Jump to content

PUP.Optional.Conduit.a


Recommended Posts

I performed a scan on my computer and it returned 2 entries

 

Folders Detected: 2
C:\Users\Jocelyn\AppData\Local\Temp\ct2704262 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jocelyn\AppData\Local\Temp\ct2704262\xpi (PUP.Optional.Conduit.A) -> No action taken.
 

After searching around, I found that this had been reported before but that there were no pinned resolutions so I thought it best to request advice. Gringo had previously replied requesting logs of dds  and attach. I have copied these both below to speed up the help process. I am following this topic.

 

Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Jocelyn at 17:57:19 on 2013-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6027.2458 [GMT 0:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vsnpstd3.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Users\Jocelyn\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Jocelyn\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Jocelyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
StartupFolder: C:\Users\Jocelyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jocelyn\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Jocelyn\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Jocelyn\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{54B69E14-610F-4FBE-B2CB-3FF30407A8C2} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{A9218350-65D1-4175-B3F1-692B6CB51C77} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\2424242716D6265627 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\245626F687 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\377796373736F6D6 : DHCPNameServer = 192.168.48.1
TCP: Interfaces\{C463DC97-30E5-4D2D-8F53-EC0723B701B1}\94D60756279616C6 : DHCPNameServer = 155.198.142.7 155.198.142.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jocelyn\AppData\Roaming\Mozilla\Firefox\Profiles\8eeme5az.Default User\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\Users\Jocelyn\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jocelyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jocelyn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Jocelyn\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2013-10-21 05:06; fmdownloader@gmail.com; C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-10-21 05:06; ytfmdownloader@gmail.com; C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-1-26 31344]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-8-17 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-9 32104]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-1-26 198784]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-10-21 9216]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-2-3 41832]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-8-17 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-2-3 60264]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-17 133992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-28 701512]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-1-26 101376]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-2-3 446800]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2012-2-4 1831024]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-8-17 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-17 142696]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-26 2656280]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-6-30 82544]
R2 Virtual CDAudio Service;Virtual CDAudio Service;C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [2012-12-18 179648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-3 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-28 25928]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2012-12-18 37480]
R3 rsvcdwdr;rsvcdwdr;C:\Windows\System32\drivers\rsvcdwdr.sys [2012-12-18 45192]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-1-26 1161832]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-9 144232]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-1-26 437288]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-1-26 39976]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-1-26 478056]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-28 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-1-26 87400]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-1-26 173416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456]
S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2012-12-18 37480]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-6 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-2 1255736]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-12-28 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-12-28 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-12-28 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-12-28 29288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-11-16 03:56:12    872392    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-11-13 19:19:26    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-13 19:19:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-11-13 19:19:06    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
.
==================== Find3M  ====================
.
2013-11-15 16:00:28    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 16:00:28    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 12:46:16    17813896    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 17:58:24.61 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 31/01/2012 23:34:08
System Uptime: 02/12/2013 11:20:42 (6 hours ago)
.
Motherboard: LENOVO |  | 4178CTO
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 157.646 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 613.89 GiB free.
F: is CDROM ()
Q: is FIXED (NTFS) - 16 GiB total, 6.571 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP140: 13/11/2013 05:54:51 - Scheduled Checkpoint
RP141: 15/11/2013 15:32:41 - Windows Update
RP142: 23/11/2013 16:46:46 - Scheduled Checkpoint
RP143: 28/11/2013 12:15:16 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 12.0
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATLAS.ti
Audacity 2.0.2
Audials
AudibleManager
BBC iPlayer Downloads
Bonjour
Burn.Now 4.5
calibre 64bit
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant 20672 SmartAudio HD
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Create Recovery Media
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Direct DiscRecorder
Dropbox
EndNote X5
Evernote v. 4.2.3
Freemake Youtube Mp3 Converter
FreeRIP 3.92
GIMP 2.8.2
Google Calendar Sync
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HD Tune 2.55
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
iTunes
Junk Mail filter update
LastPass (uninstall only)
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Registration
Lenovo Screen Reading Optimizer
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mendeley Desktop 1.8.1
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Lync 2010
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Movie Maker
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
On Screen Display
Photo Common
Photo Gallery
PrimoPDF -- brought to you by Nitro PDF Software
Python 3.3.2
QuickTime
R for Windows 2.15.1
RapidBoot
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
ResearchSoft Direct Export Helper
RICOH_Media_Driver_v2.13.18.02
RStudio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Skype™ 6.6
Sql Server Customer Experience Improvement Program
Stata 11
swMSM
Symantec Endpoint Protection
System Update
TagScanner 5.1.625
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad Wireless LAN Adapter Software
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
VIP Access
VLC media player 2.0.5
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011)
Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016)
Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
Windows Driver Package - Ricoh Company SD Host Controller (03/23/2011 6.10.10.30)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinZip 14.0
.
==== Event Viewer Messages From Past Week ========
.
29/11/2013 11:45:46, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.
28/11/2013 11:45:59, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
28/11/2013 03:34:04, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
27/11/2013 11:33:15, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{2C328087-19A6-4A13-8C94-BC9656B25963} because another computer on the network has the same name.  The server could not start.
27/11/2013 09:46:42, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
27/11/2013 00:27:30, Error: Service Control Manager [7031]  - The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
27/11/2013 00:27:02, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service.
27/11/2013 00:26:18, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
26/11/2013 08:39:44, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Lenovo.VIRTSCRLSVC service.
02/12/2013 00:53:01, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.
01/12/2013 12:44:41, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.74. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello dieffenbachia and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
  • Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Hi Maniac

 

Thank you for your response. It seems to have removed the problematic files! Are there any further steps?

 

Many thanks

 

Jocelyn

 

Log files:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jocelyn on 02/12/2013 at 21:27:42.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2704262
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Jocelyn\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Jocelyn\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Jocelyn\AppData\Roaming\mozilla\firefox\profiles\8eeme5az.Default User\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/12/2013 at 21:34:03.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.014 - Report created 02/12/2013 at 21:38:25
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jocelyn - JOCELYN-THINK
# Running from : C:\Users\Jocelyn\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jocelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
File Deleted : C:\Users\Jocelyn\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Jocelyn\AppData\Roaming\Mozilla\Firefox\Profiles\8eeme5az.Default User\prefs.js ]


[ File : C:\Users\Jocelyn\AppData\Roaming\Mozilla\Firefox\Profiles\qi1erxlq.Default User\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Jocelyn\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2041 octets] - [02/12/2013 21:37:53]
AdwCleaner[s0].txt - [1978 octets] - [02/12/2013 21:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2038 octets] ##########

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Jocelyn :: JOCELYN-THINK [administrator]

Protection: Enabled

02/12/2013 21:54:28
mbam-log-2013-12-02 (21-54-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223022
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Step 1

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.