1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop Ups Very are driving us crazy!!!

Discussion in 'Virus & Other Malware Removal' started by mdr411, Sep 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mdr411

    mdr411 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    2
    Hello all! Nice to meet everyone. I am here because I really need some help. The pop ups on our new computer are driving us crazy. We recently purchased a brand new Lenovo ideacentre all in one type deal. Now, every time I open a new window I get a pop up asking me to download something like adobe or some other software that I don't need. Or it's a pop up trying to get me to buy a trial offer of some product. We also have floating pop ups all over the place. Like if I do a google search there will be an ad under the google name. Also, while I'm reading a web page there will be two little blue lines underneath certain words in the text and when I float over them expand into a link or pop up looking box. I read all of the sticky's and posted the logs from the directions here. I really hope someone here can help us...thanks!!!

    1. Here is the info from the log from hijackthis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:13:36 PM, on 9/16/2013
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v10.0 (10.00.9200.16688)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Stephanie\AppData\Roaming\Yontoo\YontooDesktop.exe
    C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe
    C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
    C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Stephanie\Desktop\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...M=2&UP=SP154C6D13-CBF6-45BE-B1C6-ED8C76E04E0E
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SySaver - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Stephanie\AppData\Local\SySaver\temp.dat
    O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    O2 - BHO: MixiDJ V44 - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    O2 - BHO: Data Manager - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O2 - BHO: SelectionLinksBHO - {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - C:\Program Files (x86)\OApps\SelectionLinks.dll
    O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
    O3 - Toolbar: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
    O4 - HKLM\..\Run: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
    O4 - HKLM\..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
    O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
    O4 - HKLM\..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe 1
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
    O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\Stephanie\AppData\Roaming\Yontoo\YontooDesktop.exe"
    O4 - HKCU\..\Run: [SearchProtect] C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
    O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Stephanie\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 7750c1c4e7a747d39dcd314fa0242e32-9e3600e81d584a1cf7c4c4f703f3a4004a5c6c7f --CMPID 0913a
    O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user')
    O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) -
    O16 - DPF: {C87ACE20-4BA7-11D4-AD69-0000F80020BC} (MEDITECHAppDwnld) - https://www.meditech.com/employees/Pages/Software/MTAppDwn.exe
    O20 - AppInit_DLLs: c:\progra~3\wincert\win32c~1.dll c:\progra~2\search~1\datamngr\mgrldr.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    O23 - Service: @oem13.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc. - C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe
    O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: MEDITECH Application Manager (MTAppManager) - MEDITECH - C:\Program Files (x86)\MEDITECH\MTAppDwn.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
    O23 - Service: USB Reset Service (Reset USB Service) - Unknown owner - C:\Windows\ResetUSBService\ResetUSBService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13784 bytes

