badbassrandy

Members
  • Content count

    14
  • Joined

  • Last visited

About badbassrandy

  • Rank
    New Member
  1. Thank you very much, sir. Will do!
  2. The computer seems fine in general. It was just a bit slower than seemed normal. And now it just seems nice. I just hate to have any adware dug into any system. Drives me batty. So I think we're fixed! If you don't see anything bad in those other logs. So I thank you much.
  3. Wonderful. Thank you so exceedingly much for your help. People like you deserve to be heralded. Like nurses. Salt of the internet kind of people. cheers
  4. Thanks again. Here we go: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.4 (08.22.2013:1) OS: Microsoft Windows XP x86 Ran by Owner on Wed 08/28/2013 at 20:44:17.14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 08/28/2013 at 20:51:13.53 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.001 - Report created 28/08/2013 at 20:55:03 # Updated 24/08/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - OWNER-7BA996E7F # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : vToolbarUpdater14.2.0 ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\Owner\IECompatCache Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Owner\Application Data\AVG Secure Search File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : HKLM\Software\AVG Security Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v19.0.2 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ga9y8we.default\prefs.js ] -\\ Google Chrome v28.0.1500.95 [ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3427 octets] - [28/08/2013 20:51:58] AdwCleaner[s0].txt - [3190 octets] - [28/08/2013 20:55:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3250 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.29.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: OWNER-7BA996E7F [administrator] 8/28/2013 9:04:03 PM mbam-log-2013-08-28 (21-04-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 278572 Time elapsed: 8 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\RECYCLER\S-1-5-21-790525478-854245398-682003330-1003\Dc16.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end)
  5. Thanking you again for all your help. ESET scan found: C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker\LyriXupdate.exe.vir a variant of Win32/Adware.AddLyrics.N applicationC:\Users\rlusby\Downloads\ac3filter_2_5b.exe Win32/OpenCandy application
  6. Thanks Borislav! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Owner at 21:43:05 on 2013-08-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.704 [GMT -4:00] . AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\lxdncoms.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\WINDOWS\System32\M-AudioTaskBarIcon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe" mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll Notify: igfxcui - igfxdev.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\1ga9y8we.default\ FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 246072] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 96568] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 39224] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 171320] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 182072] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-2 33112] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-3-6 968880] R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2011-10-31 98984] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys [2013-2-2 144008] S3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\drivers\MAudioProducer.sys [2012-12-9 158344] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336] . =============== Created Last 30 ================ . 2013-08-24 03:35:37 17737608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-08-03 05:31:58 -------- d-----w- c:\windows\system32\MRT 2013-07-30 03:01:10 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-07-30 03:00:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2013-08-24 04:35:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-24 04:35:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-30 03:00:21 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-07-30 03:00:21 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll 2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec 2013-07-20 05:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-07-20 05:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-07-20 05:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-07-20 05:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-10 05:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 21:43:48.48 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/7/2009 7:08:03 PM System Uptime: 8/26/2013 9:06:54 PM (24 hours ago) . Motherboard: Dell Inc. | | Processor: Intel® Core Duo CPU U2500 @ 1.20GHz | Microprocessor | 1197/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 37 GiB total, 15.27 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP213: 5/29/2013 10:19:55 PM - Software Distribution Service 3.0 RP214: 5/30/2013 8:01:25 PM - Software Distribution Service 3.0 RP215: 7/29/2013 2:15:40 AM - Software Distribution Service 3.0 RP216: 7/29/2013 10:57:45 PM - Removed Java 7 Update 17 RP217: 7/29/2013 10:59:17 PM - Installed Java 7 Update 25 RP218: 8/2/2013 8:04:03 PM - Installed AVG 2013 RP219: 8/2/2013 8:15:35 PM - Removed AVG 2013 RP220: 8/3/2013 1:08:23 AM - Software Distribution Service 3.0 RP221: 8/23/2013 11:04:22 PM - Software Distribution Service 3.0 RP222: 8/26/2013 2:19:39 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Apple Application Support Apple Software Update aTube Catcher Auslogics Disk Defrag AVG 2013 AVG Security Toolbar BIG-IP Edge Client Components (All Users) Broadcom Gigabit Integrated Controller CCleaner Conexant HDA D110 MDC V.92 Modem Dell Wireless WLAN Card Digidesign Pro Tools M-Powered Essential 8.0.3 Free RAR Extract Frog Glary Utilities 2.54.0.1759 GOM Player Google Chrome Google Earth Google Update Helper GoTrusted Secure Tunnel v2.3.0.5 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Interlok driver setup x32 Java 7 Update 25 Java Auto Updater Lexmark 2600 Series M-Audio Producer Driver 6.0.2 (x86) Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobilePre Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service OpenOffice.org 3.4 PokerStars.net QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2803821) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) SigmaTel Audio Skype™ 5.10 Spotify SpywareBlaster 5.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Veetle TV vShare.tv plugin 1.3 WebFldrs XP Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows XP Service Pack 3 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 8/23/2013 11:49:46 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. 8/23/2013 11:49:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect. 8/23/2013 11:49:45 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 8/23/2013 11:49:45 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/23/2013 11:49:45 PM, error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/23/2013 11:47:35 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
  7. Gringo, before I take on these next steps, can you explain one thing to me please? I noticed in the HijackThis log that LyricXeeker was certainly a BOH listed, but I see you're not instructing me to delete it although you've instructed to delete other non-harmful things (ie DropBox) -- though I know you said just check each out for myself.... But can you explain why I should not select LyricXeeker in there for deletion?
