Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 icyeuny

icyeuny

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 18 February 2013 - 06:38 PM

Please help. Below is the log from my Combo Fix run and I have no idea what I need to be doing or not doing. Please help.

 

ComboFix 13-02-18.02 - Eunice 02/18/2013  17:06:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3690.734 [GMT -5:00]
Running from: c:\users\Eunice\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\164c1db6\00b89b7d_e132cd01\ScreenRotate.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\19f69c5d\0096d597_e132cd01\MessageCenterPlus.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\1d49d5a9\005d7dce_21dacc01\AccuWeatherTile.resources.DLL
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\2902d59b\000f03da_18e1cc01\NewsTile.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\4feccb3e\00f3f385_e132cd01\PriceGrabber.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\5c718048\00202587_e132cd01\SimpleTapAppStoreAddon.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\657e9ba2\0027c868_2509cd01\KeyboardLightApi.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\720a0cc6\00c30699_e132cd01\MSOffice.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\8bb02d28\00f0379a_e132cd01\Wikipedia.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\8db56f4d\00e21093_e132cd01\LenovoSolutionCenter.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\96e206ca\00c6c284_e132cd01\InternetExplorer.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\a68f45f2\002e4c8e_e132cd01\Kayak.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\bab292b3\00aa7476_e132cd01\WirelessApi.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\c125cb03\00c6c284_e132cd01\EvernoteLauncher.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\c46216ea\005b7d8f_e132cd01\LenovoMusic.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\c5a37f34\00501274_e132cd01\DisplayBrightnessApi.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\c643c42c\002e4c8e_e132cd01\Groupon.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\cbdb5840\00510422_1d01cd01\SugarSync.SimpleTapAddons.FileManager.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\cbfa85b4\00f3f385_e132cd01\AccuWeatherTile.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\d1e3a8ff\00999183_e132cd01\Chrome.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\e6a8e066\003c7395_e132cd01\LenovoTV.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\ea170e11\0023e172_e132cd01\CoreAudioApi.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\ebca06ea\006457c9_2509cd01\Flickr.dll
c:\users\Eunice\AppData\Local\Temp\SimpleTap\assembly\dl3\ebf8fefc\00f0379a_e132cd01\Skype.dll
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\windows\SysWow64\SETE6F5.tmp
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-18 to 2013-02-18  )))))))))))))))))))))))))))))))
.
.
2013-02-18 22:53 . 2013-02-18 22:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-18 20:55 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2F469ED-275B-4194-B2F4-DCE385DD4755}\mpengine.dll
2013-02-17 19:29 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-13 16:50 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:50 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:47 . 2013-01-09 01:48    17812992    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-13 16:47 . 2013-01-09 01:22    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-13 14:52 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 14:52 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 14:52 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 14:52 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 14:52 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-13 14:52 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-13 14:52 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-13 14:52 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-13 14:52 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-13 14:52 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-13 14:52 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 14:52 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 15:11 . 2013-02-11 15:11    --------    d-----w-    c:\users\Eunice\AppData\Local\Evernote
2013-01-29 20:52 . 2013-01-29 20:52    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-01-29 20:52 . 2013-01-29 20:52    --------    d-----r-    c:\program files (x86)\Skype
2013-01-21 20:43 . 2013-01-21 20:43    --------    d-----w-    c:\program files (x86)\Dolby Advanced Audio v2
2013-01-21 20:40 . 2012-09-01 00:18    7164176    ----a-w-    c:\windows\system32\EEP64A.dll
2013-01-21 20:40 . 2012-09-01 00:17    141584    ----a-w-    c:\windows\system32\SETDFC0.tmp
2013-01-21 20:40 . 2012-09-01 00:17    75024    ----a-w-    c:\windows\system32\EEG64A.dll
2013-01-21 20:40 . 2012-09-01 00:17    434960    ----a-w-    c:\windows\system32\SETE175.tmp
2013-01-21 20:40 . 2012-09-01 00:17    124176    ----a-w-    c:\windows\system32\EEA64A.dll
2013-01-21 20:40 . 2012-08-08 18:12    1780896    ----a-w-    c:\windows\system32\CX64AP74.dll
2013-01-21 20:40 . 2012-06-29 18:04    50848    ----a-w-    c:\windows\system32\CxPageMaster64.dll
2013-01-21 20:40 . 2012-09-20 19:11    1609376    ----a-w-    c:\windows\system32\drivers\CHDRT64.sys
2013-01-21 20:39 . 2013-01-21 20:39    53248    ----a-r-    c:\users\Eunice\AppData\Roaming\Microsoft\Installer\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}\ARPPRODUCTICON.exe
2013-01-21 20:36 . 2012-12-06 02:05    39792    ----a-w-    c:\windows\system32\SETA75F.tmp
2013-01-21 20:36 . 2012-12-06 02:05    60272    ----a-w-    c:\windows\system32\SETA6E2.tmp
2013-01-21 20:36 . 2012-12-06 02:05    42824    ----a-w-    c:\windows\system32\drivers\SET9E1A.tmp
2013-01-21 20:36 . 2012-12-06 02:05    72048    ----a-w-    c:\windows\system32\ibmpmctl.exe
2013-01-21 20:35 . 2013-01-21 20:36    --------    d-----w-    c:\program files (x86)\Cisco
2013-01-21 06:29 . 2013-01-21 06:30    --------    d-----w-    c:\program files (x86)\Prentice Hall
2013-01-20 22:52 . 2013-01-20 23:08    --------    d-----w-    c:\program files (x86)\Wajam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 21:19 . 2012-07-24 01:36    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-18 21:19 . 2012-07-24 01:36    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 16:52 . 2012-07-19 01:16    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 14:52    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 03:10    46080    ------w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 03:10    367616    ------w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 03:10    295424    ------w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 03:10    34304    ------w-    c:\windows\SysWow64\atmlib.dll
2012-12-10 05:10 . 2012-09-06 17:26    952    --sh--w-    c:\programdata\KGyGaAvL.sys
2012-12-07 13:20 . 2013-01-09 17:26    441856    ------w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 17:26    2746368    ------w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 17:26    308736    ------w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 17:26    2576384    ------w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 17:26    30720    ------w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 17:26    43520    ------w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 17:26    23552    ------w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 17:26    45568    ------w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 17:26    44544    ------w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 17:26    20480    ------w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 17:26    20480    ------w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 17:26    20480    ------w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 17:26    46592    ------w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 17:26    40960    ------w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 17:26    15360    ------w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 17:26    21504    ------w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 17:26    55296    ------w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 17:26    51712    ------w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 17:26    43520    ------w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 17:26    30720    ------w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 17:26    45568    ------w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 17:26    44544    ------w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 17:26    20480    ------w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 17:26    23552    ------w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 17:26    20480    ------w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 17:26    46592    ------w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 17:26    20480    ------w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 17:26    21504    ------w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 17:26    40960    ------w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 17:26    15360    ------w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 17:26    55296    ------w-    c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 17:26    51712    ------w-    c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 17:26    362496    ------w-    c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 17:26    243200    ------w-    c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 17:26    13312    ------w-    c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 17:26    16384    ------w-    c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 17:26    424448    ------w-    c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 17:26    1161216    ------w-    c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 17:26    6144    ---h--w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    4608    ---h--w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    4608    ---h--w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    5120    ---h--w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 17:26    274944    ------w-    c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    4608    ---h--w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3584    ---h--w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    4096    ---h--w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    5120    ---h--w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:26    3072    ---h--w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-07-10 06:44    433648    ------w-    c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1EFAFD5E8999565117672D51A3957947FD9446FE._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-10 39408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2012-09-07 432016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-09-01 508656]
.
c:\users\Eunice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-1-29 1078624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-05-29 144992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys [2012-01-17 70416]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2012-07-10 332272]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-09-24 1666112]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-09-24 1665088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-03-26 33344]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2012-06-08 201376]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2012-08-09 328552]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-06-02 58224]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-06-02 61296]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-06-02 179568]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2012-08-11 136288]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2012-05-29 147040]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-04-20 144448]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-03-28 216704]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-09-26 879760]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-08 27432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 21:38    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 21:19]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 06:43]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 06:43]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1588281996-1602843059-1048976291-1000Core.job
- c:\users\Eunice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 00:45]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1588281996-1602843059-1048976291-1000UA.job
- c:\users\Eunice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09 00:45]
.
2013-02-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-02-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-07-10 06:44    750064    ------w-    c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 00:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 00:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 00:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 00:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-09-21 17:40    480888    ------w-    c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-09-21 17:40    480888    ------w-    c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-09-21 17:40    480888    ------w-    c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-09-21 17:40    480888    ------w-    c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2012-09-21 228744]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-11-26 293232]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130102,17117,0,18,0
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.2.1.2 10.1.16.111 10.2.1.1
FF - ProfilePath - c:\users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\
FF - ExtSQL: 2013-01-11 21:00; addon@defaulttab.com; c:\users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\extensions\addon@defaulttab.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-DefaultTab - c:\users\Eunice\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AuthenTec\KeepVault\Engine\KVServer.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
c:\program files\lenovo\lenovo solution center\lsc.exe
.
**************************************************************************
.
Completion time: 2013-02-18  18:15:51 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-18 23:15
.
Pre-Run: 326,338,596,864 bytes free
Post-Run: 327,838,302,208 bytes free
.
- - End Of File - - 7334680B799C35DFE53495B4FD7C1657


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 19 February 2013 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 

  •  


  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
    •  



  • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.

 

  • Double click on the DDS icon, allow it to run. 


  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 


  • Notepad will open with the results. 


  • Follow the instructions that pop up for posting the results. 

Please note:  You may have to disable any script protection running if the scan fails to run.
 
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===
Third party programs if not up to date can be the cause infiltration of an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.

  •  


  • Close all open programs and internet browsers.


  • Double click on AdwCleaner.exe to run the tool.


  • Click on Delete tab follow the prompts.


  • A log file will automatically open after the scan has finished.


  • Please post the content of that log file with your next answer.


  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

 
 
Please post the logs for my review.
 
Let me know what problem persists so that I can suggest a proper fix.


#3 icyeuny

icyeuny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 19 February 2013 - 02:03 PM

I run the DDS and this is the two logs I got below.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.9.2
Run by Eunice at 14:00:03 on 2013-02-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3690.904 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AuthenTec\KeepVault\Engine\KVServer.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Eunice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Pharos\bin\popnet.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130102,17117,0,18,0
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [1EFAFD5E8999565117672D51A3957947FD9446FE._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Eunice\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
StartupFolder: C:\Users\Eunice\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 10.2.1.2 10.1.16.111 10.2.1.1
TCP: Interfaces\{7ADC0260-350E-4DB6-A113-70D22A95277B} : DHCPNameServer = 10.2.1.2 10.1.16.111 10.2.1.1
TCP: Interfaces\{7ADC0260-350E-4DB6-A113-70D22A95277B}\34F62796E6E65637E4564777F627B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AB52AF6D-79A9-435D-8627-A9DE5EDADA17} : DHCPNameServer = 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\
FF - ExtSQL: 2013-01-11 21:00; addon@defaulttab.com; C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\extensions\addon@defaulttab.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-10 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-10-14 201376]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-7-10 169776]
R2 FPLService;TrueSuiteService;C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2012-8-9 328552]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-7-10 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-10 163608]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-7-18 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-10-14 127072]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-7-18 61296]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-7-18 179568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-12-21 136288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-19 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-19 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-10-14 147040]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-10-14 144448]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-10 363800]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-10 84080]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-9-13 216704]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-10 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-10 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-10 786200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-19 24176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-7-10 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-10 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-7-10 879760]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2012-7-10 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 WajamUpdater;WajamUpdater;"C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [?]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-7-10 70416]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-7-10 332272]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-7-10 1666112]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-7-10 1665088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-9 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-9 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-19 1255736]
.
=============== Created Last 30 ================
.
2013-02-19 11:16:50 -------- d-----w- C:\Users\Eunice\AppData\Roaming\Malwarebytes
2013-02-19 11:15:20 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-19 11:15:18 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-19 11:15:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-19 11:15:04 -------- d-----w- C:\Users\Eunice\AppData\Local\Programs
2013-02-18 23:00:56 -------- d-----w- C:\$RECYCLE.BIN
2013-02-18 22:04:15 98816 ----a-w- C:\Windows\sed.exe
2013-02-18 22:04:15 256000 ----a-w- C:\Windows\PEV.exe
2013-02-18 22:04:15 208896 ----a-w- C:\Windows\MBR.exe
2013-02-18 20:55:06 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2F469ED-275B-4194-B2F4-DCE385DD4755}\mpengine.dll
2013-02-17 19:29:15 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-13 16:50:12 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:50:12 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 14:52:29 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 14:52:28 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 14:52:27 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 14:52:22 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 14:52:21 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 14:52:20 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 14:52:20 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 14:52:20 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 14:52:20 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 14:52:18 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 14:52:17 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 14:52:17 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-11 15:11:52 -------- d-----w- C:\Users\Eunice\AppData\Local\Evernote
2013-01-29 20:52:35 -------- d-----r- C:\Program Files (x86)\Skype
2013-01-21 20:43:32 -------- d-----w- C:\Program Files (x86)\Dolby Advanced Audio v2
2013-01-21 20:40:29 75024 ----a-w- C:\Windows\System32\EEG64A.dll
2013-01-21 20:40:29 7164176 ----a-w- C:\Windows\System32\EEP64A.dll
2013-01-21 20:40:29 50848 ----a-w- C:\Windows\System32\CxPageMaster64.dll
2013-01-21 20:40:29 434960 ----a-w- C:\Windows\System32\SETE175.tmp
2013-01-21 20:40:29 1780896 ----a-w- C:\Windows\System32\CX64AP74.dll
2013-01-21 20:40:29 141584 ----a-w- C:\Windows\System32\SETDFC0.tmp
2013-01-21 20:40:29 124176 ----a-w- C:\Windows\System32\EEA64A.dll
2013-01-21 20:40:28 1609376 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys
2013-01-21 20:39:25 53248 ----a-r- C:\Users\Eunice\AppData\Roaming\Microsoft\Installer\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}\ARPPRODUCTICON.exe
2013-01-21 20:36:47 72048 ----a-w- C:\Windows\System32\ibmpmctl.exe
2013-01-21 20:36:47 60272 ----a-w- C:\Windows\System32\SETA6E2.tmp
2013-01-21 20:36:47 42824 ----a-w- C:\Windows\System32\drivers\SET9E1A.tmp
2013-01-21 20:36:47 39792 ----a-w- C:\Windows\System32\SETA75F.tmp
2013-01-21 20:35:38 -------- d-----w- C:\Program Files (x86)\Cisco
2013-01-21 06:29:53 -------- d-----w- C:\Program Files (x86)\Prentice Hall
2013-01-20 22:52:21 -------- d-----w- C:\Program Files (x86)\Wajam
2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
==================== Find3M  ====================
.
2013-02-18 21:19:58 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-18 21:19:58 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ------w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ------w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ------w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ------w- C:\Windows\SysWow64\atmlib.dll
2012-12-10 05:10:41 952 --sh--w- C:\ProgramData\KGyGaAvL.sys
2012-12-07 13:20:16 441856 ------w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ------w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ------w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ------w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ------w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ------w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ------w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ------w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ------w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ------w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ------w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ------w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ------w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ------w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ------w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ------w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ------w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ------w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ------w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ------w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ------w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ------w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ------w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ------w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ------w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---h--w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---h--w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---h--w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---h--w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-28 06:52:47 129784 ------w- C:\Windows\SysWow64\pxafs.dll
2012-11-28 06:52:47 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe
2012-11-28 06:52:46 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe
2012-11-23 03:13:57 68608 ------w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ------w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ------w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 14:01:32.68 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2012 1:30:06 AM
System Uptime: 2/19/2013 12:58:21 PM (2 hours ago)
.
Motherboard: LENOVO |  | 3254CTO
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 305.089 GiB free.
D: is CDROM ()
Q: is FIXED (NTFS) - 18 GiB total, 4.687 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP114: 2/4/2013 9:44:23 PM - Windows Update
RP115: 2/10/2013 2:17:54 PM - Windows Update
RP116: 2/11/2013 10:19:38 AM - Removed Evernote v. 4.2.3
RP117: 2/11/2013 10:20:15 AM - Installed Evernote v. 4.6.2
RP118: 2/13/2013 11:47:06 AM - Windows Update
RP119: 2/16/2013 1:07:03 PM - Windows Update
RP120: 2/18/2013 5:04:37 PM - ComboFix created restore point
RP121: 2/19/2013 8:10:11 AM - Windows Update
.
==== Installed Programs ======================
.
Absolute Reminder
Active Models
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) MUI
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
Boingo Wi-Finder
Bonjour
Burn.Now 4.5
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Create Recovery Media
D3DX10
DefaultTab
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder
DisplayLink Core Software
Evernote v. 4.6.2
Fingerprint Reader
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Google Chrome
Google Drive
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
Integrated Camera Driver Installer Package Ver.1.2.1.18
Intel® Control Center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 9
Java Auto Updater
KeepVault for Windows
Lenovo Auto Scroll Utility
Lenovo Graphics Software
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Power Management Driver
Lenovo Registration
Lenovo SimpleTap
Lenovo Solution Center
Lenovo Solutions for Small Business Customizations
Lenovo System Update
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
Malwarebytes Anti-Malware version 1.70.0.1100
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OM Explorer for KRM10
On Screen Display
Pharos
Picasa 3
Power Manager
QuickTime
RapidBoot HDD Accelerator
RapidBoot Shield
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Rescue and Recovery
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.1
Spotify
SugarSync Manager
ThinkPad UltraNav Driver
ThinkPad Wireless LAN Adapter Software
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VIP Access
Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/02/2012 16.0.5.2)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
2/19/2013 10:34:25 AM, Error: Service Control Manager [7000]  - The WajamUpdater service failed to start due to the following error:  The system cannot find the file specified.
2/19/2013 10:34:19 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
2/18/2013 9:12:30 AM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{7ADC0260-350E-4DB6-A113-70D22A95277B} because another computer on the network has the same name.  The server could not start.
2/18/2013 6:01:35 PM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  A device attached to the system is not functioning.
2/18/2013 5:56:37 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/18/2013 5:20:05 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/18/2013 5:06:55 PM, Error: Service Control Manager [7034]  - The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).
2/18/2013 5:02:36 PM, Error: Service Control Manager [7034]  - The DefaultTabUpdate service terminated unexpectedly.  It has done this 1 time(s).
2/18/2013 3:39:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcSvc service.
2/17/2013 12:15:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
2/17/2013 11:57:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPHKSVC service.
2/17/2013 11:42:41 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
2/16/2013 2:55:36 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPHKLOAD service.
2/14/2013 2:24:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VIPAppService service.
2/13/2013 12:00:11 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
2/12/2013 10:50:02 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DisplayLinkService service.
.
==== End Of File ===========================
 



#4 icyeuny

icyeuny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 19 February 2013 - 02:08 PM

This is the log for the security check.

 

 Results of screen317's Security Check version 0.99.58 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100 
 Java 7 Update 9 
 Java version out of Date!
 Adobe Flash Player 11.6.602.168 
 Adobe Reader 10.1.5 Adobe Reader out of Date! 
 Mozilla Firefox (18.0.2)
 Google Chrome 24.0.1312.56 
 Google Chrome 24.0.1312.57 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#5 icyeuny

icyeuny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 19 February 2013 - 02:16 PM

This is also the log from the AdwCleaner.exe

 

 Results of screen317's Security Check version 0.99.58 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100 
 Java 7 Update 9 
 Java version out of Date!
 Adobe Flash Player 11.6.602.168 
 Adobe Reader 10.1.5 Adobe Reader out of Date! 
 Mozilla Firefox (18.0.2)
 Google Chrome 24.0.1312.56 
 Google Chrome 24.0.1312.57 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 19 February 2013 - 02:44 PM

Secure your system by updating 3rd party programs.
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
You can manually check your present version and update as recommended.
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
Java 7 Update 9 
 
Java 7 update 10 introduced important new security controls
You can read about it here.
 
Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===
Get the latest version of the  Adobe Reader.
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
 
When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===
You posted twice the Security Check log.
Please post the AdwCleaner log for my review and let me know what problem persists.


#7 icyeuny

icyeuny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 19 February 2013 - 03:14 PM

here is the AdwCleaner log

 

# AdwCleaner v2.112 - Logfile created 02/19/2013 at 15:08:36
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Eunice - EUNICE-THINK
# Boot Mode : Normal
# Running from : C:\Users\Eunice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MKGR81S\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\searchplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Eunice\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Eunice\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Eunice\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\prefs.js

C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\gmofpi17.default-1353298397691\user.js ... Deleted !

Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [466 octets] - [19/02/2013 14:59:24]
AdwCleaner[S2].txt - [8296 octets] - [19/02/2013 15:08:36]

########## EOF - C:\AdwCleaner[S2].txt - [8356 octets] ##########

 

 

Thank you



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 20 February 2013 - 08:49 AM

If all is well:
 
Time for some housekeeping
The following will implement some cleanup procedures as well as reset  System Restore points:
 
Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
 
ComboFix /Uninstall 
===
 
To remove AdwCleaner.
 
Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.
 
If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.
 
Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
 
Surf Safely, and Think Prevention!
===


#9 icyeuny

icyeuny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 20 February 2013 - 08:41 PM

When I tried to delete combo fix even though it uninstalled now I got a warning in regards to Microsoft essentials.



#10 icyeuny

icyeuny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 20 February 2013 - 08:45 PM

I did it and I hope it is fixed. Thank you



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 27 February 2013 - 10:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users