    2. Here are the logs from step 2:

    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\windows\system32\BtwRSupportService.exe
    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe
    C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\windows\system32\dashost.exe
    C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
    C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\MEDITECH\MTAppDwn.exe
    C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    C:\windows\SysWOW64\NLSSRV32.EXE
    C:\Windows\ResetUSBService\ResetUSBService.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\dwm.exe
    C:\windows\system32\taskhostex.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Users\Stephanie\AppData\Roaming\Yontoo\YontooDesktop.exe
    C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe
    C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe
    C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\msiexec.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\System32\ThumbnailExtractionHost.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com/?ctid=CT3298580&octid=CT3298580&SearchSource=61&CUI=UN17623959112428694&UM=2&UP=SP154C6D13-CBF6-45BE-B1C6-ED8C76E04E0E
    uDefault_Page_URL = hxxp://lenovo13.msn.com
    uURLSearchHooks: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    mURLSearchHooks: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Stephanie\AppData\Local\SySaver\temp.dat
    BHO: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    BHO: Data Manager: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll
    BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO: SelectionLinks: {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - C:\Program Files (x86)\OApps\SelectionLinks.dll
    TB: MixiDJ V44 Toolbar: {90A1B331-C2B4-4933-9F63-BA7B84D60D58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    TB: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
    TB: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
    uRun: [Yontoo Desktop] "C:\Users\Stephanie\AppData\Roaming\Yontoo\YontooDesktop.exe"
    uRun: [SearchProtect] C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe
    uRun: [GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
    uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Stephanie\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 7750c1c4e7a747d39dcd314fa0242e32-9e3600e81d584a1cf7c4c4f703f3a4004a5c6c7f --CMPID 0913a
    mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
    mRun: [Lenovo Silver Silk Wireless Keyboard] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
    mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
    mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
    mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
    mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe 1
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
    mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
    StartupFolder: C:\Users\STEPHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
    DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
    DPF: {C87ACE20-4BA7-11D4-AD69-0000F80020BC} - hxxps://www.meditech.com/employees/Pages/Software/MTAppDwn.exe
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{F5B590F0-5C7A-4C2F-8149-96C64A297488} : DHCPNameServer = 192.168.1.1
    AppInit_DLLs= c:\progra~3\wincert\win32c~1.dll c:\progra~2\search~1\datamngr\mgrldr.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Data Manager: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\v31w4jp5.default\
    FF - prefs.js: browser.search.selectedEngine - Search Results
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3298580&ctid=CT3298580&SearchSource=2&CUI=UN35056727917470130&UM=2&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
    FF - plugin: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\v31w4jp5.default\extensions\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\v31w4jp5.default\extensions\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: C:\Users\Stephanie\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: !HIDDEN! 2013-04-06 21:06; [email protected]; C:\Users\Stephanie\AppData\Roaming\Mozilla\Extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2013-07-02 05:57; [email protected]; C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 045e4785000000000000e006e6c0c7c1
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15802
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.021:06:21
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-9-5 45880]
    R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\Drivers\ddcdrv.sys [2013-1-17 20832]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
    R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
    R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-24 32808]
    R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2013-1-17 2252600]
    R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-4-11 93984]
    R2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe [2013-4-9 4557824]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-4-27 107520]
    R2 IdeaTouch.LocalDataServer.Education;IdeaTouch.LocalDataServer.Education;C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [2013-1-17 7680]
    R2 IdeaTouch.LocalDataServer.Game;IdeaTouch.LocalDataServer.Game;C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [2013-1-17 7680]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-17 165664]
    R2 MTAppManager;MEDITECH Application Manager;C:\Program Files (x86)\MEDITECH\MTAppDwn.exe [2013-3-10 255280]
    R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-11-18 230408]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-18 70152]
    R2 Reset USB Service;USB Reset Service;C:\Windows\ResetUSBService\ResetUSBService.exe [2013-1-17 7168]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-17 364832]
    R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2013-1-17 56136]
    R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-4-6 23552]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2013-1-17 164152]
    R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2013-1-17 156472]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2013-1-17 40248]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-1 342528]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\Drivers\RtsP2Stor.sys [2013-1-17 266896]
    R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-1-17 683664]
    R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498768]
    R3 VMC412;Vimicro Camera Service VMC412;C:\windows\System32\Drivers\vmc412.sys [2013-1-17 232576]
    R3 vmuacflt;Vimicro USB Audio Filter;C:\windows\System32\Drivers\vmuacflt.sys [2013-1-17 13696]
    S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
    S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498768]
    S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-1-17 102376]
    .
    =============== Created Last 30 ================
    .
    2013-09-13 20:32:01 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
    2013-09-11 11:52:02 3959296 ----a-w- C:\windows\System32\jscript9.dll
    2013-09-05 05:43:42 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
    2013-08-21 20:43:20 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
    2013-08-21 20:43:20 1314816 ----a-w- C:\windows\System32\rpcrt4.dll
    2013-08-21 20:43:19 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-08-21 20:41:44 1889280 ----a-w- C:\windows\System32\crypt32.dll
    2013-08-21 20:41:43 98304 ----a-w- C:\windows\System32\apprepsync.dll
    2013-08-21 20:41:43 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
    2013-08-21 20:41:43 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
    2013-08-21 20:41:43 68096 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-08-21 20:41:43 337408 ----a-w- C:\windows\System32\wintrust.dll
    2013-08-21 20:41:43 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
    2013-08-21 20:41:43 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-08-21 20:41:43 124416 ----a-w- C:\windows\System32\apprepapi.dll
    .
    ==================== Find3M ====================
    .
    2013-09-10 21:02:05 9430408 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-09-05 20:09:17 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-05 20:09:17 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll
    2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll
    2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll
    2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
    2013-08-21 02:05:28 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
    2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
    2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
    2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
    2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
    2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
    2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
    2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
    2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
    2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
    2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
    2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
    2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
    2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
    2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
    2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
    2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
    2013-08-07 11:45:03 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-08-07 11:45:03 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
    2013-08-07 11:45:03 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2013-08-03 04:30:14 4038144 ----a-w- C:\windows\System32\win32k.sys
    2013-07-20 05:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys
    2013-07-20 05:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
    2013-07-20 05:50:56 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
    2013-07-20 05:50:50 206648 ----a-w- C:\windows\System32\drivers\avgldx64.sys
    2013-07-18 06:04:48 248632 ----a-w- C:\windows\System32\drivers\avgwfpa.sys
    2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
    2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe
    2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe
    2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
    2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll
    2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll
    2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll
    2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll
    2013-07-06 00:16:17 1025024 ----a-w- C:\windows\System32\localspl.dll
    2013-07-03 00:23:43 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-07-03 00:23:12 778752 ----a-w- C:\windows\System32\oleaut32.dll
    2013-07-03 00:22:26 1300480 ----a-w- C:\windows\System32\gdi32.dll
    2013-07-03 00:11:23 268800 ----a-w- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
    2013-07-03 00:11:02 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
    2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys
    2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys
    2013-07-01 05:45:28 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
    2013-06-30 22:30:14 67072 ----a-w- C:\windows\SysWow64\openfiles.exe
    2013-06-30 22:29:22 77312 ----a-w- C:\windows\System32\openfiles.exe
    2013-06-29 06:15:54 195416 ----a-w- C:\windows\System32\drivers\sdbus.sys
    2013-06-29 06:15:47 125784 ----a-w- C:\windows\System32\drivers\dumpsd.sys
    2013-06-29 05:43:16 327512 ----a-w- C:\windows\System32\drivers\Classpnp.sys
    2013-06-29 01:12:01 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
    2013-06-26 03:01:38 321536 ----a-w- C:\windows\System32\drivers\udfs.sys
    2013-06-26 02:59:34 341504 ----a-w- C:\windows\System32\drivers\HdAudio.sys
    2013-06-24 22:54:52 447488 ----a-w- C:\windows\System32\wwansvc.dll
    2013-06-24 22:54:45 74240 ----a-w- C:\windows\System32\wcmcsp.dll
    2013-06-24 22:54:45 263680 ----a-w- C:\windows\System32\wcmsvc.dll
    2013-06-19 05:36:21 183808 ----a-w- C:\windows\System32\winmmbase.dll
    2013-06-19 05:36:21 115712 ----a-w- C:\windows\System32\winmm.dll
    2013-06-18 22:38:00 160256 ----a-w- C:\windows\SysWow64\winmmbase.dll
    2013-06-18 22:38:00 125440 ----a-w- C:\windows\SysWow64\winmm.dll
    .
    ============= FINISH: 18:05:47.01 ===============