  8. Hello All things running well. Here are the logs. Thanks again! But I can see we're still cleaning..... Note: not sure the OpenCandy PUP is related to lyricxeeker at all. I believe that's from a DL'ed codec. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.27.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660rlusby :: LTGMD-RLUSBY [administrator] 8/26/2013 11:08:17 PMmbam-log-2013-08-26 (23-08-17).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 248372Time elapsed: 3 minute(s), 57 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\Users\rlusby\AppData\Local\Temp\is-1O073.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\rlusby\AppData\Local\Temp\nsh13DF.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\rlusby\Downloads\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end) Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:29:25 PM, on 8/26/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.16660)Boot mode: Normal Running processes:C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXEC:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exeC:\Program Files\Lenovo\Communications Utility\TpKnrres.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Users\rlusby\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\Users\rlusby\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://spots.opisnet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: LyricXeeker - {81563814-fea0-415e-ba46-5b4735306573} - (no file)O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeO4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostartO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkeyO4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartO4 - Startup: Dropbox.lnk = C:\Users\rlusby\AppData\Roaming\Dropbox\bin\Dropbox.exeO8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htmO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - C:\Users\opisuser\AppData\Local\Temp\f5tmp\urxvpn.cabO16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\opisuser\AppData\Local\Temp\f5tmp\f5tunsrv.cabO16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\opisuser\AppData\Local\Temp\f5tmp\urxhost.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ucg.comO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ucg.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ucg.comO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exeO23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeO23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeO23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeO23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeO23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid, Inc. All rights reserved. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exeO23 - Service: digiSPTIService - Avid, Inc. All rights reserved. - C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeO23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exeO23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeO23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exeO23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXEO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXEO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeO23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeO23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeO23 - Service: VMware View USB (vmware-view-usbd) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeO23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe --End of file - 13886 bytes
  9. Hi again, Gringo. You'll find the latest log into below. I ran into no new problems. Did not need to restart. Machine still seems clean and smooth now. I worked on it all day; no problems. Thanks for all your help. What next? ComboFix 13-08-25.01 - rlusby 08/26/2013 19:37:17.2.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7786.5574 [GMT -4:00]Running from: c:\users\rlusby\Desktop\ComboFix.exeCommand switches used :: c:\users\rlusby\Desktop\CFScript.txtAV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))))..2013-08-26 23:41 . 2013-08-26 23:41 -------- d-----w- c:\users\opisuser\AppData\Local\temp2013-08-26 23:41 . 2013-08-26 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-26 16:51 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{9CFA6C3D-2EDB-457C-B0ED-81DFEC75A6B3}\mpengine.dll2013-08-26 02:58 . 2013-05-22 22:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2013-08-25 20:38 . 2013-08-25 20:38 -------- d-----w- c:\windows\ERUNT2013-08-25 20:19 . 2013-08-25 20:22 -------- d-----w- C:\AdwCleaner2013-08-25 17:42 . 2013-08-25 17:42 -------- d-----w- c:\program files (x86)\Camtech2013-08-25 17:42 . 2004-02-23 04:00 1386496 ----a-w- c:\windows\SysWow64\temp.0002013-08-25 17:42 . 2001-07-31 10:42 150016 ----a-w- c:\windows\SysWow64\Unzip32.dll2013-08-24 01:58 . 2013-08-24 02:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-24 00:30 . 2013-08-24 00:30 -------- d-----w- c:\users\rlusby\AppData\Roaming\Absolute Uninstaller2013-08-24 00:28 . 2013-08-24 00:28 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}2013-08-24 00:28 . 2013-05-22 22:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-08-24 00:27 . 2013-08-24 00:29 -------- d-----w- c:\programdata\IObit2013-08-24 00:26 . 2013-08-24 00:28 -------- d-----w- c:\users\rlusby\AppData\Roaming\IObit2013-08-24 00:26 . 2013-08-24 00:28 -------- d-----w- c:\program files (x86)\IObit2013-08-24 00:25 . 2013-08-20 09:21 117024 ----a-w- c:\windows\system32\BootDefrag.exe2013-08-24 00:25 . 2013-08-24 00:25 -------- d-----w- c:\users\rlusby\AppData\Roaming\GlarySoft2013-08-24 00:24 . 