Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Getting ads on all websites in Chrome from adnxs

(In Progress)
(!)

white0ut442's Avatar
white0ut442 white0ut442 is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Sep 2005
Experience: Intermediate
20-Nov-2012, 11:25 PM #1
Getting ads on all websites in Chrome from adnxs
Hi,
This only seems to be happening in Chrome for me. I get a lot of ads on every website I visit, all from adnxs. I also see enhanced text - when I hover over the link, it says it is from DealDropDown. This started yesterday morning. Any help is greatly appreciated. Here are my logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:16 PM, on 11/20/2012
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe
C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [F.lux] "C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - Startup: Dropbox.lnk = Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @oem16.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\CamMute.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: LnvMHService (LnvHotSpotSvc) - Lenovo - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
O23 - Service: Location Task Manager (LocationTaskManager) - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10724 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.9.2
Run by Jon at 12:55:30 on 2012-11-20
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.8075.6353 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Lenovo\Communications Utility\CamMute.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8 wekyb3d8bbwe\LiveComm.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe
C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dro pbox.lnk - C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{2D4F8976-7521-422E-AFB1-95D7D088D188} : DHCPNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C}\5425D414847454254402755425645425 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
x64-Run: [Lenovo Settings Dependency Package] wscript.exe "C:\Program Files\Lenovo\SettingsDependency\cpyMachineInformation_xml.vbs"
x64-Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-05 01:24; scriptish@erikvold.com; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\exte nsions\scriptish@erikvold.com.xpi
FF - ExtSQL: 2012-11-05 01:24; {4324f4a6-3a89-477e-b388-6bca032df78b}; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\exte nsions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
FF - ExtSQL: 2012-11-12 00:23; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\exte nsions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2012-11-5 56336]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2011-12-15 2246184]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-11-4 201376]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-11-5 127800]
R2 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-11-4 501312]
R2 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-11-4 496192]
R2 LENOVO.TVTVCAM;Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-11-4 660032]
R2 LocationTaskManager;Location Task Manager;C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2012-10-2 458304]
R2 Power Manager DBC Service;Lenovo Settings Power Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-11-4 1692040]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-4 342528]
R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-9-2 4291624]
R3 risdxc;risdxc;C:\Windows\System32\Drivers\risdxc64.sys [2012-11-4 105472]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-4 43832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
S2 LnvHotSpotSvc;LnvMHService;C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [2012-11-4 457792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 mvusbews;USB EWS Device;C:\Windows\System32\Drivers\mvusbews.sys [2012-11-5 20480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-7-9 52736]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2012-11-20 06:06:17 40960 ----a-r- C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-11-20 06:06:17 40960 ----a-r- C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-11-20 06:06:16 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2012-11-20 06:03:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E6B20F5-2997-4C18-835E-4DACCFCE1871}\mpengine.dll
2012-11-20 01:34:30 -------- d-----w- C:\Users\Jon\AppData\Roaming\Malwarebytes
2012-11-20 01:34:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-20 01:34:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-20 01:34:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-19 08:54:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-19 00:45:52 -------- d-----w- C:\Users\Jon\AppData\Local\ElevatedDiagnostics
2012-11-18 02:03:20 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2012-11-18 02:03:11 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2012-11-18 01:56:05 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2012-11-18 01:56:05 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
2012-11-18 01:56:04 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2012-11-18 01:56:04 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
2012-11-18 01:56:04 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2012-11-18 01:56:04 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2012-11-18 01:56:04 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2012-11-18 01:56:04 1048064 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2012-11-16 05:59:03 -------- d-----w- C:\Fraps
2012-11-14 04:45:32 94208 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 04:45:32 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-14 04:45:27 439296 ----a-w- C:\Windows\System32\ReAgent.dll
2012-11-14 04:45:27 371712 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2012-11-14 04:45:27 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
2012-11-14 04:45:27 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
2012-11-14 04:45:25 4056576 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 04:26:30 -------- d-----w- C:\ProgramData\Redfield
2012-11-14 03:47:50 -------- dc-h--w- C:\ProgramData\{33570351-B6F8-4097-AC41-91625CF5D4EF}
2012-11-14 03:47:44 -------- dc-h--w- C:\ProgramData\{60E17BBA-9D2D-4E1B-BDCF-1D654329EA31}
2012-11-14 03:47:35 -------- dc-h--w- C:\ProgramData\{961C7791-DF59-4BC0-9DC6-D2A8D3F2B1B5}
2012-11-14 03:47:30 -------- dc-h--w- C:\ProgramData\{E7058808-8C97-4A08-99A2-015D24FDC13B}
2012-11-14 03:47:17 -------- dc-h--w- C:\ProgramData\{90230F46-BE74-4EE2-8E60-E2EC40A3EF30}
2012-11-14 03:47:13 -------- dc-h--w- C:\ProgramData\{C081E8AB-3AD3-4F73-A2C4-BB04BB77DB08}
2012-11-14 03:47:04 -------- dc-h--w- C:\ProgramData\{36DC9A85-0AC4-4BA0-BEDB-99E0F95BA4F1}
2012-11-14 03:47:01 -------- dc-h--w- C:\ProgramData\{1CD9BC02-6909-4C6D-9DE6-AD1CF151FF24}
2012-11-14 03:47:00 -------- dc-h--w- C:\ProgramData\{0C544878-1DB6-409D-A998-0664599014C4}
2012-11-14 03:46:54 -------- dc-h--w- C:\ProgramData\{69A57C2A-4B82-4C12-A998-7EE1C7C0256F}
2012-11-14 03:46:45 -------- dc-h--w- C:\ProgramData\{86A7919A-1CA3-4459-8124-76C789A6402B}
2012-11-14 03:46:41 -------- dc-h--w- C:\ProgramData\{E6FD2223-C904-40C1-A119-7C0A8A7FE045}
2012-11-14 03:46:34 -------- dc-h--w- C:\ProgramData\{7B507839-38D8-4587-A29F-FE5A5EC55A03}
2012-11-14 03:46:31 -------- dc-h--w- C:\ProgramData\{E176482F-0DEA-4B06-9697-D12D614FECB9}
2012-11-14 03:46:24 -------- dc-h--w- C:\ProgramData\{8331949C-0661-45E0-BDFD-C71C7F94A6E2}
2012-11-14 03:46:20 -------- dc-h--w- C:\ProgramData\{447B4BF8-DCC8-4693-A8CD-A6A63F5BC176}
2012-11-14 03:46:15 -------- dc-h--w- C:\ProgramData\{A3BF8AE0-D933-4056-88A7-28E0C483C866}
2012-11-14 03:46:11 -------- dc-h--w- C:\ProgramData\{7CAFEB17-971D-44F2-91C0-1EEC4F54E1DB}
2012-11-14 03:46:06 -------- dc-h--w- C:\ProgramData\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}
2012-11-14 03:46:01 -------- dc-h--w- C:\ProgramData\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}
2012-11-14 03:45:58 -------- dc-h--w- C:\ProgramData\{AA5C05EA-7FB9-4519-BBE2-03ADD8EF0E5D}
2012-11-14 03:45:58 -------- d-----w- C:\Program Files\Common Files\Topaz Labs
2012-11-14 03:45:53 -------- dc-h--w- C:\ProgramData\{3C2CC1BA-EC03-48E5-A0EF-A0B455E1343F}
2012-11-14 03:45:53 -------- d-----w- C:\Program Files (x86)\Topaz Labs
2012-11-14 03:45:53 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs
2012-11-14 03:40:26 -------- d-----w- C:\Users\Jon\AppData\Local\PackageAware
2012-11-14 03:31:03 -------- d-----w- C:\Program Files (x86)\Imagenomic
2012-11-14 03:21:04 -------- d-----w- C:\Users\Jon\AppData\Roaming\Guitar Pro 6
2012-11-14 03:21:04 -------- d-----w- C:\ProgramData\Guitar Pro 6
2012-11-14 03:20:07 -------- d-----w- C:\Program Files (x86)\Guitar Pro 6
2012-11-13 23:14:13 -------- d-----w- C:\Users\Jon\.imagej
2012-11-13 21:04:53 -------- d-----w- C:\Program Files (x86)\ImageJ
2012-11-12 07:11:49 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-12 07:11:49 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-12 07:11:48 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 20:20:11 -------- d-----w- C:\Users\Jon\AppData\Local\SCE
2012-11-11 20:20:11 -------- d-----w- C:\Crash
2012-11-11 20:20:03 -------- d--h--w- C:\Windows\msdownld.tmp
2012-11-11 05:14:41 -------- d-----w- C:\Users\Jon\AppData\Local\LogMeIn Hamachi
2012-11-11 05:14:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-11-10 21:29:17 -------- d-----w- C:\Users\Jon\AppData\Local\Diagnostics
2012-11-10 08:09:32 -------- d-----w- C:\Users\Jon\AppData\Roaming\LOVE
2012-11-10 04:36:36 -------- d-----w- C:\Users\Jon\AppData\Local\Macromedia
2012-11-06 02:34:16 -------- d-----w- C:\Users\Jon\AppData\Roaming\HexChat
2012-11-06 02:33:56 -------- d-----w- C:\Program Files\HexChat
2012-11-06 02:33:21 -------- d-----w- C:\Users\Jon\AppData\Local\Programs
2012-11-05 22:53:55 -------- d-sh--w- C:\Windows\ftpcache
2012-11-05 22:53:35 127800 ----a-w- C:\Windows\System32\HPSIsvc.exe
2012-11-05 22:53:27 74240 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HP1100PP.dll
2012-11-05 22:53:13 1695232 ----a-w- C:\Windows\System32\HP1100SM.EXE
2012-11-05 22:53:12 290816 ----a-w- C:\Windows\System32\HP1100LM.DLL
2012-11-05 22:53:00 350720 ----a-w- C:\Windows\System32\mvhlewsi.dll
2012-11-05 22:52:58 -------- d-----w- C:\Program Files\HP
2012-11-05 22:52:57 20480 ----a-w- C:\Windows\System32\drivers\mvusbews.sys
2012-11-05 22:52:56 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2012-11-05 22:52:52 82432 ----a-w- C:\Windows\System32\mvusbews.dll
2012-11-05 22:52:47 49664 ----a-w- C:\Windows\System32\HP1100SMs.dll
2012-11-05 18:39:55 -------- d-----w- C:\Users\Jon\AppData\Roaming\Foxit Software
2012-11-05 17:44:14 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-05 17:44:12 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-05 17:44:09 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-05 17:21:07 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-11-05 16:58:33 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-11-05 16:58:33 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-11-05 16:58:33 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-11-05 16:43:41 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-11-05 16:42:16 56336 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-11-05 16:42:16 11376 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-11-05 16:42:16 10864 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-11-05 16:06:38 -------- d-----w- C:\Users\Jon\AppData\Local\Adobe
2012-11-05 16:01:11 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-11-05 16:01:04 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-11-05 15:58:34 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2012-11-05 15:58:34 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-11-05 15:40:56 -------- d-----w- C:\Users\Jon\AppData\Local\Microsoft Help
2012-11-05 07:02:29 -------- d-----w- C:\Windows\en
2012-11-05 07:02:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-11-05 07:02:13 -------- d-----w- C:\Windows\PCHEALTH
2012-11-05 07:02:00 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DSETUP.dll
2012-11-05 07:02:00 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DXSETUP.exe
2012-11-05 07:02:00 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\dsetup32.dll
2012-11-05 07:01:59 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DSETUP.dll
2012-11-05 07:01:59 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DXSETUP.exe
2012-11-05 07:01:59 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\dsetup32.dll
2012-11-05 07:01:57 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DSETUP.dll
2012-11-05 07:01:57 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DXSETUP.exe
2012-11-05 07:01:57 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\dsetup32.dll
2012-11-05 07:01:54 -------- d-----w- C:\Users\Jon\AppData\Local\Windows Live
2012-11-05 07:01:02 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-11-05 06:34:36 -------- d-----w- C:\Program Files\Paint.NET
2012-11-05 06:34:35 -------- d-----w- C:\Users\Jon\AppData\Local\Paint.NET
2012-11-05 05:39:16 -------- d-----w- C:\Users\Jon\AppData\Roaming\NVIDIA
2012-11-05 05:34:07 -------- d-----w- C:\Windows\SysWow64\NV
2012-11-05 05:34:07 -------- d-----w- C:\Windows\System32\NV
2012-11-05 05:32:47 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-11-05 05:26:54 -------- d-----w- C:\NVIDIA
2012-11-05 05:07:13 -------- d-----w- C:\Windows\SysWow64\directx
2012-11-05 05:00:02 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2012-11-05 03:27:39 -------- d-----w- C:\Program Files (x86)\MPC-HC
2012-11-05 03:18:20 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll.bak
2012-11-05 03:18:20 447488 ----a-w- C:\Windows\System32\mfds.dll.bak
2012-11-05 03:17:52 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll.bak
2012-11-05 03:17:52 332800 ----a-w- C:\Windows\SysWow64\mfds.dll.bak
2012-11-05 03:16:33 -------- d-----w- C:\Users\Jon\AppData\Roaming\Shark007
2012-11-05 03:16:33 -------- d-----w- C:\ProgramData\Shark007
2012-11-05 03:16:30 580096 ----a-w- C:\Windows\System32\ac3filter.acm
2012-11-05 03:16:30 4408832 ----a-w- C:\Windows\System32\x264vfw.dll
2012-11-05 03:16:30 206336 ----a-w- C:\Windows\System32\unrar.dll
2012-11-05 03:16:30 1417216 ----a-w- C:\Windows\System32\VSFilter.dll
2012-11-05 03:16:30 -------- d-----w- C:\Program Files\Shark007
2012-11-05 03:12:52 -------- d-----w- C:\Users\Jon\AppData\Roaming\Win8codecs
2012-11-05 03:12:51 -------- d-----w- C:\Program Files (x86)\Win8codecs
2012-11-05 03:12:31 -------- d-----w- C:\ProgramData\win8codecs
2012-11-05 03:08:57 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-05 03:05:37 -------- d-----w- C:\Program Files\CCleaner
2012-11-05 03:03:04 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-11-05 03:03:01 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-11-05 03:02:59 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-05 03:02:58 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-11-05 02:59:09 -------- d-----w- C:\Windows\ehome
2012-11-05 02:24:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-05 02:24:40 -------- d-----w- C:\Users\Jon\AppData\Local\Apple Computer
2012-11-05 02:24:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-05 02:24:25 -------- d-----w- C:\Program Files\iTunes
2012-11-05 02:24:25 -------- d-----w- C:\Program Files\iPod
2012-11-05 02:24:25 -------- d-----w- C:\Program Files (x86)\iTunes
2012-11-05 02:23:46 -------- d-----w- C:\Users\Jon\AppData\Local\Apple
2012-11-05 02:23:37 -------- d-----w- C:\Program Files\Bonjour
2012-11-05 02:23:37 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-11-05 01:29:42 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-11-05 01:27:04 -------- d-----w- C:\Users\Jon\AppData\Roaming\uTorrent
2012-11-05 01:24:48 -------- d-----w- C:\Users\Jon\AppData\Local\Deployment
2012-11-05 01:24:48 -------- d-----w- C:\Users\Jon\AppData\Local\Apps
2012-11-05 01:09:47 -------- d-----w- C:\Users\Jon\AppData\Local\CRE
2012-11-05 00:37:01 -------- d-----w- C:\Windows\Panther
2012-11-04 23:47:45 -------- d-----r- C:\Users\Jon\Dropbox
2012-11-04 23:45:55 -------- d-----w- C:\Users\Jon\AppData\Roaming\Dropbox
2012-11-04 23:38:58 11272192 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-04 23:38:57 10768384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-04 23:33:57 301568 ----a-w- C:\Windows\System32\newdev.dll
2012-11-04 23:33:57 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
2012-11-04 23:33:56 76288 ----a-w- C:\Windows\System32\newdev.exe
2012-11-04 23:33:56 75264 ----a-w- C:\Windows\System32\ndadmin.exe
2012-11-04 23:33:56 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
2012-11-04 23:33:56 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
2012-11-04 23:33:56 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll
2012-11-04 23:33:56 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2012-11-04 23:31:27 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2012-11-04 23:30:32 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2012-11-04 23:30:32 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2012-11-04 23:30:32 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2012-11-04 23:30:32 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2012-11-04 23:30:32 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2012-11-04 23:30:32 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2012-11-04 23:26:49 -------- d--h--w- C:\Windows\System32\WLANProfiles
2012-11-04 23:26:01 -------- d-----w- C:\SWWork
2012-11-04 23:24:20 -------- d-----w- C:\Users\Jon\AppData\Roaming\Intel
2012-11-04 23:24:12 -------- d-----w- C:\Users\Jon\Roaming
2012-11-04 23:24:12 -------- d-----w- C:\ProgramData\Roaming
2012-11-04 23:23:45 -------- d-----w- C:\Program Files (x86)\Cisco
2012-11-04 23:23:44 -------- d-----w- C:\ProgramData\Intel.sav
2012-11-04 23:22:47 -------- d-----w- C:\Windows\Downloaded Installations
2012-11-04 23:22:45 -------- d-----w- C:\Program Files\Common Files\SPBA
2012-11-04 23:22:45 -------- d-----w- C:\Program Files\AuthenTec
2012-11-04 23:22:44 -------- d-----w- C:\Program Files (x86)\Common Files\SPBA
2012-11-04 23:22:43 -------- d-----w- C:\Program Files\ThinkVantage Fingerprint Software
2012-11-04 23:22:28 -------- d-----w- C:\SWTOOLS
2012-11-04 23:22:04 20992 ----a-w- C:\Windows\System32\OpenCL.dll
2012-11-04 23:22:04 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2012-11-04 23:22:03 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-11-04 23:22:03 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2012-11-04 23:21:59 -------- d-----w- C:\Program Files\Common Files\Intel
2012-11-04 23:21:59 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-11-04 23:16:47 196608 ----a-w- C:\Windows\System32\RiSDIcon.dll
2012-11-04 23:16:47 188416 ----a-w- C:\Windows\System32\RiMMCIcon.dll
2012-11-04 23:16:47 105472 ----a-w- C:\Windows\System32\drivers\risdxc64.sys
2012-11-04 23:16:47 -------- d-----w- C:\Program Files (x86)\Ricoh
2012-11-04 23:15:55 447104 ----a-w- C:\Windows\SysWow64\SASrv.exe
2012-11-04 23:15:19 201376 ----a-w- C:\Windows\System32\CxAudMsg64.exe
2012-11-04 23:15:05 -------- d-----w- C:\Program Files\CONEXANT
2012-11-04 22:57:12 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2012-11-04 22:57:12 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2012-11-04 22:56:51 -------- d-----w- C:\Windows\ja-JP
2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP
2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\ja
2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP
2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP
2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\0411
2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\ja
2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\drivers\ja-JP
2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\0411
2012-11-04 22:56:46 -------- d-----w- C:\Windows\System32\wbem\ja-JP
2012-11-04 22:56:46 -------- d-----w- C:\sources
2012-11-04 22:54:58 27136 ----a-w- C:\Windows\System32\drivers\ja-JP\http.sys.mui
2012-11-04 22:40:44 -------- d-----w- C:\Program Files (x86)\Steam
2012-11-04 22:40:44 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-11-04 22:25:55 -------- d-----w- C:\Users\Jon\AppData\Local\Google
2012-11-04 19:10:16 -------- d-----w- C:\roms
.
==================== Find3M ====================
.
2012-11-02 05:22:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-11-02 05:21:44 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-11-02 05:21:44 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-11-02 05:21:28 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll
2012-11-02 05:20:31 39424 ----a-w- C:\Windows\System32\wuapp.exe
2012-11-02 05:20:28 77824 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-02 05:20:28 72192 ----a-w- C:\Windows\System32\taskhostex.exe
2012-11-02 05:20:10 141824 ----a-w- C:\Windows\System32\wuwebv.dll
2012-11-02 05:20:09 98304 ----a-w- C:\Windows\System32\wudriver.dll
2012-11-02 05:20:09 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2012-11-02 05:20:09 17408 ----a-w- C:\Windows\System32\wuaext.dll
2012-11-02 05:20:09 1619968 ----a-w- C:\Windows\System32\wucltux.dll
2012-11-02 05:19:50 318464 ----a-w- C:\Windows\System32\ubpm.dll
2012-11-02 05:01:27 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll
2012-11-02 04:55:32 212992 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-11-02 04:53:13 366080 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-10-29 05:04:47 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2012-10-29 05:04:47 490064 ----a-w- C:\Windows\System32\AudioEng.dll
2012-10-29 05:04:47 447792 ----a-w- C:\Windows\System32\AudioSes.dll
2012-10-29 05:04:47 253512 ----a-w- C:\Windows\System32\audiodg.exe
2012-10-29 03:21:53 1526784 ----a-w- C:\Windows\System32\mfcore.dll
2012-10-29 03:21:21 267264 ----a-w- C:\Windows\System32\EncDump.dll
2012-10-29 03:20:49 785920 ----a-w- C:\Windows\System32\audiosrv.dll
2012-10-29 03:20:49 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2012-10-29 03:19:08 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2012-10-29 03:19:08 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2012-10-29 03:19:08 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2012-10-29 02:46:23 1451520 ----a-w- C:\Windows\SysWow64\mfcore.dll
2012-10-26 22:19:09 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 22:19:09 695648 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-24 04:54:06 6972136 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-24 03:06:12 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-24 02:27:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-18 06:17:18 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2012-10-18 03:20:46 10096640 ----a-w- C:\Windows\System32\twinui.dll
2012-10-18 03:18:40 2302464 ----a-w- C:\Windows\System32\authui.dll
2012-10-18 03:18:33 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2012-10-18 02:46:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll
2012-10-18 02:44:38 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2012-10-18 02:44:33 753664 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2012-10-12 08:08:01 27880 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-10-12 06:14:54 87040 ----a-w- C:\Windows\System32\srmtrace.dll
2012-10-12 06:14:54 652800 ----a-w- C:\Windows\System32\srmscan.dll
2012-10-12 06:14:54 30720 ----a-w- C:\Windows\System32\srm_ps.dll
2012-10-12 06:14:54 279040 ----a-w- C:\Windows\System32\srm.dll
2012-10-12 06:14:54 274432 ----a-w- C:\Windows\System32\srmstormod.dll
2012-10-12 06:14:54 172032 ----a-w- C:\Windows\System32\srmshell.dll
2012-10-12 06:14:54 1347072 ----a-w- C:\Windows\System32\srmclient.dll
2012-10-12 06:14:54 134144 ----a-w- C:\Windows\System32\adrclient.dll
2012-10-12 06:14:40 36352 ----a-w- C:\Windows\System32\rfxvmt.dll
2012-10-12 06:14:39 3244032 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-10-12 06:14:34 115712 ----a-w- C:\Windows\System32\wbem\PolicMan.dll
2012-10-12 06:13:32 109568 ----a-w- C:\Windows\System32\dskquota.dll
2012-10-12 05:50:01 235520 ----a-w- C:\Windows\System32\rdpudd.dll
2012-10-12 05:46:28 618496 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-10-12 05:41:02 987648 ----a-w- C:\Windows\SysWow64\srmclient.dll
2012-10-12 05:41:02 68096 ----a-w- C:\Windows\SysWow64\srmtrace.dll
2012-10-12 05:41:02 487936 ----a-w- C:\Windows\SysWow64\srmscan.dll
2012-10-12 05:41:02 278528 ----a-w- C:\Windows\SysWow64\srm.dll
2012-10-12 05:41:02 202240 ----a-w- C:\Windows\SysWow64\srmstormod.dll
2012-10-12 05:41:02 15872 ----a-w- C:\Windows\SysWow64\srm_ps.dll
2012-10-12 05:41:02 128000 ----a-w- C:\Windows\SysWow64\srmshell.dll
2012-10-12 05:41:02 104448 ----a-w- C:\Windows\SysWow64\adrclient.dll
2012-10-12 05:40:49 84992 ----a-w- C:\Windows\SysWow64\wbem\PolicMan.dll
2012-10-12 05:39:54 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll
2012-10-11 07:47:18 793200 ----a-w- C:\Windows\System32\mfplat.dll
2012-10-11 07:35:16 2380944 ----a-w- C:\Windows\explorer.exe
2012-10-11 07:26:44 336104 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2012-10-11 07:25:48 56552 ----a-w- C:\Windows\System32\drivers\sdstor.sys
2012-10-11 07:23:33 1001192 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-10-11 07:23:32 441576 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-10-11 07:18:25 172264 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-10-11 07:16:20 1403784 ----a-w- C:\Windows\System32\winload.efi
2012-10-11 07:16:20 1267424 ----a-w- C:\Windows\System32\winload.exe
2012-10-11 07:16:20 1217328 ----a-w- C:\Windows\System32\winresume.efi
2012-10-11 07:16:19 1093880 ----a-w- C:\Windows\System32\winresume.exe
2012-10-11 07:13:54 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-10-11 07:13:51 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-10-11 07:13:49 58088 ----a-w- C:\Windows\System32\drivers\dam.sys
2012-10-11 07:13:37 33512 ----a-w- C:\Windows\System32\drivers\battc.sys
2012-10-11 07:08:41 562392 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-10-11 07:02:27 1636672 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2012-10-11 07:01:47 503080 ----a-w- C:\Windows\System32\ci.dll
2012-10-11 05:56:41 2115952 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-10-11 05:45:58 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2012-10-11 05:45:58 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-10-11 05:45:58 1045504 ----a-w- C:\Windows\System32\usercpl.dll
2012-10-11 05:45:53 3554304 ----a-w- C:\Windows\System32\tquery.dll
2012-10-11 05:45:49 370176 ----a-w- C:\Windows\System32\SysFxUI.dll
2012-10-11 05:45:48 579584 ----a-w- C:\Windows\System32\StructuredQuery.dll
2012-10-11 05:45:42 505344 ----a-w- C:\Windows\System32\SpaceControl.dll
2012-10-11 05:45:37 590848 ----a-w- C:\Windows\System32\SHCore.dll
2012-10-11 05:45:26 945152 ----a-w- C:\Windows\System32\resetengmig.dll
2012-10-11 05:45:26 1009664 ----a-w- C:\Windows\System32\reseteng.dll
2012-10-11 05:45:16 55808 ----a-w- C:\Windows\System32\PCPKsp.dll
2012-10-11 05:43:57 1294336 ----a-w- C:\Windows\System32\gdi32.dll
2012-10-11 05:43:53 1280000 ----a-w- C:\Windows\System32\FntCache.dll
2012-10-11 05:43:52 757760 ----a-w- C:\Windows\System32\FirewallAPI.dll
2012-10-11 05:43:46 1836032 ----a-w- C:\Windows\System32\DWrite.dll
2012-10-11 05:43:45 2206208 ----a-w- C:\Windows\System32\dwmcore.dll
.
============= FINISH: 12:55:35.82 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume2
Install Date: 11/4/2012 4:45:29 PM
System Uptime: 11/20/2012 12:45:00 AM (12 hours ago)
.
Motherboard: LENOVO | | 4286CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 82.104 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\LEN0068\5&2890D699&0
Manufacturer:
Name:
PNP Device ID: ACPI\LEN0068\5&2890D699&0
Service:
.
==== System Restore Points ===================
.
RP2: 11/4/2012 10:12:44 PM - Installed win8codecs.
RP3: 11/10/2012 3:01:28 AM - Installed 7-Zip 9.22 (x64 edition)
RP4: 11/12/2012 2:11:37 AM - Installed Java 7 Update 9
RP5: 11/13/2012 10:20:17 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP6: 11/17/2012 9:00:58 PM - Windows Update
RP7: 11/20/2012 1:06:10 AM - Installed Project64 1.6
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22 (x64 edition)
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 Plugin
Adobe Help Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
bl
Bonjour
CCleaner
Conexant 20672 SmartAudio HD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
F.lux
Foxit Reader
Fraps
Google Chrome
Google Update Helper
Guitar Pro 6
HexChat (x64)
HP LaserJet Professional P1100-P1560-P1600 Series
ImageJ 1.46r
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
Imagenomic Noiseware 5.0 Plug-in (build 5006)
Intel PROSet Wireless
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® PROSet/Wireless WiFi Software
IPFilter Updater
iTunes
Java 7 Update 9
Java Auto Updater
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Settings - Camera Audio
Lenovo Settings Dependency Package
Lenovo Settings Mobile Hotspot
Lenovo System Update
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.4.6052
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
Paint.NET v3.5.10
PDF Settings CS6
ph
Photo Common
Photo Gallery
PlanetSide 2 Beta
Project64 1.6
RICOH_Media_Driver_v2.22.18.01
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
Skype™ 6.0
Steam
ThinkPad UltraNav Driver
ThinkVantage Fingerprint Software
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz B&W Effects
Topaz B&W Effects (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Win8 x64Components v1.2.7
win8codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
11/20/2012 2:26:32 AM, Error: Service Control Manager [7034] - The LnvMHService service terminated unexpectedly. It has done this 1 time(s).
11/20/2012 12:51:42 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
11/20/2012 12:45:10 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {7160A13D-73DA-4CEA-95B9-37356478588A} and APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
11/19/2012 2:37:31 PM, Error: Service Control Manager [7034] - The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).
11/16/2012 9:31:51 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUSTIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 9:30:36 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRIS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 7:23:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer KIRA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 11:40:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/15/2012 12:04:58 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 66.71.90.180. The computer with the IP address 66.71.90.211 did not allow the name to be claimed by this computer.
11/15/2012 1:09:21 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
11/14/2012 5:58:02 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 5 time(s).
11/14/2012 5:39:39 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 4 time(s).
11/14/2012 4:56:17 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 3 time(s).
11/14/2012 4:43:48 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 2 time(s).
11/14/2012 4:34:38 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
white0ut442's Avatar
white0ut442 white0ut442 is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Sep 2005
Experience: Intermediate
21-Nov-2012, 03:48 AM #2
It seems to have gone away after I ran ccleaner
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,299 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Nov-2012, 05:14 AM #3
it looks like you have a firefox problem as well according to the log with what looks like a malicious addon/extension


Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,299 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Nov-2012, 05:21 AM #4
I also need a copy of the suspicious FF extension to double check it

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

Code:

C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
white0ut442's Avatar
white0ut442 white0ut442 is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Sep 2005
Experience: Intermediate
21-Nov-2012, 07:46 PM #5
I've uploaded the file on the other site.
Here is the adwcleaner log:
# AdwCleaner v2.008 - Logfile created 11/21/2012 at 18:37:56
# Updated 17/11/2012 by Xplode
# Operating system : Windows 8 Pro with Media Center (64 bits)
# User : Jon - JON-THINKPAD
# Boot Mode : Normal
# Running from : C:\Users\Jon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.10.9200.16433

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\pref s.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3114 octets] - [20/11/2012 00:43:38]
AdwCleaner[S1].txt - [3263 octets] - [20/11/2012 00:44:27]
AdwCleaner[S2].txt - [1087 octets] - [20/11/2012 12:57:10]
AdwCleaner[S3].txt - [1019 octets] - [21/11/2012 18:37:56]

########## EOF - C:\AdwCleaner[S3].txt - [1079 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,299 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Nov-2012, 08:48 PM #6
the suspicious FF addon seems to be OK and is https://addons.mozilla.org/En-us/fir...n/turkopticon/

are you still getting the chrome problems

can you post the AdwCleaner[S1].txt so I can see what it did fix as you have only posted the second run, not the first one
white0ut442's Avatar
white0ut442 white0ut442 is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Sep 2005
Experience: Intermediate
21-Nov-2012, 11:48 PM #7
Actually, the chrome ads just returned within the last hour

Here is S1:

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 00:44:27
# Updated 17/11/2012 by Xplode
# Operating system : Windows 8 Pro with Media Center (64 bits)
# User : Jon - JON-THINKPAD
# Boot Mode : Normal
# Running from : C:\Users\Jon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\Users\Jon\AppData\Local\Conduit
Folder Deleted : C:\Users\Jon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jon\AppData\LocalLow\uTorrentControl_v2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7411BE57-47A7-4421-A4FE-4B2E08B92E1A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9C68BE3-39A4-4026-BE38-8AE1D3BC99C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorre ntControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.10.9200.16433

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\pref s.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3114 octets] - [20/11/2012 00:43:38]
AdwCleaner[S1].txt - [3136 octets] - [20/11/2012 00:44:27]

########## EOF - C:\AdwCleaner[S1].txt - [3196 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,299 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Nov-2012, 04:21 AM #8
OK run AdwCleaner again
Now press delete
It will clear the problems & then offer to reboot
please let it reboot & then post the log it makes
The logfile will also be saved in C:\AdwCleaner[S1].txt

but that won't cure chrome. the only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
Then reboot & reinstall chrome
white0ut442's Avatar
white0ut442 white0ut442 is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Sep 2005
Experience: Intermediate
22-Nov-2012, 03:27 PM #9
I disconnected my Chrome account and reinstalled. When the install finished, the extension uTorrent Community Control Toolbar v2 was installed. I remember that this is something that showed up in the previous adwcleaner logs. I deleted the extension from Chrome. This is the log that adwcleaner made:

# AdwCleaner v2.008 - Logfile created 11/22/2012 at 14:22:59
# Updated 17/11/2012 by Xplode
# Operating system : Windows 8 Pro with Media Center (64 bits)
# User : Jon - JON-THINKPAD
# Boot Mode : Normal
# Running from : C:\Users\Jon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedai eimbmdda

***** [Internet Browsers] *****

-\\ Internet Explorer v9.10.9200.16433

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\pref s.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3114 octets] - [20/11/2012 00:43:38]
AdwCleaner[S1].txt - [3263 octets] - [20/11/2012 00:44:27]
AdwCleaner[S2].txt - [1087 octets] - [20/11/2012 12:57:10]
AdwCleaner[S3].txt - [1148 octets] - [21/11/2012 18:37:56]
AdwCleaner[S4].txt - [1423 octets] - [22/11/2012 14:22:59]

########## EOF - C:\AdwCleaner[S4].txt - [1483 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,299 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Nov-2012, 04:48 PM #10
how is it now
are you still getting problems
white0ut442's Avatar
white0ut442 white0ut442 is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Sep 2005
Experience: Intermediate
23-Nov-2012, 09:03 PM #11
Haven't had problems all day!
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,299 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Nov-2012, 04:30 AM #12
go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