    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/10/2013 3:12:33 PM
    System Uptime: 9/12/2013 6:53:41 PM (96 hours ago)
    .
    Motherboard: LENOVO | | MAHOBAY
    Processor: Intel(R) Core(TM) i3-2130 CPU @ 3.40GHz | SOCKET 0 | 3400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 905 GiB total, 868.566 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP28: 8/29/2013 8:12:02 AM - Scheduled Checkpoint
    RP29: 9/7/2013 9:58:42 AM - Scheduled Checkpoint
    RP30: 9/11/2013 8:02:05 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Amazon Browser App
    AngryBirds
    AVG 2013
    Cisco WebEx Meetings
    Comparing
    DefaultTab
    Dolby Advanced Audio v2
    Download Manager and Options
    Driver & Application Installation
    EducationPortal
    Find the Differences
    Finding the Letters
    Free Download Manager 3.8
    FreeRide Games
    Fruits
    GamePortal
    Google Chrome
    Google Update Helper
    Intel AppUp(SM) center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    IntelĀ® Trusted Connect Service Client
    InternetHelper3 Chrome Toolbar
    Java 7 Update 25
    Java Auto Updater
    Lenovo Bluetooth with Enhanced Data Rate Software
    Lenovo Dynamic Brightness System
    Lenovo Eye Distance System
    Lenovo Photos
    Lenovo Power2Go
    Lenovo PowerDVD10
    Lenovo Rescue System
    Lenovo Silver Silk Wireless Keyboard
    Lenovo USB2.0 UVC Camera
    Lenovo YouCam
    Mammals
    Matching Roles
    MEDITECH Alert Server
    MEDITECH core
    MEDITECH Workstation3.x
    Microscope 3.3
    Microsoft Office
    Microsoft Office Live Meeting 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MixiDJ V44 Toolbar
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MyPC Backup
    Nitro Pro 8
    PC Health Kit v3.2
    Puzzle
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    REALTEK Wireless LAN Driver
    Search-Results Toolbar
    Search Protect by conduit
    SelectionLinks
    Shared C Run-time for x64
    sudoku
    SugarSync Manager
    SySaver
    timer
    Visual Studio 2010 x64 Redistributables
    Yontoo 2.051
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/12/2013 7:02:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Steph\Guest SID (S-1-5-21-2447205318-3532157910-739865148-501) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    9/12/2013 6:54:53 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
    9/12/2013 6:54:43 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126
    9/12/2013 6:53:03 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    9/12/2013 6:52:08 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================


