Infected with Malware last night

LynneS · December 5, 2013

I've been infected with malware and potentially a rootkit. I have log files from the tools I've run to determine how to fix on my own, but now I need help. Attached are the log files from running ADWCleaner, Malwarebytes, and FRST.

Thanks in advance for any help you can provide.

Best,

Lynne:

Addition.txt

AdwCleanerR3.txt

FRST.txt

mbam-log-2013-12-04 (17-44-13).txt

Maniac · December 5, 2013

Hello Lynne and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

What problems do you have?

LynneS · December 6, 2013

Borislav,

Thanks for replying with all the specifics. I am ready to proceed as instructed.

Here are the log files I created after I posted the original message and found the instructions for downloading dds and pasting the logs for the dds.txt and attach.txt files.These are followed by the logs from running malwarebytes, Adcleaner and FRST--these last 2 in subsequent posts.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 10.0.9200.16736

Run by Lynne at 20:49:17 on 2013-12-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.3370 [GMT -8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft Security Client\msseces.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleChromeAutoLaunch_6A12F0BBFE608579AB07135F9DFD76FE] "C:\Users\Lynne\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [spotify Web Helper] "C:\Users\Lynne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[s1].txt

mRun: [MDS_Menu] "C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\MediaShow" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun: [ideaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe

mRun: [Alive Idea Desktop] C:\Program Files (x86)\Lenovo\Alive Idea Desktop\Alive Idea Desktop.exe -hang45000

mRun: [Lenovo SlideNav] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe"

mRun: [OnekeyDM] C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage

StartupFolder: C:\Users\Lynne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lynne\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Lynne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\Users\Lynne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\UNINST~1.LNK - C:\Windows\WriteWay\uninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5956CB4B-97F6-42CE-B6B8-7E32486CFA38} : DHCPNameServer = 192.168.15.1

TCP: Interfaces\{D8439069-DF70-4BCF-9052-8FA33DECCA33} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D8439069-DF70-4BCF-9052-8FA33DECCA33}\2456C6B696E6F5052756D2E4F5434353235383 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{D8439069-DF70-4BCF-9052-8FA33DECCA33}\45963716E6560205861627D6163697027457563747 : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-3-19 26128]

R3 enecir;ENE CIR Receiver;C:\windows\System32\drivers\enecir.sys [2010-2-25 70656]

R3 enecirhid;ENE CIR HID Receiver;C:\windows\System32\drivers\enecirhid.sys [2010-2-25 14848]

R3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\System32\drivers\enecirhidma.sys [2010-2-25 6656]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-6 317480]

S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

S1 funfrm;funfrm;C:\windows\System32\drivers\funfrm.sys [2010-3-19 58896]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DDNIMSGService;DDNIMSGService;C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-10-13 171872]

S2 DDNIService;DDNIService;C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe [2010-10-13 163680]

S2 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-4 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-4 701512]

S2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-11 1907896]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-3-19 79376]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\System32\drivers\IntcHdmi.sys [2010-3-19 139264]

S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-3-19 509192]

S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-3-19 579400]

S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-4 25928]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-2-25 225792]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-4-16 1255736]

S3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-3-19 11280]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

.

=============== Created Last 30 ================

.

2013-12-05 01:17:21 -------- d-----w- C:\FRST

2013-12-05 00:01:29 -------- d-----w- C:\AdwCleaner

2013-12-04 22:44:10 -------- d-----w- C:\Users\Lynne\AppData\Roaming\Malwarebytes

2013-12-04 22:44:06 -------- d-----w- C:\ProgramData\Malwarebytes

2013-12-04 22:44:05 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-12-04 22:44:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-04 22:43:22 -------- d-----w- C:\Users\Lynne\AppData\Local\Programs

2013-12-03 18:46:05 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5E2D903-FF85-4856-9DB5-756944F0EA6E}\mpengine.dll

2013-12-02 18:05:29 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-19 22:15:46 -------- d-----w- C:\Users\Lynne\AppData\Local\Spotify

2013-11-19 22:14:08 -------- d-----w- C:\Users\Lynne\AppData\Roaming\Spotify

2013-11-13 15:35:58 1474048 ----a-w- C:\windows\System32\crypt32.dll

2013-11-06 17:34:24 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE12A6F7-8333-424F-B6E4-7680F62DF28C}\gapaengine.dll

.

==================== Find3M ====================

.

2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe

2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll

2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll

2013-10-12 08:43:32 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-10-12 08:43:32 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-10-12 07:02:29 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-10-12 07:02:29 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-10-12 06:35:26 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-10-12 06:08:58 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-10-12 05:44:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-10-12 05:15:39 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL

2013-10-09 16:10:00 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-09 16:10:00 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-10-09 16:09:39 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll

2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys

2013-09-27 17:53:06 248240 ----a-w- C:\windows\System32\drivers\MpFilter.sys

2013-09-27 17:53:06 134944 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys

2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe

2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll

.

============= FINISH: 21:05:00.79 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/28/2010 10:24:50 PM

System Uptime: 12/4/2013 8:44:27 PM (1 hours ago)

.

Motherboard: LENOVO | | KIWB1

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 188 GiB total, 92.665 GiB free.

D: is FIXED (NTFS) - 30 GiB total, 29.175 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 466 GiB total, 398.789 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Consumer IR Devices

Device ID: ROOT\SYSTEM\0001

Manufacturer: Microsoft

Name: Consumer IR Devices

PNP Device ID: ROOT\SYSTEM\0001

Service: circlass

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909g

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro 8500 A909g

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C4700 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A910

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer: HP

Name: Officejet Pro 8500 A910

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: deskjet 5800

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: hp

Name: deskjet 5800

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A910

Device ID: ROOT\MULTIFUNCTION\0004

Manufacturer: HP

Name: Officejet Pro 8500 A910

PNP Device ID: ROOT\MULTIFUNCTION\0004

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet J6400 series

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer: HP

Name: Officejet J6400 series

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0006

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0006

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0007

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0007

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet CP2025dn

Device ID: ROOT\MULTIFUNCTION\0008

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet CP2025dn

PNP Device ID: ROOT\MULTIFUNCTION\0008

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet P2015 Series

Device ID: ROOT\MULTIFUNCTION\0009

Manufacturer: Hewlett-Packard

Name: HP LaserJet P2015 Series

PNP Device ID: ROOT\MULTIFUNCTION\0009

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet M1536dnf MFP

Device ID: ROOT\MULTIFUNCTION\0010

Manufacturer: Hewlett-Packard

Name: HP LaserJet M1536dnf MFP

PNP Device ID: ROOT\MULTIFUNCTION\0010

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6600

Device ID: ROOT\MULTIFUNCTION\0011

Manufacturer: HP

Name: Officejet 6600

PNP Device ID: ROOT\MULTIFUNCTION\0011

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510g-m

Device ID: ROOT\MULTIFUNCTION\0012

Manufacturer: HP

Name: Officejet 4500 G510g-m

PNP Device ID: ROOT\MULTIFUNCTION\0012

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: ENVY 110 series

Device ID: ROOT\MULTIFUNCTION\0013

Manufacturer: HP

Name: ENVY 110 series

PNP Device ID: ROOT\MULTIFUNCTION\0013

Service:

.

==== System Restore Points ===================

.

RP1422: 12/3/2013 11:08:11 PM - Windows Update

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

8500A909_eDocs

8500A909_Help

8500A909g

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Adobe Shockwave Player 11.6

Alive Idea Desktop

Apple Application Support

Apple Software Update

Athtek Skype Recorder

BPD_DSWizards

bpd_scan

BPDSoftware

BPDSoftware_Ini

Broadcom 802.11 Wireless Driver

Broadcom Gigabit NetLink Controller

BufferChm

Business Contact Manager for Outlook 2007 SP2

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DIBS

DocMgr

DocProc

Dolby Control Center

Dropbox

EasyCapture

ENE CIR Receiver Driver

Energy Management

Fax

GIMP 2.6.11

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.4.0.1082

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Product Detection

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

join.me

Junk Mail filter update

Lenovo EasyCamera

Lenovo First Boot

Lenovo Idea Central

Lenovo Idea Notes

Lenovo OneKey Recovery

Lenovo ReadyComm 5

Lenovo ReadyComm 5.0 Service

Lenovo SlideNav

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

MediaShow

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2010

Microsoft Publisher 2013 - en-us

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MPM

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

OCR Software by I.R.I.S. 13.0

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

Officejet Pro 8500 A909 Series

Onekey Theater

PDFCreator

Picasa 3

Power2Go

ProductContext

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Shop for HP Supplies

Skype Click to Call

Skype™ 6.9

SlideBar Driver

SmartWebPrinting

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Status

swMSM

Synaptics Pointing Device Driver

Toolbox

TrayApp

Tux Paint 0.9.21c

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition

Utility Common Driver

WebReg

Windows Driver Package - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WriteWay

.

==== Event Viewer Messages From Past Week ========

.

12/4/2013 9:15:47 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

12/4/2013 9:13:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running.

12/4/2013 9:13:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

12/4/2013 9:13:56 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/4/2013 9:13:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DDNIService service to connect.

12/4/2013 9:13:26 AM, Error: Service Control Manager [7000] - The DDNIService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/4/2013 9:03:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 9:03:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/4/2013 9:03:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/4/2013 8:52:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/4/2013 8:49:13 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 8:48:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

12/4/2013 8:47:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 8:47:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/4/2013 8:47:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/4/2013 8:47:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/4/2013 8:47:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/4/2013 8:47:24 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/4/2013 8:47:24 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/4/2013 8:47:24 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/4/2013 8:47:24 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

12/4/2013 8:47:24 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

12/4/2013 8:47:24 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

12/4/2013 8:47:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

12/4/2013 8:47:12 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 21

12/4/2013 8:47:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/4/2013 8:43:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

12/4/2013 8:42:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

12/4/2013 8:42:15 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/4/2013 8:38:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Backup service to connect.

12/4/2013 8:38:27 PM, Error: Service Control Manager [7000] - The Windows Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/4/2013 8:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}

12/4/2013 8:38:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.

12/4/2013 8:37:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

12/4/2013 8:37:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

12/4/2013 8:36:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/4/2013 8:36:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Human Interface Device Access service, but this action failed with the following error: An instance of the service is already running.

12/4/2013 8:36:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

12/4/2013 8:36:42 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/4/2013 8:36:25 PM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.

12/4/2013 8:36:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/4/2013 8:33:17 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.

12/4/2013 8:31:47 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.

12/4/2013 8:29:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/4/2013 8:29:56 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/4/2013 8:27:10 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

12/4/2013 8:25:01 PM, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.

12/4/2013 5:42:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/4/2013 5:28:18 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/4/2013 5:28:18 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/4/2013 5:27:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

12/4/2013 5:27:12 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/4/2013 5:23:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

12/4/2013 5:23:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.

12/4/2013 5:23:44 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/4/2013 5:10:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/4/2013 4:47:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

12/4/2013 4:43:37 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

12/4/2013 4:32:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/4/2013 4:02:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/4/2013 3:44:44 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: The pipe has been ended.

12/4/2013 3:44:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

12/4/2013 3:28:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/4/2013 12:58:38 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 12:58:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/4/2013 12:58:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/4/2013 12:56:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

12/4/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2013 12:56:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2013 12:56:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2013 12:56:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2013 12:56:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2013 12:56:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2013 12:17:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/4/2013 12:03:52 PM, Error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: %%-2147467243

12/4/2013 12:03:47 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/4/2013 12:03:47 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/4/2013 12:03:47 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.

12/4/2013 12:03:47 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

12/4/2013 12:03:47 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.

12/4/2013 12:03:47 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

12/4/2013 12:03:45 PM, Error: Service Control Manager [7038] - The HPSLPSVC service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/4/2013 12:03:45 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not start due to a logon failure.

12/4/2013 12:03:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}

12/4/2013 12:03:44 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/4/2013 12:03:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/4/2013 1:07:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1156.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/3/2013 9:57:33 PM, Error: Service Control Manager [7034] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 3 time(s).

12/3/2013 9:57:33 PM, Error: Service Control Manager [7034] - The Superfetch service terminated unexpectedly. It has done this 3 time(s).

12/3/2013 9:57:33 PM, Error: Service Control Manager [7034] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 3 time(s).

12/3/2013 9:57:33 PM, Error: Service Control Manager [7034] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 3 time(s).

12/3/2013 9:57:33 PM, Error: Service Control Manager [7034] - The Human Interface Device Access service terminated unexpectedly. It has done this 3 time(s).

12/3/2013 9:57:33 PM, Error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 3 time(s).

12/3/2013 9:57:33 PM, Error: Service Control Manager [7034] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 3 time(s).

12/3/2013 9:57:33 PM, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

12/3/2013 9:47:12 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

12/3/2013 9:47:12 PM, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/3/2013 9:42:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

12/3/2013 9:32:38 PM, Error: Service Control Manager [7022] - The Network Location Awareness service hung on starting.

12/3/2013 8:11:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

12/3/2013 8:11:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

12/3/2013 8:10:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

12/3/2013 8:09:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

12/3/2013 11:08:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

12/3/2013 10:55:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

12/3/2013 10:55:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

12/3/2013 10:54:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the OfficeSvc service.

.

==== End Of File ===========================

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.12.04.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 10.0.9200.16736

Lynne :: LYNNE-IDEAPAD [administrator]

Protection: Disabled

12/4/2013 5:44:13 PM

mbam-log-2013-12-04 (17-44-13).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 245847

Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

LynneS · December 6, 2013

# AdwCleaner v3.014 - Report created 04/12/2013 at 17:42:09

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Lynne - LYNNE-IDEAPAD

# Running from : C:\Users\Lynne\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Google Chrome v

[ File : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7854 octets] - [04/12/2013 16:01:33]

AdwCleaner[R1].txt - [873 octets] - [04/12/2013 16:55:22]

AdwCleaner[R2].txt - [991 octets] - [04/12/2013 17:14:12]

AdwCleaner[R3].txt - [793 octets] - [04/12/2013 17:42:09]

AdwCleaner[s0].txt - [7755 octets] - [04/12/2013 16:03:19]

AdwCleaner[s1].txt - [933 octets] - [04/12/2013 16:56:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [971 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013

Ran by Lynne (administrator) on LYNNE-IDEAPAD on 04-12-2013 17:58:10

Running from C:\Users\Lynne\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

() C:\Users\Lynne\Desktop\AdwCleaner.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-08-06] (Intel Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9962016 2010-01-15] (Realtek Semiconductor)

HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-29] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-05] (Google Inc.)

HKCU\...\Run: [Google Update] - C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-05-05] (Google Inc.)

HKCU\...\Run: [GoogleChromeAutoLaunch_6A12F0BBFE608579AB07135F9DFD76FE] - C:\Users\Lynne\AppData\Local\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)

HKCU\...\Run: [spotify Web Helper] - C:\Users\Lynne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-19] (Spotify Ltd)

HKCU\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[s1].txt [933 2013-12-04] ()

HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.)

HKLM-x32\...\Run: [ideaNotesUser] - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.)

HKLM-x32\...\Run: [Alive Idea Desktop] - C:\Program Files (x86)\Lenovo\Alive Idea Desktop\Alive Idea Desktop.exe [300544 2009-10-16] (ACCELERATE)

HKLM-x32\...\Run: [Lenovo SlideNav] - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe [845640 2009-10-21] (Lenovo)

HKLM-x32\...\Run: [OnekeyDM] - C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe [468480 2009-03-27] ()

HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [OtShot] - C:\Program Files (x86)\OtShot\otshot.exe -minimize

HKU\Default\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)

AppInit_DLLs: [ ] ()

Startup: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Lynne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall WriteWay.lnk

ShortcutTarget: Uninstall WriteWay.lnk -> C:\Windows\WriteWay\uninstall.exe ()

BootExecute: autocheck autochk /k:c *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.staff.josephcharter.org/teachers/mr-hite

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Lynne\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Lynne\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lynne\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

CHR Plugin: (Screen Capture Plugin) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0\plugin/screen_capture.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File

CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Screen Capture (by Google)) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0

CHR Extension: (Google Wallet) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Gmail) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\Lynne\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Lynne\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)

S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)

S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)

S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [58896 2010-03-19] ()

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225792 2009-09-29] (Realtek Semiconductor Corp.)

S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-04 17:18 - 2013-12-04 17:19 - 00037060 _____ C:\Users\Lynne\Desktop\Addition.txt

2013-12-04 17:17 - 2013-12-04 17:58 - 00000608 _____ C:\Users\Lynne\Desktop\FRST.txt

2013-12-04 17:17 - 2013-12-04 17:17 - 00000000 ____D C:\FRST

2013-12-04 17:17 - 2013-12-04 16:58 - 01959766 _____ (Farbar) C:\Users\Lynne\Desktop\FRST64.exe

2013-12-04 16:55 - 2013-12-04 15:57 - 01110034 _____ C:\Users\Lynne\Desktop\AdwCleaner.exe

2013-12-04 16:01 - 2013-12-04 17:42 - 00000000 ____D C:\AdwCleaner

2013-12-04 14:44 - 2013-12-04 14:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-04 14:44 - 2013-12-04 14:44 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Malwarebytes

2013-12-04 14:44 - 2013-12-04 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-04 14:44 - 2013-12-04 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-04 14:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2013-12-02 14:24 - 2013-12-02 14:24 - 02589283 _____ C:\Users\Lynne\Downloads\download

2013-12-01 12:27 - 2013-12-01 21:41 - 00009206 _____ C:\Users\Lynne\Documents\Chrismas Spending 2013.xlsx

2013-11-19 14:17 - 2013-11-19 14:17 - 00127080 _____ (Spotify Ltd) C:\Users\Lynne\Downloads\SpotifySetup (1).exe

2013-11-19 14:15 - 2013-11-19 14:15 - 00001810 _____ C:\Users\Lynne\Desktop\Spotify.lnk

2013-11-19 14:15 - 2013-11-19 14:15 - 00001796 _____ C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-11-19 14:15 - 2013-11-19 14:15 - 00000000 ____D C:\Users\Lynne\AppData\Local\Spotify

2013-11-19 14:14 - 2013-11-19 14:16 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Spotify

2013-11-19 14:13 - 2013-11-19 14:13 - 00127080 _____ (Spotify Ltd) C:\Users\Lynne\Downloads\SpotifySetup.exe

2013-11-14 14:10 - 2013-11-14 14:10 - 00000150 _____ C:\Users\Lynne\Downloads\009_shadowcopy.wmv

2013-11-13 22:33 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-11-13 22:33 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-11-13 22:33 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-11-13 22:33 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-11-13 22:33 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-11-13 22:33 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-11-13 22:33 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-11-13 22:33 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-11-13 22:33 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-11-13 22:33 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-11-13 22:33 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-11-13 22:33 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 07:35 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll

2013-11-13 07:35 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL

2013-11-13 07:35 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL

2013-11-13 07:35 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll

2013-11-13 07:35 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 07:35 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2013-11-13 07:35 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll

2013-11-13 07:35 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll

2013-11-13 07:35 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll

2013-11-13 07:35 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll

2013-11-13 07:35 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 07:35 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll

2013-11-13 07:35 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll

2013-11-13 07:35 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

2013-11-13 07:35 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

2013-11-13 07:35 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys

2013-11-13 07:35 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2013-11-13 07:35 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2013-11-13 07:35 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2013-11-13 07:35 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2013-11-13 07:35 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2013-11-13 07:35 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2013-11-13 07:35 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2013-11-13 07:35 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2013-11-13 07:35 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2013-11-13 07:35 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2013-11-13 07:35 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2013-11-13 07:35 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2013-11-13 07:35 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2013-11-13 07:35 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2013-11-04 09:47 - 2013-11-05 09:59 - 00007192 _____ C:\Users\Lynne\Downloads\OR - Wallowa County 19901.csv

==================== One Month Modified Files and Folders =======

2013-12-04 17:58 - 2013-12-04 17:17 - 00000608 _____ C:\Users\Lynne\Desktop\FRST.txt

2013-12-04 17:42 - 2013-12-04 16:01 - 00000000 ____D C:\AdwCleaner

2013-12-04 17:42 - 2010-03-19 02:22 - 01262776 _____ C:\windows\WindowsUpdate.log

2013-12-04 17:37 - 2009-07-13 21:13 - 00793396 _____ C:\windows\system32\PerfStringBackup.INI

2013-12-04 17:22 - 2010-05-05 20:30 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-04 17:21 - 2010-05-22 20:27 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004UA.job

2013-12-04 17:21 - 2010-05-05 20:30 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-04 17:21 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-12-04 17:21 - 2009-07-13 20:51 - 00128730 _____ C:\windows\setupact.log

2013-12-04 17:19 - 2013-12-04 17:18 - 00037060 _____ C:\Users\Lynne\Desktop\Addition.txt

2013-12-04 17:17 - 2013-12-04 17:17 - 00000000 ____D C:\FRST

2013-12-04 16:58 - 2013-12-04 17:17 - 01959766 _____ (Farbar) C:\Users\Lynne\Desktop\FRST64.exe

2013-12-04 16:39 - 2010-02-25 23:44 - 01587822 _____ C:\windows\PFRO.log

2013-12-04 16:09 - 2013-02-24 13:22 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2013-12-04 15:57 - 2013-12-04 16:55 - 01110034 _____ C:\Users\Lynne\Desktop\AdwCleaner.exe

2013-12-04 14:44 - 2013-12-04 14:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-04 14:44 - 2013-12-04 14:44 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Malwarebytes

2013-12-04 14:44 - 2013-12-04 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-04 14:44 - 2013-12-04 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-03 21:57 - 2009-07-13 20:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-03 21:57 - 2009-07-13 20:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-03 20:35 - 2012-12-29 12:28 - 00000000 ____D C:\Users\Lynne\Documents\Outlook Files

2013-12-03 20:30 - 2010-03-29 09:41 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6560179A-7B04-466C-A813-3E1FD1DD559E}

2013-12-03 15:57 - 2010-04-05 13:12 - 00000000 ____D C:\Users\Lynne\Documents\Business

2013-12-03 13:41 - 2010-05-22 20:27 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004Core.job

2013-12-03 13:12 - 2012-02-10 18:03 - 00000000 ____D C:\Users\Lynne\Documents\Cooking

2013-12-03 13:12 - 2010-04-07 10:33 - 00000000 ____D C:\Users\Lynne\Documents\Essays

2013-12-03 11:41 - 2013-07-13 15:19 - 00000000 ___RD C:\Users\Lynne\Dropbox

2013-12-03 11:41 - 2013-07-13 15:00 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Dropbox

2013-12-03 11:39 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF

2013-12-02 19:41 - 2010-05-05 20:30 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-02 19:41 - 2010-05-05 20:30 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-02 14:24 - 2013-12-02 14:24 - 02589283 _____ C:\Users\Lynne\Downloads\download

2013-12-01 21:41 - 2013-12-01 12:27 - 00009206 _____ C:\Users\Lynne\Documents\Chrismas Spending 2013.xlsx

2013-11-26 20:54 - 2010-04-08 10:57 - 00000000 ____D C:\Users\Lynne\Documents\Slow Food

2013-11-25 09:22 - 2012-08-27 11:57 - 00000000 ____D C:\Users\Lynne\Documents\Editing

2013-11-19 14:17 - 2013-11-19 14:17 - 00127080 _____ (Spotify Ltd) C:\Users\Lynne\Downloads\SpotifySetup (1).exe

2013-11-19 14:16 - 2013-11-19 14:14 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Spotify

2013-11-19 14:15 - 2013-11-19 14:15 - 00001810 _____ C:\Users\Lynne\Desktop\Spotify.lnk

2013-11-19 14:15 - 2013-11-19 14:15 - 00001796 _____ C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-11-19 14:15 - 2013-11-19 14:15 - 00000000 ____D C:\Users\Lynne\AppData\Local\Spotify

2013-11-19 14:13 - 2013-11-19 14:13 - 00127080 _____ (Spotify Ltd) C:\Users\Lynne\Downloads\SpotifySetup.exe

2013-11-19 09:15 - 2011-01-27 10:01 - 00001945 _____ C:\windows\epplauncher.mif

2013-11-19 09:14 - 2012-04-27 08:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-11-19 09:14 - 2011-01-27 10:01 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-19 02:21 - 2010-05-28 08:33 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2013-11-18 14:50 - 2011-12-28 13:40 - 00000000 ____D C:\Users\Lynne\AppData\Local\CrashDumps

2013-11-14 14:10 - 2013-11-14 14:10 - 00000150 _____ C:\Users\Lynne\Downloads\009_shadowcopy.wmv

2013-11-14 08:35 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache

2013-11-14 07:58 - 2009-07-13 21:08 - 00032584 _____ C:\windows\Tasks\SCHEDLGU.TXT

2013-11-13 22:35 - 2010-02-25 23:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-13 22:31 - 2013-08-14 06:29 - 00000000 ____D C:\windows\system32\MRT

2013-11-13 22:28 - 2010-04-18 09:08 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-11-13 09:42 - 2013-02-11 16:09 - 00000000 ____D C:\Program Files\Microsoft Office 15

2013-11-12 22:32 - 2012-04-26 09:16 - 00000000 ____D C:\Users\Lynne\Documents\Blog

2013-11-11 15:56 - 2011-12-08 10:47 - 00000000 ____D C:\Users\Lynne\Documents\Zester Daily

2013-11-10 14:24 - 2013-02-27 09:01 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\TuxPaint

2013-11-05 09:59 - 2013-11-04 09:47 - 00007192 _____ C:\Users\Lynne\Downloads\OR - Wallowa County 19901.csv

2013-11-04 21:18 - 2013-07-13 15:01 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-11-04 21:18 - 2010-03-28 21:25 - 00000000 ___RD C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Some content of TEMP:

====================

C:\Users\Lynne\AppData\Local\Temp\96ED001665B4C8DA2C475E.exe

C:\Users\Lynne\AppData\Local\Temp\BDCD267D8CE135485BA8FF.exe

C:\Users\Lynne\AppData\Local\Temp\Better-Surf.exe

C:\Users\Lynne\AppData\Local\Temp\BetterSurf.exe

C:\Users\Lynne\AppData\Local\Temp\conduitinstaller.exe

C:\Users\Lynne\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe

C:\Users\Lynne\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Lynne\AppData\Local\Temp\oi_{78F113E5-FA64-4A9E-91D6-CC936CA23CF0}.exe

C:\Users\Lynne\AppData\Local\Temp\picasa39-setup.exe

C:\Users\Lynne\AppData\Local\Temp\Quarantine.exe

C:\Users\Lynne\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Lynne\AppData\Local\Temp\tbKeyB.dll

C:\Users\Lynne\AppData\Local\Temp\tbWhit.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-01 13:24

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2013

Ran by Lynne at 2013-12-04 17:18:43

Running from C:\Users\Lynne\Desktop

Boot Mode: Safe Mode (with Networking)

==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8)

8500A909_eDocs (x32 Version: 1.00.0000)

8500A909_Help (x32 Version: 1.00.0000)

8500A909g (x32 Version: 50.0.165.000)

Acrobat.com (x32 Version: 1.1.377)

Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0)

Activation Assistant for the 2007 Microsoft Office suites (x32)

Adobe AIR (x32 Version: 1.5.3.9130)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)

Alive Idea Desktop (x32 Version: 1.0.2.1009)

Apple Application Support (x32 Version: 2.3)

Apple Software Update (x32 Version: 2.1.3.127)

Athtek Skype Recorder (x32 Version: 5.9)

BPD_DSWizards (x32 Version: 1.00.0000)

bpd_scan (x32 Version: 3.00.0000)

BPDSoftware (x32 Version: 50.0.165.000)

BPDSoftware_Ini (x32 Version: 1.00.0000)

Broadcom 802.11 Wireless Driver (x32 Version: 1.0.0.0)

Broadcom Gigabit NetLink Controller (Version: 12.26.01)

BufferChm (x32 Version: 130.0.331.000)

Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Destinations (x32 Version: 130.0.0.0)

DeviceDiscovery (x32 Version: 130.0.465.000)

DIBS (x32 Version: 1.7.0)

DocMgr (x32 Version: 130.0.000.000)

DocProc (x32 Version: 13.0.0.0)

Dolby Control Center (Version: 2.2.1)

Dropbox (HKCU Version: 2.4.6)

EasyCapture (x32 Version: V4.0.09.1015)

ENE CIR Receiver Driver (Version: 2.7.4.0)

Energy Management (x32 Version: 4.4.1.3)

Fax (x32 Version: 130.0.418.000)

GIMP 2.6.11 (x32 Version: 2.6.11)

Google Chrome (HKCU Version: 31.0.1650.57)

Google Earth (x32 Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.22.3)

GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)

GPBaseService2 (x32 Version: 130.0.371.000)

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)

HP Customer Participation Program 13.0 (Version: 13.0)

HP Document Manager 2.0 (Version: 2.0)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Product Detection (x32 Version: 11.14.0001)

HP Smart Web Printing 4.51 (Version: 4.51)

HP Solution Center 13.0 (Version: 13.0)

HP Update (x32 Version: 5.005.000.002)

HPDiagnosticAlert (x32 Version: 1.00.0000)

HPProductAssistant (x32 Version: 130.0.371.000)

HPSSupply (x32 Version: 130.0.371.000)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2082)

Intel® Matrix Storage Manager

join.me (HKCU Version: 1.3.1.429)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Lenovo EasyCamera (x32 Version: 5.4.1.9)

Lenovo First Boot (x32 Version: 1.7.2.2)

Lenovo Idea Central (x32 Version: 1.7.2.3)

Lenovo Idea Notes (x32 Version: 1.5.1)

Lenovo OneKey Recovery (Version: 7.0.0723)

Lenovo OneKey Recovery (x32 Version: 7.0.0723)

Lenovo ReadyComm 5 (x32 Version: 5.1.1.20)

Lenovo ReadyComm 5.0 Service (x32 Version: 5.0.0.1)

Lenovo SlideNav (x32 Version: 1.50.1023.0001)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MarketResearch (x32 Version: 130.0.374.000)

MediaShow (x32 Version: 4.1.3117.14639)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)

Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Publisher 2013 - en-us (Version: 15.0.4551.1005)

Microsoft Security Client (Version: 4.4.0304.0)

Microsoft Security Essentials (Version: 4.4.304.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 (x32)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00)

Microsoft SQL Server Native Client (Version: 9.00.5000.00)

Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)

Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

MPM (x32 Version: 1.00.0000)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Network64 (Version: 130.0.579.000)

Network64 (Version: 140.0.221.000)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)

Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)

Officejet Pro 8500 A909 Series (Version: 13.0)

Onekey Theater (x32 Version: 0.0.0.13C)

PDFCreator (x32 Version: 1.2.0)

Picasa 3 (x32 Version: 3.9)

Power2Go (x32 Version: 5.6.0.4809d4)

ProductContext (x32 Version: 50.0.165.000)

QuickTime (x32 Version: 7.73.80.64)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6028)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30106)

Scan (x32 Version: 13.0.0.0)

Shop for HP Supplies (Version: 13.0)

Skype Click to Call (x32 Version: 6.9.12585)

Skype™ 6.9 (x32 Version: 6.9.106)

SlideBar Driver (x32 Version: 1.0.0.12C)

SmartWebPrinting (x32 Version: 130.0.457.000)

SolutionCenter (x32 Version: 130.0.373.000)

Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)

Spotify (HKCU Version: 0.9.6.72.ge389c074)

Status (x32 Version: 130.0.469.000)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 13.2.7.3)

Toolbox (x32 Version: 130.0.648.000)

TrayApp (x32 Version: 130.0.422.000)

Tux Paint 0.9.21c (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

Utility Common Driver (x32 Version: 1.0.50.26C)

WebReg (x32 Version: 130.0.132.017)

Windows Driver Package - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1) (Version: 05/19/2009 4.4.0.1)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live Sync (x32 Version: 14.0.8089.726)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

WriteWay (x32 Version: 1.8)

WriteWay (x32 Version: 1.9)

==================== Restore Points =========================

04-12-2013 07:08:11 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0895EC64-4D68-45F5-ABE6-84FB0194F656} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004Core => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)

Task: {1576F886-B27B-4BE3-B919-864FCC0D5003} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)

Task: {1B4B6EB4-919F-46DE-95B3-220AA75950FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {26039981-7CCE-42F9-8662-B5CB51B219AF} - \DSite No Task File

Task: {5027CBF1-5CC0-4107-804C-483D74AE565B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)

Task: {89DB858B-246A-437D-80C4-E7C7112CB428} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-13] (Microsoft Corporation)

Task: {AE9ED009-7CC6-43A9-91A1-6F6590983EEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)

Task: {C46A4779-D161-4A1B-8C85-A524892AEC9D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D3D88549-F3D4-4C8A-A699-EE1D774AD9A8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-11-13] (Microsoft Corporation)

Task: {DDBC833B-B579-451A-9093-52021B3F9DB8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004UA => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)

Task: {F6466922-28D6-47C0-A050-C239E9706058} - \AmiUpdXp No Task File

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004Core.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004UA.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-13 09:38 - 2013-11-13 09:38 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Consumer IR Devices

Description: Consumer IR Devices

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: circlass

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: Officejet Pro 8500 A909g

Description: Officejet Pro 8500 A909g

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series

Description: Photosmart C4700 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A910

Description: Officejet Pro 8500 A910

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: deskjet 5800

Description: deskjet 5800

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: hp

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A910

Description: Officejet Pro 8500 A910

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series

Description: Officejet J6400 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z

Description: Officejet 4500 G510n-z

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Premium C309g-m

Description: Photosmart Premium C309g-m

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: HP Color LaserJet CP2025dn

Description: HP Color LaserJet CP2025dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P2015 Series

Description: HP LaserJet P2015 Series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter #7

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: HP LaserJet M1536dnf MFP

Description: HP LaserJet M1536dnf MFP

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6600

Description: Officejet 6600

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510g-m

Description: Officejet 4500 G510g-m

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ENVY 110 series

Description: ENVY 110 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (12/04/2013 04:45:58 PM) (Source: Application Error) (User: )

Description: Windows cannot access the file C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services

File: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: C0000185

Disk type: 3

Error: (12/04/2013 04:45:58 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db

Exception code: 0xc0000006

Fault offset: 0x000000000000fbb7

Faulting process id: 0x3d4

Faulting application start time: 0xsvchost.exe_SysMain0

Faulting application path: svchost.exe_SysMain1

Faulting module path: svchost.exe_SysMain2

Report Id: svchost.exe_SysMain3

Error: (12/04/2013 04:12:23 PM) (Source: Application Error) (User: )

Description: Windows cannot access the file C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services

File: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: C0000185

Disk type: 3

Error: (12/04/2013 04:12:22 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db

Exception code: 0xc0000006

Fault offset: 0x000000000000fbb7

Faulting process id: 0x3d0

Faulting application start time: 0xsvchost.exe_SysMain0

Faulting application path: svchost.exe_SysMain1

Faulting module path: svchost.exe_SysMain2

Report Id: svchost.exe_SysMain3

Error: (12/04/2013 03:44:19 PM) (Source: Application Error) (User: )

Description: Windows cannot access the file C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services

File: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: C0000185

Disk type: 3

Error: (12/04/2013 03:44:18 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db

Exception code: 0xc0000006

Fault offset: 0x000000000000fbb7

Faulting process id: 0x3cc

Faulting application start time: 0xsvchost.exe_SysMain0

Faulting application path: svchost.exe_SysMain1

Faulting module path: svchost.exe_SysMain2

Report Id: svchost.exe_SysMain3

Error: (12/04/2013 03:08:59 PM) (Source: Application Error) (User: )

Description: Windows cannot access the file C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services

File: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pf

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: C0000185

Disk type: 3

Error: (12/04/2013 03:08:59 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db

Exception code: 0xc0000006

Fault offset: 0x000000000000fbb7

Faulting process id: 0x3d0

Faulting application start time: 0xsvchost.exe_SysMain0

Faulting application path: svchost.exe_SysMain1

Faulting module path: svchost.exe_SysMain2

Report Id: svchost.exe_SysMain3

Error: (12/04/2013 09:16:02 AM) (Source: ESENT) (User: )

Description: Windows (3660) Windows: Database recovery/restore failed with unexpected error -1014.

Error: (12/04/2013 09:14:02 AM) (Source: ESENT) (User: )

Description: Windows (3660) Windows: Unable to read page 9701 of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb. Error -1014.

System errors:

=============

Error: (12/04/2013 05:15:29 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:15:29 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:15:29 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:15:09 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:15:09 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:15:09 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:13:21 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:13:21 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:13:21 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (12/04/2013 05:13:11 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (12/04/2013 04:45:58 PM) (Source: Application Error)(User: )

Description: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pfHost Process for Windows ServicesC00001853

Error: (12/04/2013 04:45:58 PM) (Source: Application Error)(User: )

Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000000fbb73d401cef1528c3dd6a5C:\windows\System32\svchost.exec:\windows\system32\sysmain.dll9a75fc9a-5d46-11e3-9f06-705ab656dd2f

Error: (12/04/2013 04:12:23 PM) (Source: Application Error)(User: )

Description: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pfHost Process for Windows ServicesC00001853

Error: (12/04/2013 04:12:22 PM) (Source: Application Error)(User: )

Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000000fbb73d001cef14dd7910c83C:\windows\System32\svchost.exec:\windows\system32\sysmain.dlle94da680-5d41-11e3-9cd6-705ab656dd2f

Error: (12/04/2013 03:44:19 PM) (Source: Application Error)(User: )

Description: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pfHost Process for Windows ServicesC00001853

Error: (12/04/2013 03:44:18 PM) (Source: Application Error)(User: )

Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000000fbb73cc01cef149f4d4c413C:\windows\System32\svchost.exec:\windows\system32\sysmain.dllfd904f48-5d3d-11e3-ad13-705ab656dd2f

Error: (12/04/2013 03:08:59 PM) (Source: Application Error)(User: )

Description: C:\Windows\Prefetch\CHROME.EXE-927FBD7A.pfHost Process for Windows ServicesC00001853

Error: (12/04/2013 03:08:59 PM) (Source: Application Error)(User: )

Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000000fbb73d001cef14500890cf9C:\windows\System32\svchost.exec:\windows\system32\sysmain.dll0e35ac1f-5d39-11e3-bb8f-705ab656dd2f

Error: (12/04/2013 09:16:02 AM) (Source: ESENT)(User: )

Description: Windows3660Windows: -1014

Error: (12/04/2013 09:14:02 AM) (Source: ESENT)(User: )

Description: Windows3660Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb9701-1014

==================== Memory info ===========================

Percentage of memory in use: 19%

Total physical RAM: 4056.6 MB

Available physical RAM: 3264.39 MB

Total Pagefile: 8111.38 MB

Available Pagefile: 7374.36 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.69 GB) (Free:92.66 GB) NTFS

Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.17 GB) NTFS

Drive f: (TOSHIBA EXT) (Fixed) (Total:465.64 GB) (Free:398.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F65ECF20)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=188 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================

Disk: 1 (Size: 466 GB) (Disk ID: C27C4F8F)

Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)

==================== End Of Log ============================

Maniac · December 6, 2013

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Lynne\AppData\Local\Temp\96ED001665B4C8DA2C475E.exe
C:\Users\Lynne\AppData\Local\Temp\BDCD267D8CE135485BA8FF.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

LynneS · December 7, 2013

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-12-2013

Ran by Lynne at 2013-12-06 22:21:30 Run:1

Running from C:\Users\Lynne\Desktop

Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:

*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Users\Lynne\AppData\Local\Temp\96ED001665B4C8DA2C475E.exe

C:\Users\Lynne\AppData\Local\Temp\BDCD267D8CE135485BA8FF.exe

*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

C:\Users\Lynne\AppData\Local\Temp\96ED001665B4C8DA2C475E.exe => Moved successfully.

C:\Users\Lynne\AppData\Local\Temp\BDCD267D8CE135485BA8FF.exe => Moved successfully.

==== End of Fixlog ====

LynneS · December 7, 2013

FYI: I am unable to operate after rebooting normally. My computer still only functions in safe mode.

LynneS · December 7, 2013

I'm not stuck in Safe Mode. It will shut down out of safe mode, but starting normally is as slow and unresponsive as it was before I ran the above script.

Borislav, what do you think my next steps should be?

Maniac · December 8, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

LynneS · December 9, 2013

Here is the log from Combofix.exe. Thank you for continuing to work on a resolution.

ComboFix 13-12-08.01 - Lynne 12/09/2013 11:50:52.1.2 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.3237 [GMT -8:00]

Running from: c:\users\Lynne\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Lynne\Documents\~WRL0361.tmp

F:\Autorun.inf

F:\Setup.exe

.

((((((((((((((((((((((((( Files Created from 2013-11-09 to 2013-12-09 )))))))))))))))))))))))))))))))

.

2013-12-05 01:17 . 2013-12-05 01:17 -------- d-----w- C:\FRST

2013-12-05 00:01 . 2013-12-05 01:42 -------- d-----w- C:\AdwCleaner

2013-12-04 22:44 . 2013-12-04 22:44 -------- d-----w- c:\users\Lynne\AppData\Roaming\Malwarebytes

2013-12-04 22:44 . 2013-12-04 22:44 -------- d-----w- c:\programdata\Malwarebytes

2013-12-04 22:44 . 2013-12-04 22:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-12-04 22:44 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-12-04 22:43 . 2013-12-04 22:43 -------- d-----w- c:\users\Lynne\AppData\Local\Programs

2013-12-03 18:46 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5E2D903-FF85-4856-9DB5-756944F0EA6E}\mpengine.dll

2013-12-02 18:05 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-19 22:15 . 2013-11-19 22:15 -------- d-----w- c:\users\Lynne\AppData\Local\Spotify

2013-11-19 22:14 . 2013-11-19 22:16 -------- d-----w- c:\users\Lynne\AppData\Roaming\Spotify

2013-11-13 15:35 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 10:21 . 2010-05-28 16:33 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-14 06:28 . 2010-04-18 17:08 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-13 17:36 . 2013-02-12 00:31 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-10-18 00:03 . 2013-11-06 17:34 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE12A6F7-8333-424F-B6E4-7680F62DF28C}\gapaengine.dll

2013-10-18 00:03 . 2011-03-28 15:53 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-10-09 16:10 . 2013-02-24 21:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-09 16:10 . 2013-02-24 21:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-09 16:09 . 2013-10-09 16:09 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-09-27 17:53 . 2013-09-27 17:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-27 17:53 . 2010-10-25 05:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Lynne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Lynne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Lynne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-05 39408]

"GoogleChromeAutoLaunch_6A12F0BBFE608579AB07135F9DFD76FE"="c:\users\Lynne\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-11-14 863184]

"Spotify Web Helper"="c:\users\Lynne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-11-19 1168896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"MDS_Menu"="c:\program files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

"IdeaNotesUser"="c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]

"Alive Idea Desktop"="c:\program files (x86)\Lenovo\Alive Idea Desktop\Alive Idea Desktop.exe" [2009-10-16 300544]

"Lenovo SlideNav"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe" [2009-10-22 845640]

"OnekeyDM"="c:\program files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe" [2009-03-27 468480]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]

.

c:\users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Lynne\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]

Uninstall WriteWay.lnk - c:\windows\WriteWay\uninstall.exe "/U:c:\program files (x86)\WriteWay\Uninstall\uninstall.xml" [2010-3-29 473600]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /k:c *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 funfrm;funfrm; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [x]

R2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [x]

R2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]

S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhid.sys [x]

S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhidma.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP

<NO NAME> REG_SZ

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 16:10]

.

2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 04:30]

.

2013-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 04:30]

.

2013-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004Core.job

- c:\users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 04:35]

.

2013-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509380182-1238172701-270273074-1004UA.job

- c:\users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 04:35]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-11-13 17:38 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-11-13 17:38 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-11-13 17:38 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Lynne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Lynne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Lynne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Lynne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-15 9962016]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-OtShot - c:\program files (x86)\OtShot\otshot.exe

Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll

SafeBoot-mcmscsvc

SafeBoot-MCODS

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-12-09 12:12:11

ComboFix-quarantined-files.txt 2013-12-09 20:12

.

Pre-Run: 105,834,594,304 bytes free

Post-Run: 106,805,768,192 bytes free

.

- - End Of File - - AE7E568DE0BDBFCB94599FCC2C6D8C97

A36C5E4F47E84449FF07ED3517B43A31

Maniac · December 11, 2013

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

LynneS · December 12, 2013

Here is the ESET scan report:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ie\BetterSrf.dll.vir a variant of Win32/AdWare.BetterSurf.B application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BetterSurf\ch\Chrome.crx.vir Win32/AdWare.BetterSurf.A application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BetterSurf\ff\BetterSurf.xpi.vir Win32/AdWare.BetterSurf.A application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BetterSurf\ff\chrome\content\inject.js.vir Win32/AdWare.BetterSurf.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BetterSurf\ie\BetterSurf.dll.vir Win32/AdWare.BetterSurf.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.I application cleaned by deleting - quarantined

C:\Users\Lynne\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN application cleaned by deleting - quarantined

Maniac · December 13, 2013

How are things now?

LynneS · December 13, 2013

I rebooted my computer normally this morning. At first, everything seemed to be back to normal. I checked to see if Microsoft Security Essentials was running okay. Then, I opened a Word document I needed. I took a chance and connected to the Internet. That's when everything went right back to the way it was...

Here are the symptoms:

Startup seems somewhat normal but is very, very slow
When I select the Start menu, the blue circle that appears during startup reappears
I am unable to select any other programs from shortcuts or my toolbar or open them and function in any way

Are there more steps/cleaners to eradicate whatever has a death grip on my operating system?

Maniac · December 14, 2013

Startup seems somewhat normal but is very, very slow

Here some tips to improve your system perfomance:

https://forums.malwarebytes.org/index.php?showtopic=81990

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

LynneS · December 17, 2013

Hi again. I started the scan yesterday morning, and it's still running. It says it is 1% (that's right, one percent) complete. It also reports that it has scanned 245000 objects and has found 5 threats.

It's taking so long it makes me wonder if there's something wrong. Can you tell me whether this is common or if I should take other steps?

Thanks,

--Lynne

Maniac · December 17, 2013

The scan time depends on a file types, their number, their size, your hardware and so on.

LynneS · December 18, 2013

Thanks for the confirmation.

The scan completed. Should I try to reboot normally?

Here is the report:

Status: Deleted (events: 8)

12/16/2013 9:20:28 AM Deleted adware not-a-virus:AdWare.Win32.BetterSurf.b C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ff\chrome\content\better-surf.js.vir Medium

12/16/2013 9:21:01 AM Deleted adware not-a-virus:AdWare.Win32.BetterSurf.b C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ch\Chrome.crx.vir Medium

12/16/2013 9:21:01 AM Deleted adware not-a-virus:AdWare.Win32.BetterSurf.b C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ch\Chrome.crx.vir/BetterSrf.js Medium

12/17/2013 3:55:43 AM Deleted Trojan program Trojan.Script.Suspic.gen C:\Program Files (x86)\DDNI\Lenovo First Boot\DDNIOOBE.VBS High

12/17/2013 10:55:38 AM Deleted Trojan program Trojan.Win32.AutoRun.gen C:\Qoobox\Quarantine\F\Autorun.inf.vir High

12/17/2013 12:45:16 PM Deleted Trojan program Trojan.Script.Suspic.gen C:\Windows\Installer\1346e.msi High

12/17/2013 12:45:16 PM Deleted Trojan program Trojan.Script.Suspic.gen C:\Windows\Installer\1346e.msi//disk1.cab High

12/17/2013 12:45:16 PM Deleted Trojan program Trojan.Script.Suspic.gen C:\Windows\Installer\1346e.msi//disk1.cab//DDNIOOBE.VBS High

Status: Disinfected (events: 12)

12/16/2013 9:14:18 AM Disinfected adware not-a-virus:AdWare.Win32.BetterSurf.b C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ff\Better-Surf.xpi.vir Medium

12/16/2013 9:14:18 AM Disinfected adware not-a-virus:AdWare.Win32.BetterSurf.b C:\AdwCleaner\Quarantine\C\Program Files (x86)\Better-Surf\ff\Better-Surf.xpi.vir/chrome/content/better-surf.js Medium

12/17/2013 1:49:03 PM Disinfected Trojan program Backdoor.Win32.Mokes.haz Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:FedEx][subject:[Norton AntiSpam]Track your shipment No112721][Time:2011/10/23 07:05:57]/Invoice_copy_N7524.zip High

12/17/2013 1:49:02 PM Disinfected Trojan program Backdoor.Win32.Mokes.haz Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:FedEx][subject:[Norton AntiSpam]Track your shipment No112721][Time:2011/10/23 07:05:57]/Invoice_copy_N7524.zip/Invoice_copy.exe High

12/17/2013 2:29:22 PM Disinfected Trojan program Trojan.Win32.Buzus.mghr Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:eFax Corporate][subject:Corporate eFax message - 3 pages][Time:2012/10/23 04:35:51]/fax_message.pdf.zip High

12/17/2013 2:29:21 PM Disinfected Trojan program Trojan.Win32.Buzus.mghr Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:eFax Corporate][subject:Corporate eFax message - 3 pages][Time:2012/10/23 04:35:51]/fax_message.pdf.zip/fax_message.pdf.exe High

12/17/2013 7:36:35 PM Disinfected Trojan program Trojan-Spy.Win32.Zbot.ghdc Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:pejvak moghadam][subject:Re:Re; Inquiry about your products][Time:2012/11/05 22:31:25]/Product_Sample.doc High

12/17/2013 7:36:35 PM Disinfected Trojan program Trojan-Spy.Win32.Zbot.ghdc Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:pejvak moghadam][subject:Re:Re; Inquiry about your products][Time:2012/11/05 22:31:25]/Product_Sample.doc//C:/Users/ENRICO~1/AppData/Local/Temp/ProductSample.scr High

12/17/2013 8:30:03 PM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.pdni Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:Elnora_Nielsen@wellsfargo.com][subject:IMPORTANT Docs - WellsFargo][Time:2013/08/09 07:43:49]/WellsFargo.lynne.zip/WellsFargo_Documents.exe High

12/17/2013 8:30:03 PM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.pdni Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:Elnora_Nielsen@wellsfargo.com][subject:IMPORTANT Docs - WellsFargo][Time:2013/08/09 07:43:49]/WellsFargo.lynne.zip High

12/17/2013 8:30:06 PM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.pdni Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:Bobby_David@wellsfargo.com][subject:IMPORTANT Docs - WellsFargo][Time:2013/08/09 07:33:43]/WellsFargo.luse26.zip/WellsFargo_Documents.exe High

12/17/2013 8:30:06 PM Disinfected Trojan program Trojan-PSW.Win32.Tepfer.pdni Outlook\lynnes@eoni.com\Top of Outlook data file\Deleted Items\[From:Bobby_David@wellsfargo.com][subject:IMPORTANT Docs - WellsFargo][Time:2013/08/09 07:33:43]/WellsFargo.luse26.zip High

Maniac · December 18, 2013

Please reboot your system, then make sure your Microsoft Security Essentials is up-to-date and perform a full system scan.

AdvancedSetup · December 28, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Infected with Malware last night

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information