2013-08-24 05:01 -------- d-----w- c:\program files (x86)\Glary Utilities 32013-08-23 14:11 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-23 14:10 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-23 14:09 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-23 14:09 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-23 14:09 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-23 14:09 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-23 14:09 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-23 14:09 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-23 14:09 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-23 14:09 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-23 14:09 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-23 14:09 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-23 14:08 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-23 14:08 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-08-23 14:06 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll2013-08-23 14:06 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll2013-08-23 14:06 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll2013-08-23 14:06 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll2013-08-23 14:06 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2013-08-23 14:06 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll2013-08-23 14:06 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll2013-08-23 14:05 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-08-23 14:05 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-08-23 14:04 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll2013-08-23 14:04 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-08-23 14:04 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-08-23 14:04 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-08-23 14:04 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-08-23 14:04 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-08-23 14:04 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-08-23 14:01 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-08-23 14:01 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-08-23 14:00 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys2013-08-23 13:50 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll2013-08-23 13:50 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-08-22 23:38 . 2013-08-22 23:38 -------- d-----w- c:\users\rlusby\AppData\Roaming\StreamTorrent2013-08-22 16:58 . 2013-08-23 14:23 -------- d-----w- c:\windows\ProPatches2013-07-29 19:09 . 2013-07-29 19:09 -------- d-----w- c:\program files\Enigma Software Group2013-07-29 19:07 . 2013-07-29 20:35 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP2013-07-29 19:07 . 2013-07-29 19:07 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-23 13:39 . 2013-05-16 04:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-23 13:39 . 2013-05-16 04:39 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-06 08:58 . 2013-05-21 01:35 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll2013-07-09 04:45 . 2013-08-23 14:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-06-13 01:48 . 2013-06-04 18:53 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-06-13 01:48 . 2013-06-04 18:53 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-06-13 01:47 . 2013-06-19 19:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{81563814-fea0-415e-ba46-5b4735306573}]c:\program files (x86)\LyriXeeker\128.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 130736 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 130736 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 130736 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-14 291608]"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-04-23 6002984]"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508656]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-12-19 77824]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-08-16 1549120].c:\users\rlusby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\rlusby\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys;c:\windows\SYSNATIVE\drivers\urfltv64.sys [x]R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys;c:\windows\SYSNATIVE\DRIVERS\CipcCdp.sys [x]S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [x]S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [x]S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]S2 MOM;MOM;c:\program files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe;c:\program files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [x]S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x]S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys;c:\windows\SYSNATIVE\DRIVERS\covpnv64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-22 11:24 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 13:39].2013-08-24 c:\windows\Tasks\GlaryInitialize 3.job- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-08-20 09:19].2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-21 02:21].2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-21 02:21].2013-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87519671-875387627-930774774-5338Core.job- c:\users\rlusby\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-05 15:31].2013-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87519671-875387627-930774774-5338UA.job- c:\users\rlusby\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-05 15:31]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-06-01 184112]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-18 11586944]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-01-28 293672]"TpShocks"="TpShocks.exe" [2013-02-12 382248]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2013-03-18 63784]"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1636736].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htmTCP: DhcpNameServer = 172.16.0.1FF - ProfilePath - c:\users\rlusby\AppData\Roaming\Mozilla\Firefox\Profiles\uu6vflgl.default\FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-08-26 19:42:40ComboFix-quarantined-files.txt 2013-08-26 23:42ComboFix2.txt 2013-08-26 00:28.Pre-Run: 355,796,787,200 bytes freePost-Run: 355,738,484,736 bytes free.- - End Of File - - AD3FA5FD809F333EA9AF3C68BB0133ED
  10. While I'm getting help on my main machine on this forum thank (Gringo very much), I ran a Malwarebytes Anti-Malware scan on my old netbook with old Windows XP and found two PUPs. I did not delete them as I feel your help and guidance will lead to a more comprehensive cleaning rather than letting AM do all the heavy lifting. PUP.Optional.WeCare.A (Registry Key) PUP.Optional.OpenCandy (File) What should I begin scanning with ? Thanks in advance!
  11. Gringo, you'll find the log below. I had one problem of the cardinal rule nature: I thought I had exited from Microsoft ForeFront but that was ignorant. Combofix prompted me that it was running and to close it before continuing. In learning how to completely disable ForeFront, I found that I was unable to access deploy options as admin. I went to close (X) the Combofix antivirus prompt window rather than hit OK, before realizing I should have done a hard reboot instead, maybe. Combofix ran regardless of the antivirus still deployed. Not sure that's a major problem or not. Things are running fine now. I've checked IE and Firefox and the problem seems gone. ComboFix 13-08-25.01 - rlusby 08/25/2013 20:18:02.1.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7786.5630 [GMT -4:00]Running from: c:\users\rlusby\Desktop\ComboFix.exeAV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roamingc:\windows\SysWow64\zip32.dllD:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))))..2013-08-26 00:21 . 2013-08-26 00:21 -------- d-----w- c:\users\opisuser\AppData\Local\temp2013-08-26 00:21 . 2013-08-26 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-25 20:38 . 2013-08-25 20:38 -------- d-----w- c:\windows\ERUNT2013-08-25 20:20 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{8883337D-A704-46AA-8077-7E83211F40CA}\mpengine.dll2013-08-25 20:19 . 2013-08-25 20:22 -------- d-----w- C:\AdwCleaner2013-08-25 17:42 . 2013-08-25 17:42 -------- d-----w- c:\program files (x86)\Camtech2013-08-25 17:42 . 2004-02-23 04:00 1386496 ----a-w- c:\windows\SysWow64\temp.0002013-08-25 17:42 . 2001-07-31 10:42 150016 ----a-w- c:\windows\SysWow64\Unzip32.dll2013-08-24 01:58 . 2013-08-24 02:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-24 00:30 . 2013-08-24 00:30 -------- d-----w- c:\users\rlusby\AppData\Roaming\Absolute Uninstaller2013-08-24 00:28 . 2013-08-24 00:28 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}2013-08-24 00:28 . 2013-05-22 22:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-08-24 00:27 . 2013-08-24 00:29 -------- d-----w- c:\programdata\IObit2013-08-24 00:26 . 2013-08-24 00:28 -------- d-----w- c:\users\rlusby\AppData\Roaming\IObit2013-08-24 00:26 . 2013-08-24 00:28 -------- d-----w- c:\program files (x86)\IObit2013-08-24 00:25 . 2013-08-20 09:21 117024 ----a-w- c:\windows\system32\BootDefrag.exe2013-08-24 00:25 . 2013-08-24 00:25 -------- d-----w- c:\users\rlusby\AppData\Roaming\GlarySoft2013-08-24 00:24 . 2013-08-24 05:01 -------- d-----w- c:\program files (x86)\Glary Utilities 32013-08-23 14:11 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-23 14:10 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-23 14:09 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-23 14:09 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-23 14:09 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-23 14:09 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-23 14:09 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-23 14:09 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-23 14:09 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-23 14:09 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-23 14:09 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-23 14:09 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-23 14:08 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll2013-08-23 14:08 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll2013-08-23 14:06 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll2013-08-23 14:06 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll2013-08-23 14:06 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll2013-08-23 14:06 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll2013-08-23 14:06 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2013-08-23 14:06 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll2013-08-23 14:06 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll2013-08-23 14:05 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-08-23 14:05 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-08-23 14:04 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll2013-08-23 14:04 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-08-23 14:04 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-08-23 14:04 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-08-23 14:04 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-08-23 14:04 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-08-23 14:04 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-08-23 14:01 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-08-23 14:01 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-08-23 14:00 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys2013-08-23 13:50 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll2013-08-23 13:50 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-08-22 23:38 . 2013-08-22 23:38 -------- d-----w- c:\users\rlusby\AppData\Roaming\StreamTorrent2013-08-22 16:58 . 2013-08-23 14:23 -------- d-----w- c:\windows\ProPatches2013-07-29 19:09 . 2013-07-29 19:09 -------- d-----w- c:\program files\Enigma Software Group2013-07-29 19:07 . 2013-07-29 20:35 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP2013-07-29 19:07 . 2013-07-29 19:07 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-23 13:39 . 2013-05-16 04:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-23 13:39 . 2013-05-16 04:39 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-06 08:58 . 2013-05-21 01:35 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll2013-07-09 04:45 . 2013-08-23 14:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-06-13 01:48 . 2013-06-04 18:53 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-06-13 01:48 . 2013-06-04 18:53 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-06-13 01:47 . 2013-06-19 19:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 130736 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 130736 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 130736 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-14 291608]"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-04-23 6002984]"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508656]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-12-19 77824]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-08-16 1549120].c:\users\rlusby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\rlusby\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys;c:\windows\SYSNATIVE\drivers\urfltv64.sys [x]R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys;c:\windows\SYSNATIVE\DRIVERS\CipcCdp.sys [x]S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [x]S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [x]S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]S2 MOM;MOM;c:\program files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe;c:\program files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [x]S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]S2 vmware-view-usbd;VMware View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x]S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys;c:\windows\SYSNATIVE\DRIVERS\covpnv64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-22 11:24 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 13:39].2013-08-24 c:\windows\Tasks\GlaryInitialize 3.job- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-08-20 09:19].2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-21 02:21].2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-21 02:21].2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87519671-875387627-930774774-5338Core.job- c:\users\rlusby\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-05 15:31].2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87519671-875387627-930774774-5338UA.job- c:\users\rlusby\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-05 15:31]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-06-05 17:17 164016 ----a-w- c:\users\rlusby\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-06-01 184112]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-18 11586944]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-01-28 293672]"TpShocks"="TpShocks.exe" [2013-02-12 382248]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2013-03-18 63784]"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1636736].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htmTCP: DhcpNameServer = 172.16.0.1FF - ProfilePath - c:\users\rlusby\AppData\Roaming\Mozilla\Firefox\Profiles\uu6vflgl.default\FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2.- - - - ORPHANS REMOVED - - - -.BHO-{81563814-fea0-415e-ba46-5b4735306573} - c:\program files (x86)\LyriXeeker\128.dllWow6432Node-HKU-Default-Run-Advanced SystemCare 6 - c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\windows\SysWOW64\SAsrv.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\Lenovo\Access Connections\AcSvc.exec:\progra~1\Lenovo\HOTKEY\TPONSCR.EXEc:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exec:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe.**************************************************************************.Completion time: 2013-08-25 20:28:04 - machine was rebootedComboFix-quarantined-files.txt 2013-08-26 00:28.Pre-Run: 359,121,448,960 bytes freePost-Run: 358,738,780,160 bytes free.- - End Of File - - DB25540DCED499639B737EC3852AB536
  12. Thank you, sir. Here are the log files, and I already see a difference -- knock on wood. Nothing bothering me on IE and Firefox that I can tell now. # AdwCleaner v3.001 - Report created 25/08/2013 at 16:22:51# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : rlusby - LTGMD-RLUSBY# Running from : C:\Users\rlusby\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\LyriXeeker[x] Not Deleted : C:\Users\opisuser\AppData\Roaming\pdfforgeFile Deleted : C:\Users\rlusby\AppData\Roaming\Mozilla\Firefox\Profiles\uu6vflgl.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\rlusby\AppData\Roaming\Mozilla\Firefox\Profiles\uu6vflgl.default\prefs.js ] -\\ Google Chrome v29.0.1547.57 [ File : C:\Users\rlusby\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1697 octets] - [25/08/2013 16:19:20]AdwCleaner[s0].txt - [1596 octets] - [25/08/2013 16:22:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1656 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.4 (08.22.2013:1)OS: Windows 7 Professional x64Ran by rlusby on Sun 08/25/2013 at 16:38:33.89~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\rlusby\AppData\Roaming\mozilla\firefox\profiles\uu6vflgl.default\minidumps [14 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 08/25/2013 at 16:43:40.39End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. Thanks Gringo. Here we go.... DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by rlusby at 13:55:06 on 2013-08-25Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7786.5561 [GMT -4:00].AV: Microsoft Forefront Client Security *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Forefront Client Security *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k WbioSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\CxAudMsg64.exeC:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exec:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\Lenovo\Communications Utility\vcamsvc.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\system32\svchost.exe -k regsvcC:\Windows\SysWOW64\SAsrv.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\VMware\VMware View\Client\bin\wsnm.exeC:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exec:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exeC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeC:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Windows\system32\rundll32.exeC:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXEC:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXEC:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXEC:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Common Files\AuthenTec\TrueService.exeC:\Program Files\Common Files\AuthenTec\TrueService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exeC:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Lenovo\Communications Utility\TpKnrres.exeC:\Windows\System32\TpShocks.exeC:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exeC:\Program Files\CONEXANT\ForteConfig\fmapp.exeC:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exeC:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exeC:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exeC:\Windows\system32\rundll32.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Users\rlusby\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Lenovo Fingerprint Reader\TouchControl.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: LyricXeeker: {81563814-fea0-415e-ba46-5b4735306573} - C:\Program Files (x86)\LyriXeeker\128.dllBHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\rlusby\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostartmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkeymRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartdRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStartStartupFolder: C:\Users\rlusby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\rlusby\AppData\Roaming\Dropbox\bin\Dropbox.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: legalnoticecaption = Notice To UsersmPolicies-System: legalnoticetext = This is an official computer system and is the property of UCG. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system may be subject to one or more of the following actions: interception, monitoring, recording, auditing, inspection and disclosing to security personnel and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign.mPolicies-Windows\System: UserPolicyMode = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\opisuser\AppData\Local\Temp\f5tmp\urxvpn.cabDPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\opisuser\AppData\Local\Temp\f5tmp\f5tunsrv.cabDPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\opisuser\AppData\Local\Temp\f5tmp\urxhost.cabTCP: NameServer = 172.16.0.1TCP: Interfaces\{5839122A-7A9B-4025-B955-B7193CBB68DF} : DHCPNameServer = 10.5.81.5 10.5.81.6TCP: Interfaces\{F84D07A9-49B3-4757-A919-6663489F7C54} : DHCPNameServer = 172.16.0.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Notification Packages = scecli ACGinaLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u wsauthmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exex64-Run: [TpShocks] TpShocks.exex64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exex64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exex64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exex64-Run: [Microsoft Forefront Client Security Antimalware Service] "c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hidex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>Hosts: 198.6.87.1 ucgrafw1-87.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.87.1 ucgrafw1-87 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.189 ucgocsav.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.189 ucgocsav #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.190 ucgocspool.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#.Note: multiple HOSTS entries found. Please refer to Attach.txt.================= FIREFOX ===================.FF - ProfilePath - C:\Users\rlusby\AppData\Roaming\Mozilla\Firefox\Profiles\uu6vflgl.default\FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dllFF - plugin: C:\Users\rlusby\AppData\Local\Citrix\Plugins\104\npappdetector.dllFF - plugin: C:\Users\rlusby\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\rlusby\AppData\Roaming\Mozilla\Firefox\Profiles\uu6vflgl.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dllFF - plugin: C:\Users\rlusby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\rlusby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\rlusby\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-08-22 19:37; lyrix@lyrixeeker.co; C:\Program Files (x86)\LyriXeeker\128.xpi.---- FIREFOX POLICIES ----FF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - true.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-6 19224]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-8-23 17720]R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2012-9-6 25448]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-18 1095616]R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-18 1333184]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-18 1124288]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\Windows\System32\drivers\CipcCdp.sys [2013-5-16 27392]R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2013-5-6 201376]R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2011-1-8 16384]R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2011-2-3 73624]R2 FPLService;TrueSuiteService;C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2013-3-10 2139944]R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-8-23 335168]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-5-5 58664]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-5-6 127072]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-5-5 61736]R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-5-5 188200]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2013-5-6 136288]R2 MOM;MOM;C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [2005-7-21 134656]R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-5-6 145808]R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-5-6 125504]R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-11-20 919192]R2 vmware-view-usbd;VMware View USB;C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-12-3 2436096]R2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2012-12-8 472216]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2013-5-6 216704]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-8-23 23048]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-6 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-6 789272]R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]R3 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-2-2 91520]R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-5-6 1667368]R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-8-23 34336]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2013-5-6 259688]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-1 565352]R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-5-7 27448]R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-7 401856]R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2013-5-5 27432]R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-8-23 23016]R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2011-6-22 43856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2012-5-21 80896]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-5-21 111104]S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-6-9 849408]S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2013-5-16 18512]S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-5-6 1664808]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-6 19456]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-6 57856]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-1 1255736].=============== Created Last 30 ================.2013-08-25 17:42:44 150016 ----a-w- C:\Windows\SysWow64\Unzip32.dll2013-08-25 17:42:44 141312 ----a-w- C:\Windows\SysWow64\zip32.dll2013-08-25 17:42:44 1386496 ----a-w- C:\Windows\SysWow64\temp.0002013-08-25 17:42:44 -------- d-----w- C:\Program Files (x86)\Camtech2013-08-24 01:58:17 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-08-24 01:17:41 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{CFC2FD15-571B-452C-B58B-7684F844554A}\mpengine.dll2013-08-24 00:30:35 -------- d-----w- C:\Users\rlusby\AppData\Roaming\Absolute Uninstaller2013-08-24 00:28:42 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}2013-08-24 00:28:29 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys2013-08-24 00:27:33 -------- d-----w- C:\ProgramData\IObit2013-08-24 00:26:59 -------- d-----w- C:\Users\rlusby\AppData\Roaming\IObit2013-08-24 00:26:47 -------- d-----w- C:\Program Files (x86)\IObit2013-08-24 00:25:11 117024 ----a-w- C:\Windows\System32\BootDefrag.exe2013-08-24 00:25:10 -------- d-----w- C:\Users\rlusby\AppData\Roaming\GlarySoft2013-08-24 00:24:57 -------- d-----w- C:\Program Files (x86)\Glary Utilities 32013-08-23 14:11:12 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-08-23 14:10:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-23 14:09:57 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-23 14:09:57 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-23 14:09:56 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-23 14:09:56 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-23 14:09:56 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-23 14:09:55 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-23 14:09:55 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-23 14:09:55 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-23 14:09:54 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-23 14:09:54 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-23 14:08:49 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-08-23 14:08:48 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-08-23 14:06:12 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-08-23 14:06:12 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-08-23 14:06:12 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-08-23 14:06:12 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-08-23 14:06:11 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-08-23 14:06:11 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-08-23 14:06:11 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-08-23 14:05:30 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-08-23 14:05:30 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-08-23 14:04:51 624128 ----a-w- C:\Windows\System32\qedit.dll2013-08-23 14:04:51 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-08-23 14:04:04 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-08-23 14:04:04 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-08-23 14:04:04 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-08-23 14:04:03 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-08-23 14:04:03 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-08-23 14:01:39 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-08-23 14:01:38 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-08-23 14:00:55 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-08-23 13:50:31 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-08-23 13:50:30 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-08-22 23:38:03 -------- d-----w- C:\Users\rlusby\AppData\Roaming\StreamTorrent2013-08-22 23:37:22 -------- d-----w- C:\Program Files (x86)\LyriXeeker2013-08-22 16:58:29 -------- d-----w- C:\Windows\ProPatches2013-07-29 19:09:32 -------- d-----w- C:\Program Files\Enigma Software Group2013-07-29 19:07:42 -------- d-----w- C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP2013-07-29 19:07:40 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard2013-07-27 00:06:25 -------- d-----w- C:\Users\rlusby\AppData\Roaming\uTorrent.==================== Find3M ====================.2013-08-23 13:39:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-23 13:39:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-06-13 01:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-13 01:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-13 01:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll.============= FINISH: 13:55:29.93 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 5/1/2013 12:29:13 AMSystem Uptime: 8/25/2013 9:45:52 AM (4 hours ago).Motherboard: LENOVO | | 62724GUProcessor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 447 GiB total, 334.768 GiB free.D: is FIXED (NTFS) - 18 GiB total, 5.314 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP84: 8/23/2013 9:36:50 AM - Microsoft Forefront Client Security CheckpointRP85: 8/23/2013 9:50:15 AM - Windows UpdateRP86: 8/23/2013 9:51:13 AM - Windows UpdateRP87: 8/23/2013 9:54:56 AM - Windows UpdateRP88: 8/23/2013 9:59:01 AM - Windows UpdateRP89: 8/23/2013 9:59:57 AM - Windows UpdateRP90: 8/23/2013 10:00:45 AM - Windows UpdateRP91: 8/23/2013 10:01:31 AM - Windows UpdateRP92: 8/23/2013 10:03:07 AM - Windows UpdateRP93: 8/23/2013 10:03:55 AM - Windows UpdateRP94: 8/23/2013 10:04:42 AM - Windows UpdateRP95: 8/23/2013 10:05:23 AM - Windows UpdateRP96: 8/23/2013 10:06:02 AM - Windows UpdateRP97: 8/23/2013 10:07:10 AM - Windows UpdateRP98: 8/23/2013 10:08:40 AM - Windows UpdateRP99: 8/23/2013 10:09:46 AM - Windows UpdateRP100: 8/23/2013 10:11:04 AM - Windows Update.==== Hosts File Hijack ======================.Hosts: 198.6.87.1 ucgrafw1-87.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.87.1 ucgrafw1-87 #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.189 ucgocsav.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.189 ucgocsav #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.190 ucgocspool.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.190 ucgocspool #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.191 ucgocsweb.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.191 ucgocsweb #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.192 ucgocsac.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.192 ucgocsac #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.192 sip.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.192 sip #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.192 sip.opisnet.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.34 rapps.ucg.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#Hosts: 198.6.95.34 rapps #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#==== Installed Programs ======================.64 Bit HP CIO Components InstallerAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)AmbirScan LiteApple Application SupportApple Software UpdateAuslogics Disk DefragBIG-IP Edge Client Components (All Users)CCleanerCisco IP CommunicatorCitrix Online LauncherConexant HD AudioDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDigidesign Pro Tools M-Powered Essential 8.0.3DropboxERUNT 1.1jF5 Networks VPN Client for WindowsFileZilla Client 3.7.0.1Fingerprint ReaderGlary Utilities 3.9Google ChromeGoogle EarthGoogle Talk PluginGoogle Update HelperGoToMeeting 5.4.0.1082Integrated Camera Driver Installer Package Ver.1.2.1.18Intel PROSet WirelessIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® USB 3.0 eXtensible Host Controller DriverIntel® WiDiIntel® Wireless DisplayIntel® PROSet/Wireless WiFi SoftwareInterlok driver setup x64International Assessments Management UtilityIObit Malware FighterJava 7 Update 25Java Auto UpdaterLenovo Auto Scroll UtilityLenovo Patch UtilityLenovo Patch Utility 64 bitLenovo Power Management DriverLenovo System UpdateM-Audio Audiophile 6.0.3 (x64)M-Audio Producer Driver 6.0.4 (x64)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Forefront Client Security Antimalware ServiceMicrosoft Forefront Client Security State Assessment ServiceMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Communicator 2007 R2Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Operations Manager 2005 AgentMicrosoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mozilla Firefox 23.0.1 (x86 en-US)Mozilla Maintenance ServiceNotepad++On Screen DisplayOPIS Red Light Maintenance UtilityOPIS Spot Ticker Maintenance UtilityPDFCreatorPower ManagerQuickTimeRealtek Ethernet Controller DriverRealtek PCIE Card ReaderSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687276) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSmart Defrag 2Spot Product Management UtilitySpotifySpywareBlaster 5.0Symantec Enterprise Vault Outlook Add-InThinkPad UltraNav DriverThinkVantage Access ConnectionsThinkVantage Active Protection SystemThinkVantage Communications UtilityTravelscan Pro 600UMPlayer 0.98 [P4]UnZip MeUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionVMware View ClientWinMerge 2.14.0Yahoo! MessengerYahoo! Software Update.==== Event Viewer Messages From Past Week ========.8/25/2013 12:29:29 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain UCG_ROCKVILLE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.8/25/2013 1:31:19 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .8/24/2013 2:21:36 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).8/24/2013 1:08:28 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.8/24/2013 1:02:32 AM, Error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: This driver has been blocked from loading8/24/2013 1:02:32 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.8/23/2013 9:37:07 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AddLyrics&threatid=195750 Scan ID: {5305AEE7-62DA-4D9D-B69C-B3BDEC53DC87} User: UCG_ROCKVILLE\rlusby Name: Adware:Win32/AddLyrics ID: 195750 Severity: Medium Category: Adware Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer. 8/23/2013 9:26:14 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.8/23/2013 9:26:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.8/23/2013 8:30:53 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).8/23/2013 8:28:43 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.8/23/2013 7:08:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.8/23/2013 7:08:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vmware-view-usbd service.8/23/2013 10:26:14 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.8/22/2013 1:23:20 PM, Error: Service Control Manager [7030] - The ST Remote Scheduler Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.8/20/2013 10:07:07 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.8/19/2013 7:40:39 PM, Error: Service Control Manager [7034] - The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File ===========================
  14. Ads, ads, ads everywhere and pop-ups. Spread from IE to Firefox after surfing where I really should never have. Chrome seems safe so far. LyricXeeker for sure. FLV player download prompts might stem from same BOH. Also: gzj.jsopen.net/sd pop-ups I have some of the applications your group uses already, ERUNT, for example. Can someone please walk me through a complete cleaning process? I have already revealed hidden files and folders. Thank you in advance.