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 08:48 - 2012-04-05 10:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 08:48 - 2011-06-08 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-02 16:43 - 2012-10-31 14:19 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde
 
ZeroAccess:
C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}
C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@
 
Files to move or delete:
====================
C:\Users\zamanmm\dg3rviae081105.exe
C:\Users\zamanmm\pg3rae100902.exe
 
 
Some content of TEMP:
====================
C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-30 17:07
 
==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin...

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013

Ran by zamanmm at 2013-10-30 18:18:01 Run:1

Running from C:\Users\zamanmm\Downloads

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [116088 2013-04-17] ()

C:\Users\zamanmm\AppData\Roaming\ShopAtHome

HKCU\...\Winlogon: [shell] explorer.exe, <==== ATTENTION 

HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com

BHO: ShopAtHome.com Cash Back Helper - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File

C:\Program Files\Coupons.com CouponBar

Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\zamanmm\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)

C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde

C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@

C:\Users\zamanmm\dg3rviae081105.exe

C:\Users\zamanmm\pg3rae100902.exe

C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe

End

 

 

 

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher => Value deleted successfully.

C:\Users\zamanmm\AppData\Roaming\ShopAtHome => Moved successfully.

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F} => Key deleted successfully.

HKCR\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Value deleted successfully.

HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key deleted successfully.

C:\Program Files\Coupons.com CouponBar => Moved successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully.

HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Value deleted successfully.

HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully.

HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key not found.

C:\$Recycle.Bin\S-1-5-21-3894235439-4067020577-3388496322-1000\$aefa38879ca9cef42dbf869e8ee6edde => Directory moved successfully.

C:\$Recycle.Bin\S-1-5-18\$aefa38879ca9cef42dbf869e8ee6edde => Deleted successfully.

C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde} => Moved successfully.

"C:\Users\zamanmm\AppData\Local\{aefa3887-9ca9-cef4-2dbf-869e8ee6edde}\@" => File/Directory not found.

C:\Users\zamanmm\dg3rviae081105.exe => Moved successfully.

C:\Users\zamanmm\pg3rae100902.exe => Moved successfully.

C:\Users\zamanmm\AppData\Local\Temp\Quarantine.exe => Moved successfully.

 

==== End of Fixlog ====

 

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.30.07

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19475

zamanmm :: ZAMANS-PC [administrator]

 

10/30/2013 6:20:30 PM

mbam-log-2013-10-30 (18-20-30).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234797

Time elapsed: 11 minute(s), 41 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 


 Results of screen317's Security Check version 0.99.75  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 8 Out of date! 

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

Norton 360 Premier Edition   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 MVPS Hosts File  

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 6 Update 29  

 Java 7 Update 25  

 Java SE Runtime Environment 6 

 Java 6 Update 7  

 Java version out of Date! 

 Adobe Flash Player 11.9.900.117  

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbam.exe  

 Spybot Teatimer.exe is disabled! 

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very important

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This scan took a while lol.

 

 

 

C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar113.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC2.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage62.zip Win32/Bagle.gen.zip worm

C:\AdwCleaner\Quarantine\C\Program Files\file scout\filescout.exe.vir a variant of Win32/FileScout.A application cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar113.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar46.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage62.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Users\zamanmm\AppData\Local\ea2d680b-f8b8-4c94-bac3-4eba027033fb.crx JS/Redirector.NCG trojan deleted - quarantined
Link to post
Share on other sites

Are there any remaining issues or concerns?

 

Next,

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Remove ESET Online Scanner (Only if installed)

 


Click Start, type programs and features in the Search box, and then press ENTER.
Click to select the product to be uninstalled from the listing of installed products(ESET Online Scanner), and then click Uninstall/Change from the bar that displays the available tasks to remove ESET.

Only re-boot if prompted

 

Next,

 

Download and install CCleaner from here:

 

http://www.piriform.com/ccleaner/builds Ensure to select Slim version. (No Toolbar)

 

 Then select the items you wish to clean up.

 

In the Windows Tab:

 


    Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    Clean all the entries in the "Windows Explorer" section.
    Clean all entries in the "System" section.
    Clean all entries in the "Advanced" section.
    Clean any others that you choose.
    Make sure "Wipe free space" is unticked, this will dramatically increase scan time if selected.

 

 

In the Applications Tab


     Clean all except cookies in the Firefox/Mozilla section if you use it.
     Clean all in the Opera section if you use it.
     Clean Sun Java in the Internet Section.
     Clean any others that you choose.    

 

4. Click the "Run Cleaner" button.

5. A pop up box will appear advising this process will permanently delete files from your system.

6. Click "OK" and it will scan and clean your system.

7. Click "exit" when done.

 

CCleaner is an excellent Utility and well worth keeping, bottom left hand corner of main interface is link "Online Help" use that link to get the full instructions for this very handy application.

 

Let me know if those steps complete OK..

 

kEVIN

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.