1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Getting ads on all websites in Chrome from adnxs

Discussion in 'Virus & Other Malware Removal' started by white0ut442, Nov 20, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. white0ut442

    white0ut442 Thread Starter

    Joined:
    Sep 15, 2005
    Messages:
    39
    Hi,
    This only seems to be happening in Chrome for me. I get a lot of ads on every website I visit, all from adnxs. I also see enhanced text - when I hover over the link, it says it is from DealDropDown. This started yesterday morning. Any help is greatly appreciated. Here are my logs:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:24:16 PM, on 11/20/2012
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe
    C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [F.lux] "C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe" /noshow
    O4 - Startup: Dropbox.lnk = Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: @oem16.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    O23 - Service: Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    O23 - Service: LnvMHService (LnvHotSpotSvc) - Lenovo - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
    O23 - Service: Location Task Manager (LocationTaskManager) - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 10724 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: BrowserJavaVersion: 10.9.2
    Run by Jon at 12:55:30 on 2012-11-20
    Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.8075.6353 [GMT -5:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\BtwRSupportService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\CxAudMsg64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\dashost.exe
    C:\Windows\system32\HPSIsvc.exe
    C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\SysWOW64\SAsrv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\dwm.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\taskhostex.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe
    C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [AdobeBridge] <no file>
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-System: DisableCAD = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: Interfaces\{2D4F8976-7521-422E-AFB1-95D7D088D188} : DHCPNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
    TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C}\5425D414847454254402755425645425 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    x64-Run: [Lenovo Settings Dependency Package] wscript.exe "C:\Program Files\Lenovo\SettingsDependency\cpyMachineInformation_xml.vbs"
    x64-Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
    x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-mPolicies-System: DisableCAD = dword:1
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-05 01:24; [email protected]; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\[email protected]
    FF - ExtSQL: 2012-11-05 01:24; {4324f4a6-3a89-477e-b388-6bca032df78b}; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
    FF - ExtSQL: 2012-11-12 00:23; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2012-11-5 56336]
    R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2011-12-15 2246184]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-11-4 201376]
    R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-11-5 127800]
    R2 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-11-4 501312]
    R2 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-11-4 496192]
    R2 LENOVO.TVTVCAM;Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-11-4 660032]
    R2 LocationTaskManager;Location Task Manager;C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2012-10-2 458304]
    R2 Power Manager DBC Service;Lenovo Settings Power Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-11-4 1692040]
    R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
    R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-4 342528]
    R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-9-2 4291624]
    R3 risdxc;risdxc;C:\Windows\System32\Drivers\risdxc64.sys [2012-11-4 105472]
    R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-4 43832]
    R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    S2 LnvHotSpotSvc;LnvMHService;C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [2012-11-4 457792]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
    S3 mvusbews;USB EWS Device;C:\Windows\System32\Drivers\mvusbews.sys [2012-11-5 20480]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-7-9 52736]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
    .
    =============== Created Last 30 ================
    .
    2012-11-20 06:06:17 40960 ----a-r- C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-11-20 06:06:17 40960 ----a-r- C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2012-11-20 06:06:16 -------- d-----w- C:\Program Files (x86)\Project64 1.6
    2012-11-20 06:03:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E6B20F5-2997-4C18-835E-4DACCFCE1871}\mpengine.dll
    2012-11-20 01:34:30 -------- d-----w- C:\Users\Jon\AppData\Roaming\Malwarebytes
    2012-11-20 01:34:01 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-20 01:34:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-20 01:34:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-19 08:54:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-11-19 00:45:52 -------- d-----w- C:\Users\Jon\AppData\Local\ElevatedDiagnostics
    2012-11-18 02:03:20 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
    2012-11-18 02:03:11 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
    2012-11-18 01:56:05 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
    2012-11-18 01:56:05 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
    2012-11-18 01:56:04 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
    2012-11-18 01:56:04 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
    2012-11-18 01:56:04 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
    2012-11-18 01:56:04 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
    2012-11-18 01:56:04 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
    2012-11-18 01:56:04 1048064 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
    2012-11-16 05:59:03 -------- d-----w- C:\Fraps
    2012-11-14 04:45:32 94208 ----a-w- C:\Windows\System32\synceng.dll
    2012-11-14 04:45:32 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-11-14 04:45:27 439296 ----a-w- C:\Windows\System32\ReAgent.dll
    2012-11-14 04:45:27 371712 ----a-w- C:\Windows\SysWow64\ReAgent.dll
    2012-11-14 04:45:27 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
    2012-11-14 04:45:27 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
    2012-11-14 04:45:25 4056576 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-14 04:26:30 -------- d-----w- C:\ProgramData\Redfield
    2012-11-14 03:47:50 -------- dc-h--w- C:\ProgramData\{33570351-B6F8-4097-AC41-91625CF5D4EF}
    2012-11-14 03:47:44 -------- dc-h--w- C:\ProgramData\{60E17BBA-9D2D-4E1B-BDCF-1D654329EA31}
    2012-11-14 03:47:35 -------- dc-h--w- C:\ProgramData\{961C7791-DF59-4BC0-9DC6-D2A8D3F2B1B5}
    2012-11-14 03:47:30 -------- dc-h--w- C:\ProgramData\{E7058808-8C97-4A08-99A2-015D24FDC13B}
    2012-11-14 03:47:17 -------- dc-h--w- C:\ProgramData\{90230F46-BE74-4EE2-8E60-E2EC40A3EF30}
    2012-11-14 03:47:13 -------- dc-h--w- C:\ProgramData\{C081E8AB-3AD3-4F73-A2C4-BB04BB77DB08}
    2012-11-14 03:47:04 -------- dc-h--w- C:\ProgramData\{36DC9A85-0AC4-4BA0-BEDB-99E0F95BA4F1}
    2012-11-14 03:47:01 -------- dc-h--w- C:\ProgramData\{1CD9BC02-6909-4C6D-9DE6-AD1CF151FF24}
    2012-11-14 03:47:00 -------- dc-h--w- C:\ProgramData\{0C544878-1DB6-409D-A998-0664599014C4}
    2012-11-14 03:46:54 -------- dc-h--w- C:\ProgramData\{69A57C2A-4B82-4C12-A998-7EE1C7C0256F}
    2012-11-14 03:46:45 -------- dc-h--w- C:\ProgramData\{86A7919A-1CA3-4459-8124-76C789A6402B}
    2012-11-14 03:46:41 -------- dc-h--w- C:\ProgramData\{E6FD2223-C904-40C1-A119-7C0A8A7FE045}
    2012-11-14 03:46:34 -------- dc-h--w- C:\ProgramData\{7B507839-38D8-4587-A29F-FE5A5EC55A03}
    2012-11-14 03:46:31 -------- dc-h--w- C:\ProgramData\{E176482F-0DEA-4B06-9697-D12D614FECB9}
    2012-11-14 03:46:24 -------- dc-h--w- C:\ProgramData\{8331949C-0661-45E0-BDFD-C71C7F94A6E2}
    2012-11-14 03:46:20 -------- dc-h--w- C:\ProgramData\{447B4BF8-DCC8-4693-A8CD-A6A63F5BC176}
    2012-11-14 03:46:15 -------- dc-h--w- C:\ProgramData\{A3BF8AE0-D933-4056-88A7-28E0C483C866}
    2012-11-14 03:46:11 -------- dc-h--w- C:\ProgramData\{7CAFEB17-971D-44F2-91C0-1EEC4F54E1DB}
    2012-11-14 03:46:06 -------- dc-h--w- C:\ProgramData\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}
    2012-11-14 03:46:01 -------- dc-h--w- C:\ProgramData\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}
    2012-11-14 03:45:58 -------- dc-h--w- C:\ProgramData\{AA5C05EA-7FB9-4519-BBE2-03ADD8EF0E5D}
    2012-11-14 03:45:58 -------- d-----w- C:\Program Files\Common Files\Topaz Labs
    2012-11-14 03:45:53 -------- dc-h--w- C:\ProgramData\{3C2CC1BA-EC03-48E5-A0EF-A0B455E1343F}
    2012-11-14 03:45:53 -------- d-----w- C:\Program Files (x86)\Topaz Labs
    2012-11-14 03:45:53 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs
    2012-11-14 03:40:26 -------- d-----w- C:\Users\Jon\AppData\Local\PackageAware
    2012-11-14 03:31:03 -------- d-----w- C:\Program Files (x86)\Imagenomic
    2012-11-14 03:21:04 -------- d-----w- C:\Users\Jon\AppData\Roaming\Guitar Pro 6
    2012-11-14 03:21:04 -------- d-----w- C:\ProgramData\Guitar Pro 6
    2012-11-14 03:20:07 -------- d-----w- C:\Program Files (x86)\Guitar Pro 6
    2012-11-13 23:14:13 -------- d-----w- C:\Users\Jon\.imagej
    2012-11-13 21:04:53 -------- d-----w- C:\Program Files (x86)\ImageJ
    2012-11-12 07:11:49 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-12 07:11:49 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-12 07:11:48 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-11 20:20:11 -------- d-----w- C:\Users\Jon\AppData\Local\SCE
    2012-11-11 20:20:11 -------- d-----w- C:\Crash
    2012-11-11 20:20:03 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-11-11 05:14:41 -------- d-----w- C:\Users\Jon\AppData\Local\LogMeIn Hamachi
    2012-11-11 05:14:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-11-10 21:29:17 -------- d-----w- C:\Users\Jon\AppData\Local\Diagnostics
    2012-11-10 08:09:32 -------- d-----w- C:\Users\Jon\AppData\Roaming\LOVE
    2012-11-10 04:36:36 -------- d-----w- C:\Users\Jon\AppData\Local\Macromedia
    2012-11-06 02:34:16 -------- d-----w- C:\Users\Jon\AppData\Roaming\HexChat
    2012-11-06 02:33:56 -------- d-----w- C:\Program Files\HexChat
    2012-11-06 02:33:21 -------- d-----w- C:\Users\Jon\AppData\Local\Programs
    2012-11-05 22:53:55 -------- d-sh--w- C:\Windows\ftpcache
    2012-11-05 22:53:35 127800 ----a-w- C:\Windows\System32\HPSIsvc.exe
    2012-11-05 22:53:27 74240 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HP1100PP.dll
    2012-11-05 22:53:13 1695232 ----a-w- C:\Windows\System32\HP1100SM.EXE
    2012-11-05 22:53:12 290816 ----a-w- C:\Windows\System32\HP1100LM.DLL
    2012-11-05 22:53:00 350720 ----a-w- C:\Windows\System32\mvhlewsi.dll
    2012-11-05 22:52:58 -------- d-----w- C:\Program Files\HP
    2012-11-05 22:52:57 20480 ----a-w- C:\Windows\System32\drivers\mvusbews.sys
    2012-11-05 22:52:56 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
    2012-11-05 22:52:52 82432 ----a-w- C:\Windows\System32\mvusbews.dll
    2012-11-05 22:52:47 49664 ----a-w- C:\Windows\System32\HP1100SMs.dll
    2012-11-05 18:39:55 -------- d-----w- C:\Users\Jon\AppData\Roaming\Foxit Software
    2012-11-05 17:44:14 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-11-05 17:44:12 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-11-05 17:44:09 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-11-05 17:21:07 -------- d-----w- C:\Program Files (x86)\Foxit Software
    2012-11-05 16:58:33 -------- d-----w- C:\Program Files (x86)\My Company Name
    2012-11-05 16:58:33 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
    2012-11-05 16:58:33 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-11-05 16:43:41 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2012-11-05 16:42:16 56336 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
    2012-11-05 16:42:16 11376 ------w- C:\Windows\System32\drivers\cdralw2k.sys
    2012-11-05 16:42:16 10864 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
    2012-11-05 16:06:38 -------- d-----w- C:\Users\Jon\AppData\Local\Adobe
    2012-11-05 16:01:11 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
    2012-11-05 16:01:04 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
    2012-11-05 15:58:34 -------- d-----w- C:\Program Files\Microsoft Analysis Services
    2012-11-05 15:58:34 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-11-05 15:40:56 -------- d-----w- C:\Users\Jon\AppData\Local\Microsoft Help
    2012-11-05 07:02:29 -------- d-----w- C:\Windows\en
    2012-11-05 07:02:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-11-05 07:02:13 -------- d-----w- C:\Windows\PCHEALTH
    2012-11-05 07:02:00 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DSETUP.dll
    2012-11-05 07:02:00 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DXSETUP.exe
    2012-11-05 07:02:00 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\dsetup32.dll
    2012-11-05 07:01:59 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DSETUP.dll
    2012-11-05 07:01:59 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DXSETUP.exe
    2012-11-05 07:01:59 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\dsetup32.dll
    2012-11-05 07:01:57 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DSETUP.dll
    2012-11-05 07:01:57 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DXSETUP.exe
    2012-11-05 07:01:57 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\dsetup32.dll
    2012-11-05 07:01:54 -------- d-----w- C:\Users\Jon\AppData\Local\Windows Live
    2012-11-05 07:01:02 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2012-11-05 06:34:36 -------- d-----w- C:\Program Files\Paint.NET
    2012-11-05 06:34:35 -------- d-----w- C:\Users\Jon\AppData\Local\Paint.NET
    2012-11-05 05:39:16 -------- d-----w- C:\Users\Jon\AppData\Roaming\NVIDIA
    2012-11-05 05:34:07 -------- d-----w- C:\Windows\SysWow64\NV
    2012-11-05 05:34:07 -------- d-----w- C:\Windows\System32\NV
    2012-11-05 05:32:47 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-11-05 05:26:54 -------- d-----w- C:\NVIDIA
    2012-11-05 05:07:13 -------- d-----w- C:\Windows\SysWow64\directx
    2012-11-05 05:00:02 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
    2012-11-05 03:27:39 -------- d-----w- C:\Program Files (x86)\MPC-HC
    2012-11-05 03:18:20 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll.bak
    2012-11-05 03:18:20 447488 ----a-w- C:\Windows\System32\mfds.dll.bak
    2012-11-05 03:17:52 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll.bak
    2012-11-05 03:17:52 332800 ----a-w- C:\Windows\SysWow64\mfds.dll.bak
    2012-11-05 03:16:33 -------- d-----w- C:\Users\Jon\AppData\Roaming\Shark007
    2012-11-05 03:16:33 -------- d-----w- C:\ProgramData\Shark007
    2012-11-05 03:16:30 580096 ----a-w- C:\Windows\System32\ac3filter.acm
    2012-11-05 03:16:30 4408832 ----a-w- C:\Windows\System32\x264vfw.dll
    2012-11-05 03:16:30 206336 ----a-w- C:\Windows\System32\unrar.dll
    2012-11-05 03:16:30 1417216 ----a-w- C:\Windows\System32\VSFilter.dll
    2012-11-05 03:16:30 -------- d-----w- C:\Program Files\Shark007
    2012-11-05 03:12:52 -------- d-----w- C:\Users\Jon\AppData\Roaming\Win8codecs
    2012-11-05 03:12:51 -------- d-----w- C:\Program Files (x86)\Win8codecs
    2012-11-05 03:12:31 -------- d-----w- C:\ProgramData\win8codecs
    2012-11-05 03:08:57 -------- d-----r- C:\Program Files (x86)\Skype
    2012-11-05 03:05:37 -------- d-----w- C:\Program Files\CCleaner
    2012-11-05 03:03:04 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-11-05 03:03:01 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-11-05 03:02:59 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-11-05 03:02:58 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-11-05 02:59:09 -------- d-----w- C:\Windows\ehome
    2012-11-05 02:24:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-11-05 02:24:40 -------- d-----w- C:\Users\Jon\AppData\Local\Apple Computer
    2012-11-05 02:24:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-11-05 02:24:25 -------- d-----w- C:\Program Files\iTunes
    2012-11-05 02:24:25 -------- d-----w- C:\Program Files\iPod
    2012-11-05 02:24:25 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-11-05 02:23:46 -------- d-----w- C:\Users\Jon\AppData\Local\Apple
    2012-11-05 02:23:37 -------- d-----w- C:\Program Files\Bonjour
    2012-11-05 02:23:37 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-11-05 01:29:42 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-11-05 01:27:04 -------- d-----w- C:\Users\Jon\AppData\Roaming\uTorrent
    2012-11-05 01:24:48 -------- d-----w- C:\Users\Jon\AppData\Local\Deployment
    2012-11-05 01:24:48 -------- d-----w- C:\Users\Jon\AppData\Local\Apps
    2012-11-05 01:09:47 -------- d-----w- C:\Users\Jon\AppData\Local\CRE
    2012-11-05 00:37:01 -------- d-----w- C:\Windows\Panther
    2012-11-04 23:47:45 -------- d-----r- C:\Users\Jon\Dropbox
    2012-11-04 23:45:55 -------- d-----w- C:\Users\Jon\AppData\Roaming\Dropbox
    2012-11-04 23:38:58 11272192 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2012-11-04 23:38:57 10768384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2012-11-04 23:33:57 301568 ----a-w- C:\Windows\System32\newdev.dll
    2012-11-04 23:33:57 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
    2012-11-04 23:33:56 76288 ----a-w- C:\Windows\System32\newdev.exe
    2012-11-04 23:33:56 75264 ----a-w- C:\Windows\System32\ndadmin.exe
    2012-11-04 23:33:56 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
    2012-11-04 23:33:56 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
    2012-11-04 23:33:56 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2012-11-04 23:33:56 446976 ----a-w- C:\Windows\System32\wwansvc.dll
    2012-11-04 23:31:27 -------- d-----w- C:\Windows\SysWow64\XPSViewer
    2012-11-04 23:30:32 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
    2012-11-04 23:30:32 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2012-11-04 23:30:32 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2012-11-04 23:30:32 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2012-11-04 23:30:32 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
    2012-11-04 23:30:32 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2012-11-04 23:26:49 -------- d--h--w- C:\Windows\System32\WLANProfiles
    2012-11-04 23:26:01 -------- d-----w- C:\SWWork
    2012-11-04 23:24:20 -------- d-----w- C:\Users\Jon\AppData\Roaming\Intel
    2012-11-04 23:24:12 -------- d-----w- C:\Users\Jon\Roaming
    2012-11-04 23:24:12 -------- d-----w- C:\ProgramData\Roaming
    2012-11-04 23:23:45 -------- d-----w- C:\Program Files (x86)\Cisco
    2012-11-04 23:23:44 -------- d-----w- C:\ProgramData\Intel.sav
    2012-11-04 23:22:47 -------- d-----w- C:\Windows\Downloaded Installations
    2012-11-04 23:22:45 -------- d-----w- C:\Program Files\Common Files\SPBA
    2012-11-04 23:22:45 -------- d-----w- C:\Program Files\AuthenTec
    2012-11-04 23:22:44 -------- d-----w- C:\Program Files (x86)\Common Files\SPBA
    2012-11-04 23:22:43 -------- d-----w- C:\Program Files\ThinkVantage Fingerprint Software
    2012-11-04 23:22:28 -------- d-----w- C:\SWTOOLS
    2012-11-04 23:22:04 20992 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-11-04 23:22:04 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
    2012-11-04 23:22:03 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-11-04 23:22:03 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
    2012-11-04 23:21:59 -------- d-----w- C:\Program Files\Common Files\Intel
    2012-11-04 23:21:59 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    2012-11-04 23:16:47 196608 ----a-w- C:\Windows\System32\RiSDIcon.dll
    2012-11-04 23:16:47 188416 ----a-w- C:\Windows\System32\RiMMCIcon.dll
    2012-11-04 23:16:47 105472 ----a-w- C:\Windows\System32\drivers\risdxc64.sys
    2012-11-04 23:16:47 -------- d-----w- C:\Program Files (x86)\Ricoh
    2012-11-04 23:15:55 447104 ----a-w- C:\Windows\SysWow64\SASrv.exe
    2012-11-04 23:15:19 201376 ----a-w- C:\Windows\System32\CxAudMsg64.exe
    2012-11-04 23:15:05 -------- d-----w- C:\Program Files\CONEXANT
    2012-11-04 22:57:12 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2012-11-04 22:57:12 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2012-11-04 22:56:51 -------- d-----w- C:\Windows\ja-JP
    2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP
    2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\ja
    2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP
    2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP
    2012-11-04 22:56:49 -------- d-----w- C:\Windows\SysWow64\0411
    2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\ja
    2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
    2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\drivers\ja-JP
    2012-11-04 22:56:47 -------- d-----w- C:\Windows\System32\0411
    2012-11-04 22:56:46 -------- d-----w- C:\Windows\System32\wbem\ja-JP
    2012-11-04 22:56:46 -------- d-----w- C:\sources
    2012-11-04 22:54:58 27136 ----a-w- C:\Windows\System32\drivers\ja-JP\http.sys.mui
    2012-11-04 22:40:44 -------- d-----w- C:\Program Files (x86)\Steam
    2012-11-04 22:40:44 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-11-04 22:25:55 -------- d-----w- C:\Users\Jon\AppData\Local\Google
    2012-11-04 19:10:16 -------- d-----w- C:\roms
    .
    ==================== Find3M ====================
    .
    2012-11-02 05:22:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2012-11-02 05:21:44 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2012-11-02 05:21:44 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2012-11-02 05:21:28 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll
    2012-11-02 05:20:31 39424 ----a-w- C:\Windows\System32\wuapp.exe
    2012-11-02 05:20:28 77824 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-02 05:20:28 72192 ----a-w- C:\Windows\System32\taskhostex.exe
    2012-11-02 05:20:10 141824 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-11-02 05:20:09 98304 ----a-w- C:\Windows\System32\wudriver.dll
    2012-11-02 05:20:09 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
    2012-11-02 05:20:09 17408 ----a-w- C:\Windows\System32\wuaext.dll
    2012-11-02 05:20:09 1619968 ----a-w- C:\Windows\System32\wucltux.dll
    2012-11-02 05:19:50 318464 ----a-w- C:\Windows\System32\ubpm.dll
    2012-11-02 05:01:27 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll
    2012-11-02 04:55:32 212992 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2012-11-02 04:53:13 366080 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2012-10-29 05:04:47 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2012-10-29 05:04:47 490064 ----a-w- C:\Windows\System32\AudioEng.dll
    2012-10-29 05:04:47 447792 ----a-w- C:\Windows\System32\AudioSes.dll
    2012-10-29 05:04:47 253512 ----a-w- C:\Windows\System32\audiodg.exe
    2012-10-29 03:21:53 1526784 ----a-w- C:\Windows\System32\mfcore.dll
    2012-10-29 03:21:21 267264 ----a-w- C:\Windows\System32\EncDump.dll
    2012-10-29 03:20:49 785920 ----a-w- C:\Windows\System32\audiosrv.dll
    2012-10-29 03:20:49 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
    2012-10-29 03:19:08 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2012-10-29 03:19:08 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2012-10-29 03:19:08 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2012-10-29 02:46:23 1451520 ----a-w- C:\Windows\SysWow64\mfcore.dll
    2012-10-26 22:19:09 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-26 22:19:09 695648 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-24 04:54:06 6972136 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-10-24 03:06:12 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-24 02:27:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-18 06:17:18 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
    2012-10-18 03:20:46 10096640 ----a-w- C:\Windows\System32\twinui.dll
    2012-10-18 03:18:40 2302464 ----a-w- C:\Windows\System32\authui.dll
    2012-10-18 03:18:33 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
    2012-10-18 02:46:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll
    2012-10-18 02:44:38 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
    2012-10-18 02:44:33 753664 ----a-w- C:\Windows\SysWow64\actxprxy.dll
    2012-10-12 08:08:01 27880 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2012-10-12 06:14:54 87040 ----a-w- C:\Windows\System32\srmtrace.dll
    2012-10-12 06:14:54 652800 ----a-w- C:\Windows\System32\srmscan.dll
    2012-10-12 06:14:54 30720 ----a-w- C:\Windows\System32\srm_ps.dll
    2012-10-12 06:14:54 279040 ----a-w- C:\Windows\System32\srm.dll
    2012-10-12 06:14:54 274432 ----a-w- C:\Windows\System32\srmstormod.dll
    2012-10-12 06:14:54 172032 ----a-w- C:\Windows\System32\srmshell.dll
    2012-10-12 06:14:54 1347072 ----a-w- C:\Windows\System32\srmclient.dll
    2012-10-12 06:14:54 134144 ----a-w- C:\Windows\System32\adrclient.dll
    2012-10-12 06:14:40 36352 ----a-w- C:\Windows\System32\rfxvmt.dll
    2012-10-12 06:14:39 3244032 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-10-12 06:14:34 115712 ----a-w- C:\Windows\System32\wbem\PolicMan.dll
    2012-10-12 06:13:32 109568 ----a-w- C:\Windows\System32\dskquota.dll
    2012-10-12 05:50:01 235520 ----a-w- C:\Windows\System32\rdpudd.dll
    2012-10-12 05:46:28 618496 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2012-10-12 05:41:02 987648 ----a-w- C:\Windows\SysWow64\srmclient.dll
    2012-10-12 05:41:02 68096 ----a-w- C:\Windows\SysWow64\srmtrace.dll
    2012-10-12 05:41:02 487936 ----a-w- C:\Windows\SysWow64\srmscan.dll
    2012-10-12 05:41:02 278528 ----a-w- C:\Windows\SysWow64\srm.dll
    2012-10-12 05:41:02 202240 ----a-w- C:\Windows\SysWow64\srmstormod.dll
    2012-10-12 05:41:02 15872 ----a-w- C:\Windows\SysWow64\srm_ps.dll
    2012-10-12 05:41:02 128000 ----a-w- C:\Windows\SysWow64\srmshell.dll
    2012-10-12 05:41:02 104448 ----a-w- C:\Windows\SysWow64\adrclient.dll
    2012-10-12 05:40:49 84992 ----a-w- C:\Windows\SysWow64\wbem\PolicMan.dll
    2012-10-12 05:39:54 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll
    2012-10-11 07:47:18 793200 ----a-w- C:\Windows\System32\mfplat.dll
    2012-10-11 07:35:16 2380944 ----a-w- C:\Windows\explorer.exe
    2012-10-11 07:26:44 336104 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
    2012-10-11 07:25:48 56552 ----a-w- C:\Windows\System32\drivers\sdstor.sys
    2012-10-11 07:23:33 1001192 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-10-11 07:23:32 441576 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-10-11 07:18:25 172264 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-10-11 07:16:20 1403784 ----a-w- C:\Windows\System32\winload.efi
    2012-10-11 07:16:20 1267424 ----a-w- C:\Windows\System32\winload.exe
    2012-10-11 07:16:20 1217328 ----a-w- C:\Windows\System32\winresume.efi
    2012-10-11 07:16:19 1093880 ----a-w- C:\Windows\System32\winresume.exe
    2012-10-11 07:13:54 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
    2012-10-11 07:13:51 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
    2012-10-11 07:13:49 58088 ----a-w- C:\Windows\System32\drivers\dam.sys
    2012-10-11 07:13:37 33512 ----a-w- C:\Windows\System32\drivers\battc.sys
    2012-10-11 07:08:41 562392 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-10-11 07:02:27 1636672 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
    2012-10-11 07:01:47 503080 ----a-w- C:\Windows\System32\ci.dll
    2012-10-11 05:56:41 2115952 ----a-w- C:\Windows\SysWow64\explorer.exe
    2012-10-11 05:45:58 907776 ----a-w- C:\Windows\System32\uxtheme.dll
    2012-10-11 05:45:58 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2012-10-11 05:45:58 1045504 ----a-w- C:\Windows\System32\usercpl.dll
    2012-10-11 05:45:53 3554304 ----a-w- C:\Windows\System32\tquery.dll
    2012-10-11 05:45:49 370176 ----a-w- C:\Windows\System32\SysFxUI.dll
    2012-10-11 05:45:48 579584 ----a-w- C:\Windows\System32\StructuredQuery.dll
    2012-10-11 05:45:42 505344 ----a-w- C:\Windows\System32\SpaceControl.dll
    2012-10-11 05:45:37 590848 ----a-w- C:\Windows\System32\SHCore.dll
    2012-10-11 05:45:26 945152 ----a-w- C:\Windows\System32\resetengmig.dll
    2012-10-11 05:45:26 1009664 ----a-w- C:\Windows\System32\reseteng.dll
    2012-10-11 05:45:16 55808 ----a-w- C:\Windows\System32\PCPKsp.dll
    2012-10-11 05:43:57 1294336 ----a-w- C:\Windows\System32\gdi32.dll
    2012-10-11 05:43:53 1280000 ----a-w- C:\Windows\System32\FntCache.dll
    2012-10-11 05:43:52 757760 ----a-w- C:\Windows\System32\FirewallAPI.dll
    2012-10-11 05:43:46 1836032 ----a-w- C:\Windows\System32\DWrite.dll
    2012-10-11 05:43:45 2206208 ----a-w- C:\Windows\System32\dwmcore.dll
    .
    ============= FINISH: 12:55:35.82 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro with Media Center
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/4/2012 4:45:29 PM
    System Uptime: 11/20/2012 12:45:00 AM (12 hours ago)
    .
    Motherboard: LENOVO | | 4286CTO
    Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 82.104 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\LEN0068\5&2890D699&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\LEN0068\5&2890D699&0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP2: 11/4/2012 10:12:44 PM - Installed win8codecs.
    RP3: 11/10/2012 3:01:28 AM - Installed 7-Zip 9.22 (x64 edition)
    RP4: 11/12/2012 2:11:37 AM - Installed Java 7 Update 9
    RP5: 11/13/2012 10:20:17 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP6: 11/17/2012 9:00:58 PM - Windows Update
    RP7: 11/20/2012 1:06:10 AM - Installed Project64 1.6
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.22 (x64 edition)
    Adobe AIR
    Adobe Creative Suite 6 Master Collection
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    bl
    Bonjour
    CCleaner
    Conexant 20672 SmartAudio HD
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Dropbox
    F.lux
    Foxit Reader
    Fraps
    Google Chrome
    Google Update Helper
    Guitar Pro 6
    HexChat (x64)
    HP LaserJet Professional P1100-P1560-P1600 Series
    ImageJ 1.46r
    Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
    Imagenomic Noiseware 5.0 Plug-in (build 5006)
    Intel PROSet Wireless
    Intel(R) Processor Graphics
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel® PROSet/Wireless WiFi Software
    IPFilter Updater
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Lenovo Patch Utility
    Lenovo Patch Utility 64 bit
    Lenovo Settings - Camera Audio
    Lenovo Settings Dependency Package
    Lenovo Settings Mobile Hotspot
    Lenovo System Update
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Movie Maker
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MPC-HC 1.6.4.6052
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    Paint.NET v3.5.10
    PDF Settings CS6
    ph
    Photo Common
    Photo Gallery
    PlanetSide 2 Beta
    Project64 1.6
    RICOH_Media_Driver_v2.22.18.01
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
    Skype™ 6.0
    Steam
    ThinkPad UltraNav Driver
    ThinkVantage Fingerprint Software
    Topaz Adjust 5
    Topaz Adjust 5 (64-bit)
    Topaz B&W Effects
    Topaz B&W Effects (64-bit)
    Topaz Clean 3
    Topaz Clean 3 (64-bit)
    Topaz DeJpeg 4
    Topaz DeJpeg 4 (64-bit)
    Topaz DeNoise 5
    Topaz DeNoise 5 (64-bit)
    Topaz Detail 2
    Topaz Detail 2 (64-bit)
    Topaz Fusion Express 2
    Topaz Fusion Express 2 (64-bit)
    Topaz InFocus
    Topaz InFocus (64-bit)
    Topaz Lens Effects
    Topaz Lens Effects (64-bit)
    Topaz ReMask 3
    Topaz ReMask 3 (64-bit)
    Topaz Simplify 3
    Topaz Simplify 3 (64-bit)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    Win8 x64Components v1.2.7
    win8codecs
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/20/2012 2:26:32 AM, Error: Service Control Manager [7034] - The LnvMHService service terminated unexpectedly. It has done this 1 time(s).
    11/20/2012 12:51:42 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    11/20/2012 12:45:10 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {7160A13D-73DA-4CEA-95B9-37356478588A} and APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    11/19/2012 2:37:31 PM, Error: Service Control Manager [7034] - The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).
    11/16/2012 9:31:51 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUSTIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
    11/16/2012 9:30:36 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRIS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
    11/16/2012 7:23:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer KIRA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
    11/16/2012 11:40:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
    11/15/2012 12:04:58 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 66.71.90.180. The computer with the IP address 66.71.90.211 did not allow the name to be claimed by this computer.
    11/15/2012 1:09:21 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
    11/14/2012 5:58:02 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 5 time(s).
    11/14/2012 5:39:39 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 4 time(s).
    11/14/2012 4:56:17 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 3 time(s).
    11/14/2012 4:43:48 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 2 time(s).
    11/14/2012 4:34:38 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. white0ut442

    white0ut442 Thread Starter

    Joined:
    Sep 15, 2005
    Messages:
    39
    It seems to have gone away after I ran ccleaner
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    it looks like you have a firefox problem as well according to the log with what looks like a malicious addon/extension


    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    I also need a copy of the suspicious FF extension to double check it

    Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

    Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

    please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

    Code:
    [b]
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
    [/b]
    
    
     
  5. white0ut442

    white0ut442 Thread Starter

    Joined:
    Sep 15, 2005
    Messages:
    39
    I've uploaded the file on the other site.
    Here is the adwcleaner log:
    # AdwCleaner v2.008 - Logfile created 11/21/2012 at 18:37:56
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 8 Pro with Media Center (64 bits)
    # User : Jon - JON-THINKPAD
    # Boot Mode : Normal
    # Running from : C:\Users\Jon\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.10.9200.16433

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3114 octets] - [20/11/2012 00:43:38]
    AdwCleaner[S1].txt - [3263 octets] - [20/11/2012 00:44:27]
    AdwCleaner[S2].txt - [1087 octets] - [20/11/2012 12:57:10]
    AdwCleaner[S3].txt - [1019 octets] - [21/11/2012 18:37:56]

    ########## EOF - C:\AdwCleaner[S3].txt - [1079 octets] ##########
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
  7. white0ut442

    white0ut442 Thread Starter

    Joined:
    Sep 15, 2005
    Messages:
    39
    Actually, the chrome ads just returned within the last hour :(

    Here is S1:

    # AdwCleaner v2.008 - Logfile created 11/20/2012 at 00:44:27
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 8 Pro with Media Center (64 bits)
    # User : Jon - JON-THINKPAD
    # Boot Mode : Normal
    # Running from : C:\Users\Jon\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
    Folder Deleted : C:\Users\Jon\AppData\Local\Conduit
    Folder Deleted : C:\Users\Jon\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Jon\AppData\LocalLow\uTorrentControl_v2

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKCU\Software\uTorrentControl_v2
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
    Key Deleted : HKLM\Software\uTorrentControl_v2
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7411BE57-47A7-4421-A4FE-4B2E08B92E1A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9C68BE3-39A4-4026-BE38-8AE1D3BC99C6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.10.9200.16433

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3114 octets] - [20/11/2012 00:43:38]
    AdwCleaner[S1].txt - [3136 octets] - [20/11/2012 00:44:27]

    ########## EOF - C:\AdwCleaner[S1].txt - [3196 octets] ##########
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    OK run AdwCleaner again
    Now press delete
    It will clear the problems & then offer to reboot
    please let it reboot & then post the log it makes
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    but that won't cure chrome. the only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  9. white0ut442

    white0ut442 Thread Starter

    Joined:
    Sep 15, 2005
    Messages:
    39
    I disconnected my Chrome account and reinstalled. When the install finished, the extension uTorrent Community Control Toolbar v2 was installed. I remember that this is something that showed up in the previous adwcleaner logs. I deleted the extension from Chrome. This is the log that adwcleaner made:

    # AdwCleaner v2.008 - Logfile created 11/22/2012 at 14:22:59
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 8 Pro with Media Center (64 bits)
    # User : Jon - JON-THINKPAD
    # Boot Mode : Normal
    # Running from : C:\Users\Jon\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.10.9200.16433

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3114 octets] - [20/11/2012 00:43:38]
    AdwCleaner[S1].txt - [3263 octets] - [20/11/2012 00:44:27]
    AdwCleaner[S2].txt - [1087 octets] - [20/11/2012 12:57:10]
    AdwCleaner[S3].txt - [1148 octets] - [21/11/2012 18:37:56]
    AdwCleaner[S4].txt - [1423 octets] - [22/11/2012 14:22:59]

    ########## EOF - C:\AdwCleaner[S4].txt - [1483 octets] ##########
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    how is it now
    are you still getting problems
     
  11. white0ut442

    white0ut442 Thread Starter

    Joined:
    Sep 15, 2005
    Messages:
    39
    Haven't had problems all day!
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1077645