    3. Here is the GEMR Log:

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-09-16 18:21:55
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST31000524AS rev.JC66 931.51GB
    Running: eej9xk5c.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\uxtoypoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\windows\System32\win32k.sys!W32pServiceTable fffff96000263200 7 bytes [40, 3B, 82, 01, 00, 53, F2]
    .text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000263208 7 bytes [01, 63, C0, FF, 00, 17, DB]

    ---- Threads - GMER 2.1 ----

    Thread C:\windows\System32\svchost.exe [1040:3300] 000007f9c1263fd0
    Thread C:\windows\System32\svchost.exe [1040:3704] 000007f9b56bd594
    Thread C:\windows\System32\svchost.exe [1040:1112] 000007f9b56b4150
    Thread C:\windows\System32\svchost.exe [1040:7552] 000007f9b86554c0
    Thread C:\windows\System32\spoolsv.exe [1556:2812] 000007f9b86554c0
    Thread C:\windows\System32\spoolsv.exe [1556:824] 000007f9b84e30ec
    Thread C:\windows\System32\spoolsv.exe [1556:1860] 000007f9c2715798
    Thread C:\windows\System32\spoolsv.exe [1556:2880] 000007f9c275e080
    Thread C:\windows\System32\spoolsv.exe [1556:2292] 000007f9b6b781ac
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1596:1700] 000007f9c5bc4aa0
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1596:2888] 000007f9c5015e10
    Thread C:\windows\system32\csrss.exe [6432:6708] fffff960008e95e8
    Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2524:6988] 000007f9b5be77b0
    Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [2524:4376] 000007f9b5be77b0

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----
     
  2. mdr411

    mdr411 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    2
    bump...someone please help me!!!
     
  3. fbfbfb

    fbfbfb Malware Specialist

    Joined:
    Feb 27, 2013
    Messages:
    135
    Hello. mdr411 . Welcome to Tech Support Guy Forums.

    My name is fbfbfb.

    I will gladly assist you with your malware concerns. Malware logs may require some time to analyze, and because there is no quick-fix solution, we may need to use various approaches to clean your system. Please be patient.

    To avoid potential problems and setbacks, please . . .

    • read and follow my directions carefully, in the sequence they are posted.
    • ask for clarification if you are unsure about anything before continuing with a task.
    • do not . . .

    • install or uninstall any applications while your system is being cleaned.
    • use any tools other than those recommended.
    • run any other scans without being directed to do so.
    • Copy and Paste the log files inside your posts. Please do not send them as attachments unless otherwise instructed.
    • Stay with this thread until I have determined your machine is clean and safe. Absence of symptoms does not mean your system is clear.
    • Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.

    Please run the following scans

    1. Junkware Removal Tool

    Please download Junkware Removal Tool from HERE and save it to your desktop.

    • Shutdown your antivirus to avoid any potential conflicts.
    • Right-mouse click JRT.exe and select Run as Administrator.
    • JRTwill begin to backup your registry and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, the log JRT.txt is saved on your desktop and will automatically open.
    Post the contents of JRT.txt into your next reply.

    2. AdwCleaner

    Please download AdwCleaner from HERE.

    • Double click on adwcleaner.exe. Note: Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
     
  4. fbfbfb

    fbfbfb Malware Specialist

    Joined:
    Feb 27, 2013
    Messages:
    135
    Due to inactivity, I am unsubscribing from this thread.

    If you still need help, please start a new topic.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1108624

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice