Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Keeps Changing


  • This topic is locked This topic is locked
25 replies to this topic

#1 Bobster1052

Bobster1052

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 09 January 2014 - 02:49 PM

I am a first time as a signed in member and have appreciated reading others posts and help.  I am using Norton Internet Security and Comcast's Constant Guard.  I am constantly receiving notification from Constant Guard that it has blocked an attempt to change my DNS setting.  I have run Malwarebits, all of Norton's antivirus programs, including their eraser, and I still keep getting the same message.  My question is:  Do I have a Trojan or other virus that these programs do not detect?  If so, how can I get rid of this annoyance and potential risk?

 

Thanks for your help!

 

My DDS.txt is as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Bob at 11:22:58 on 2014-01-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7989.4171 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Windows\system32\rundll32.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\lenovo\system update\suservice.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Create 8\bin\GZeonIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Converter 8\RegistryController.exe"
mRun: [Nuance PDF Converter 8-reminder] "C:\Program Files (x86)\Nuance\PDF Converter 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 8\Ereg\Ereg.ini"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Converter 8\cnvres_eng.dll /100
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{15CB24B0-EBD9-4BEF-9044-CDB350CB1E3B} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{15CB24B0-EBD9-4BEF-9044-CDB350CB1E3B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE} : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE}\2456C6B696E6E243245403 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE}\D416B61647751697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE}\D416B61647751697F58747 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KeyCrypt32(3).dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-19 56208]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-3-19 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-3-19 19952]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-27 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-27 1147480]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-1-13 23664]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-4-28 49240]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [2013-12-17 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-27 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSviA64.sys [2014-1-9 521944]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-3-5 15472]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-3-19 27632]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-27 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-27 590936]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-18 659472]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-11-18 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-11-18 55296]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-23 135984]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-12-11 41024]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-5-1 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-7-31 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-5-1 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-5-26 93032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2013-11-27 264360]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2013-4-5 77640]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2013-3-3 113456]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-1-16 199272]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 supersafer64;supersafer64;C:\Windows\SysWOW64\drivers\supersafer64.sys [2012-5-29 238072]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-11-18 291352]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-7-31 144232]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-7-31 64952]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-16 2320920]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-16 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-1 317440]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-4-28 25784]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-19 25928]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-1-16 1669928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-16 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2011-1-16 205952]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-11-28 109352]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S3 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-3-12 9421312]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-6-16 25704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-5-13 1664808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-13 19456]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 RoxMediaDBVHS;RoxMediaDBVHS;C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2011-12-19 1114384]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-13 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
S4 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]
S4 CareMon;CareMon;C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [2012-5-29 146792]
S4 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2013-3-22 30032]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-09 17:12:31 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-08 20:40:02 -------- d-----w- C:\pdfconv8-efg-r-12313-100
2014-01-07 02:57:25 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-01-07 02:56:16 -------- d-----w- C:\ProgramData\Oracle
2014-01-07 02:55:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-23 15:57:55 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-13 20:58:06 -------- d-----w- C:\ProgramData\Western Digital
2013-12-12 11:06:39 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 11:06:39 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 11:06:39 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 11:06:38 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 20:59:57 335360 ----a-w- C:\Windows\System32\msieftp.dll
.
==================== Find3M  ====================
.
2013-12-14 02:59:42 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2013-12-10 20:14:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:14:51 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-04 20:28:51 10137600 ----a-w- C:\Program Files (x86)\GUTE253.tmp
2013-11-27 18:02:59 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 13:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-16 21:03:00 10674488 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 11:23:30.23 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 14 January 2014 - 02:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520245 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Bobster1052

Bobster1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 15 January 2014 - 01:42 PM

Attached File  Attach.zip   5.1KB   0 downloadsI am still having the problem; however, it is intermittent.  It does not happen on a regular schedule.  I do not have the Windows CD/DVD because it came installed on my laptop.  Other than running my typical A/V scans from Norton Internet Security Suite and HitMan Pro at startup, I haven't done anything extraordinary.  The attempt to change the DNS has only occurred once since the original posting and Constant Guard blocks the change and a window pops up telling me that something has tried to change my DNS. The protection is automatic and I cannot find a log of the attempts.

 

The recent DDS file is as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Bob at 9:58:50 on 2014-01-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7989.4180 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\TpShocks.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\lenovo\system update\suservice.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Create 8\bin\GZeonIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Converter 8\cnvres_eng.dll /100
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{15CB24B0-EBD9-4BEF-9044-CDB350CB1E3B} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{15CB24B0-EBD9-4BEF-9044-CDB350CB1E3B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE}\2456C6B696E6E243245403 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE}\34963736F63313831363 : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE}\D416B61647751697F58747 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KeyCrypt32(3).dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-19 56208]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-3-19 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-3-19 19952]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-27 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-27 1147480]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-1-13 23664]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-4-28 49240]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [2014-1-14 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-27 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140114.001\IDSviA64.sys [2014-1-15 521944]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-3-5 15472]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-3-19 27632]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-27 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-27 590936]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-18 659472]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-11-18 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-11-18 55296]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-23 135984]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-12-11 41024]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-5-1 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-7-31 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-5-1 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-5-26 93032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2013-11-27 264360]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2013-4-5 77640]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2013-3-3 113456]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-1-16 199272]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 supersafer64;supersafer64;C:\Windows\SysWOW64\drivers\supersafer64.sys [2012-5-29 238072]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-11-18 291352]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-7-31 144232]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-7-31 64952]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-16 2320920]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-16 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-1 317440]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-4-28 25784]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-19 25928]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-1-16 1669928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-16 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2011-1-16 205952]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-11-28 109352]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S3 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-3-12 9421312]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-6-16 25704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-5-13 1664808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-13 19456]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 RoxMediaDBVHS;RoxMediaDBVHS;C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2011-12-19 1114384]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-13 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
S4 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]
S4 CareMon;CareMon;C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [2012-5-29 146792]
S4 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2013-3-22 30032]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-09 17:12:31 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-08 20:40:02 -------- d-----w- C:\pdfconv8-efg-r-12313-100
2014-01-07 02:57:25 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-01-07 02:56:16 -------- d-----w- C:\ProgramData\Oracle
2014-01-07 02:55:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-23 15:57:55 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
.
==================== Find3M  ====================
.
2013-12-14 02:59:42 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2013-12-10 20:14:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:14:51 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-04 20:28:51 10137600 ----a-w- C:\Program Files (x86)\GUTE253.tmp
2013-11-27 18:02:59 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 13:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH:  9:59:20.19 ===============

 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 PM

Posted 19 January 2014 - 10:08 AM

Greetings Bobster1052 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review the information you have already posted please run these programs for me.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniToolBox log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 PM

Posted 22 January 2014 - 10:12 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Bobster1052

Bobster1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 23 January 2014 - 11:37 AM

Thank you for your help and apologize for the tardy response.  The results.tex file is as follows:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Bob (administrator) on 23-01-2014 at 08:25:01
Running from "C:\Users\Bob\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

#       ::1             localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Intel® Centrino® Wireless-N 1000 = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.106 metric=1 publish=Yes

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Bob-THINK
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 8C-A9-82-02-C0-4D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 8C-A9-82-02-C0-4D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1000
   Physical Address. . . . . . . . . : 8C-A9-82-02-C0-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 23, 2014 7:40:28 AM
   Lease Expires . . . . . . . . . . : Sunday, March 01, 2150 2:53:23 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 60-EB-69-B5-C7-45
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.2.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 23, 2014 7:40:13 AM
   Lease Expires . . . . . . . . . . : Sunday, March 01, 2150 2:53:23 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  2607:f8b0:400a:803::1005
   173.194.33.96
   173.194.33.110
   173.194.33.98
   173.194.33.99
   173.194.33.101
   173.194.33.102
   173.194.33.97
   173.194.33.105
   173.194.33.100
   173.194.33.104
   173.194.33.103

Pinging google.com [173.194.33.134] with 32 bytes of data:
Reply from 173.194.33.134: bytes=32 time=12ms TTL=55
Reply from 173.194.33.134: bytes=32 time=12ms TTL=55

Ping statistics for 173.194.33.134:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 12ms, Average = 12ms
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=97ms TTL=49
Reply from 98.139.183.24: bytes=32 time=98ms TTL=47

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 97ms, Maximum = 98ms, Average = 97ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 7ms, Average = 5ms
===========================================================================
Interface List
 13...8c a9 82 02 c0 4d ......Microsoft Virtual WiFi Miniport Adapter #2
 12...8c a9 82 02 c0 4d ......Microsoft Virtual WiFi Miniport Adapter
 11...8c a9 82 02 c0 4c ......Intel® Centrino® Wireless-N 1000
 10...60 eb 69 b5 c7 45 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.4     20
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link       192.168.2.4    306
      169.254.0.0      255.255.0.0         On-link       192.168.2.5    306
  169.254.255.255  255.255.255.255         On-link       192.168.2.4    276
  169.254.255.255  255.255.255.255         On-link       192.168.2.5    281
      192.168.2.0    255.255.255.0         On-link       192.168.2.4    276
      192.168.2.0    255.255.255.0         On-link       192.168.2.5    281
      192.168.2.4  255.255.255.255         On-link       192.168.2.4    276
      192.168.2.5  255.255.255.255         On-link       192.168.2.5    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.4    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.4    276
        224.0.0.0        240.0.0.0         On-link       192.168.2.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.4    276
  255.255.255.255  255.255.255.255         On-link       192.168.2.5    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0    192.168.1.106       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/23/2014 07:50:27 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/18/2014 11:10:18 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4039240e-ed38-4b72-b026-0afaf75087d3}

Error: (01/18/2014 10:49:29 AM) (Source: Application Hang) (User: )
Description: The program Dashboard.EXE version 2.2.42.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 211c

Start Time: 01cf147db15a5da6

Termination Time: 16

Application Path: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.EXE

Report Id: 3b2ca185-8071-11e3-a71f-60eb69b5c745

Error: (01/18/2014 10:48:03 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 928

Start Time: 01cf13a107768f6d

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 025e16c1-8071-11e3-a71f-60eb69b5c745

Error: (01/17/2014 00:05:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/17/2014 00:03:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/16/2014 03:40:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/15/2014 10:02:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc60f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0542f5cc
Faulting process id: 0x18f0
Faulting application start time: 0xNOTEPAD.EXE0
Faulting application path: NOTEPAD.EXE1
Faulting module path: NOTEPAD.EXE2
Report Id: NOTEPAD.EXE3

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134

System errors:
=============
Error: (01/23/2014 07:42:02 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (01/23/2014 07:41:49 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (01/23/2014 07:41:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2014 01:20:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/18/2014 01:19:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/18/2014 01:19:05 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/18/2014 01:18:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (01/18/2014 01:17:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (01/18/2014 01:17:55 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2014 01:16:59 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Microsoft Office Sessions:
=========================
Error: (01/23/2014 07:50:27 AM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/18/2014 11:10:18 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4039240e-ed38-4b72-b026-0afaf75087d3}

Error: (01/18/2014 10:49:29 AM) (Source: Application Hang)(User: )
Description: Dashboard.EXE2.2.42.0211c01cf147db15a5da616C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.EXE3b2ca185-8071-11e3-a71f-60eb69b5c745

Error: (01/18/2014 10:48:03 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756792801cf13a107768f6d0C:\Windows\Explorer.EXE025e16c1-8071-11e3-a71f-60eb69b5c745

Error: (01/17/2014 00:05:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe

Error: (01/17/2014 00:03:37 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (01/16/2014 03:40:43 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (01/15/2014 10:02:06 AM) (Source: Application Error)(User: )
Description: NOTEPAD.EXE6.1.7600.163854a5bc60funknown0.0.0.000000000c00000050542f5cc18f001cf121b9492888fC:\Windows\SysWOW64\NOTEPAD.EXEunknown24cbf007-7e0f-11e3-abde-60eb69b5c745

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134

CodeIntegrity Errors:
===================================
  Date: 2013-08-01 10:15:24.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-01 10:15:24.368
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-31 10:55:06.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:06.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:04.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

**** End of log ****

 

The Addition.txt file is as follows:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2014
Ran by Bob at 2014-01-23 08:29:19
Running from C:\Users\Bob\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (Version: 1.00 - )
Access Help (x32 Version: 3.00 - Lenovo)
Acer eDisplay Management (x32 Version: 1.37.007 - Portrait Displays, Inc.)
ActivePerl 5.14.4 Build 1405 (64-bit) (Version: 5.14.1405 - ActiveState)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Kindle (HKCU Version:  - Amazon)
AntiLogger SDK version 1.6.6.296 (x32 Version: 1.6.6.296 - Zemana Ltd.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Belkin Setup and Router Monitor (x32 Version:  - )
Belkin USB Print and Storage Center (Version: 1.1.3 - Belkin International, Inc.)
BIAS SoundSoap SE 2.4 (x32 Version: 2.4.0 - BIAS)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon IJ Network Scan Utility (x32 Version:  - )
Canon IJ Network Tool (x32 Version:  - )
Canon MP Navigator EX 2.1 (x32 Version:  - )
Canon MX860 series MP Drivers (Version:  - )
Canon MX860 series User Registration (x32 Version:  - )
Canon PowerShot SX500 IS Camera User Guide (x32 Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (x32 Version:  - )
Canon Utilities ImageBrowser EX (x32 Version: 1.2.1.13 - Canon Inc.)
Canon Utilities My Printer (x32 Version:  - )
Canon Utilities PhotoStitch (x32 Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Solution Menu (x32 Version:  - )
CCleaner (Version: 4.09 - Piriform)
Cisco Connect (x32 Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Client Security - Password Manager (Version: 8.30.0036.00 - Lenovo Group Limited)
Constant Guard Protection Suite (x32 Version: 1.13.1211.1 - Comcast)
Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (x32 Version: 7.0.0 - Corel Corporation)
Corel WinDVD (x32 Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (x32 Version: 1.20.0.00 - Lenovo Group Limited)
CutePDF Writer 3.0 (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Duplicate Photo Finder v. 3.3.0.75 (x32 Version:  - WebMinds, Inc.)
EasyDuplicateFinder v4.5 (Version:  - WebMinds, Inc.)
Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
eWallet 7.5.1 for Windows PCs (x32 Version: 7.5.1 - Ilium Software)
Excel Utilities 2.0 (x32 Version:  - )
Garmin City Navigator North America NT 2012.40 Update (x32 Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (x32 Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (x32 Version: 2.7.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (x32 Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (x32 Version: 2.5.2 - Garmin Ltd or its subsidiaries)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4501.1952 - Google Inc.)
HitmanPro 3.7 (Version: 3.7.8.208 - SurfRight B.V.)
Holy Macro! It's 2,200 Excel VBA Examples (x32 Version: 3.01 - MrExcel.com)
iCloud (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Integrated Camera (Version: 5.50.2.7 - Silicon Motion)
Integrated Camera (x32 Version: 5.50.2.7 - Silicon Motion)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32 (x32 Version: 5.2.0.2 - Intel Corporation) Hidden
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2253 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.3.0.0398 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.3 - Intel)
Intel® Wireless Display (Version: 1.2.15.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.03.1000.1637 - Intel Corporation)
Internet Explorer (Enable DEP) (Version:  - )
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101 - Vantage Linguistics)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (Version: 1.00 - )
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (Version: 1.66.00.22 - )
Lenovo SimpleTap (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (x32 Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (x32 Version:  - Lenovo)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (x32 Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 1.1 (x32 Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Labs Ribbon Hero 2, Clippy's Second Chance (x32 Version: 2.1.615.0 - Microsoft Office Labs)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Project 2000 (x32 Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (x32 Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (x32 Version: 3.6.0034 - Lenovo)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Music Collector (x32 Version:  - Collectorz.com)
NOOK for PC (x32 Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Bootable Recovery Tool Wizard (x32 Version: 5.1.0.26 - Symantec Corporation)
Norton Security Suite (x32 Version: 21.1.0.18 - Symantec Corporation)
Nuance Cloud Connector (x32 Version: 3.2.1026 - Nuance Communications, Inc.)
Nuance OmniPage Ultimate (x32 Version: 19.00.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (x32 Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Converter 8 (x32 Version: 8.00.1223 - Nuance Communications, Inc.)
Nuance PDF Create 8 (Version: 8.10.6293 - Nuance Communications, Inc.)
Nuance PDF Create 8 (x32 Version: 8.10.6293 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (x32 Version: 7.20.3208 - Nuance Communications, Inc.)
On Screen Display (Version: 6.42.00 - )
OpenProj (x32 Version: 1.4.0 - Serena Software Inc.)
PaperPort Image Printer 64-bit (Version: 14.00.0001 - Nuance Communications, Inc.)
PerformanceTest v8.0 (Version: 8.0.1021.0 - Passmark Software)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Pivot Software (x32 Version: 8.21.013 - Portrait Displays, Inc.) Hidden
Power Manager (x32 Version: 6.63.1 - Lenovo Group Limited)
Quicken 2011 (x32 Version: 20.1.8.6 - Intuit)
Quicken 2012 (x32 Version: 21.1.7.18 - Intuit)
Quicken 2013 (x32 Version: 22.1.12.7 - Intuit)
Quicken 2014 (x32 Version: 23.1.5.8 - Intuit)
Quicken Medical Expense Manager (x32 Version: 2.2.10 - Intuit)
Quicken WillMaker Plus 2013 (x32 Version: 1.0.0.0 - Nolo)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00 - )
Rescue and Recovery (x32 Version: 4.31.0005.00 - Lenovo Group Limited)
Roxio BackOnTrack (x32 Version: 4.0 - Roxio) Hidden
Roxio BackOnTrackPE (x32 Version: 4.0 - Roxio) Hidden
Roxio Burn - Secure (x32 Version: 1.6 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.6 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2011 Content (x32 Version: 13.0.098 - Roxio)
Roxio Creator 2011 Pro (x32 Version: 1.3.166 - Roxio) Hidden
Roxio Creator 2011 Pro (x32 Version: 13.0 - Roxio)
Roxio Creator 2011 Pro (x32 Version: 6.0.0 - Roxio) Hidden
Roxio Easy VHS to DVD (x32 Version: 1.00.0000 - Roxio) Hidden
Roxio Easy VHS to DVD 3 (x32 Version: 3.0 - Roxio)
Roxio Easy VHS to DVD 3 (x32 Version: 3.0.137 - Roxio) Hidden
Roxio Express Labeler (x32 Version: 3.2.1 - Roxio) Hidden
Roxio PhotoShow (x32 Version: 6.0 - Sonic Solutions)
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
SAMSUNG PC Share Manager (x32 Version: 4.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 4.0 - SAMSUNG) Hidden
Savings Bond Wizard (x32 Version:  - )
Scansoft PDF Converter (x32 Version:  - ) Hidden
Screen Shot Deluxe 7.0 (x32 Version: 7.00.0000 - Broderbund)
Screen Shot Deluxe 7.0 (x32 Version: 7.00.0000 - Broderbund) Hidden
SDK (x32 Version: 2.32.010 - Portrait Displays, Inc.) Hidden
Seagate Dashboard 2.0 (x32 Version: 2.2.42.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SketchUp 8 (x32 Version: 3.0.16846 - Trimble Navigation Limited)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5 (x32 Version: 5.5.2 - SmartSound Software Inc.)
Spotmau PowerSuite Golden 2012 (build 7.0.1) (x32 Version:  - Spotmau Software Co., Ltd.)
SyncBackFree (x32 Version: 6.5.15.0 - 2BrightSparks)
System Requirements Lab for Intel (x32 Version: 4.5.11.0 - Husdawg, LLC)
System Update (x32 Version: 4.01.0015 - Lenovo)
ThinkPad UltraNav Driver (Version: 15.3.8.0 - )
ThinkVantage Access Connections (x32 Version: 5.84 - Lenovo)
ThinkVantage Active Protection System (Version: 1.74 - Lenovo)
ThinkVantage Communications Utility (Version: 1.43 - Lenovo)
ThinkVantage Fingerprint Software (Version: 5.9.3.6264 - UPEK Inc.)
TurboTax 2009 (x32 Version:  - Intuit, Inc)
TurboTax 2009 wcaiper (x32 Version: 009.000.1050 - Intuit Inc.) Hidden
TurboTax 2009 WinPerFedFormset (x32 Version: 009.000.2881 - Intuit Inc.) Hidden
TurboTax 2009 WinPerReleaseEngine (x32 Version: 009.000.0328 - Intuit Inc.) Hidden
TurboTax 2009 WinPerTaxSupport (x32 Version: 009.000.0245 - Intuit Inc.) Hidden
TurboTax 2009 wrapper (x32 Version: 009.000.0145 - Intuit Inc.) Hidden
TurboTax 2010 (x32 Version:  - Intuit, Inc)
TurboTax 2010 wcaiper (x32 Version: 010.000.1924 - Intuit Inc.) Hidden
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (x32 Version:  - Intuit, Inc)
TurboTax 2011 wcaiper (x32 Version: 011.000.1647 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (x32 Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wcaiper (x32 Version: 012.000.1508 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2243 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0473 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0184 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
VBA & Macros for Excel Project Files (x32 Version: 1.02 - MrExcel.com)
VBAcodePrint (x32 Version:  - )
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Video Mover (x32 Version:  - )
WinDirStat 1.1.2 (HKCU Version:  - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 18.0 (Version: 18.0.10661 - WinZip Computing, S.L. )
Xiph.Org Ogg Codecs 0.83.17220 32-bit (x32 Version: 0.83.17220 - Xiph.Org)

==================== Restore Points  =========================

07-01-2014 02:34:48 Norton_Power_Eraser_20140106183439986
07-01-2014 02:45:40 Removed Java 7 Update 25 (64-bit)
07-01-2014 02:47:27 Removed Java 7 Update 25
07-01-2014 02:55:30 Installed Java 7 Update 45
07-01-2014 02:57:05 Installed Java 7 Update 45 (64-bit)
08-01-2014 03:14:13 Norton_Power_Eraser_20140107191408938
08-01-2014 20:41:36 Installed Nuance PDF Converter 8.
11-01-2014 16:48:29 Installed Microsoft Fix it 50267
15-01-2014 19:04:34 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04CEC8EF-06E4-4418-9C5D-1C25F69C497D} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {13EECAB7-4FBE-4E83-B60D-857A83FED436} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {2A05E951-F097-4C2F-9F71-937579A62686} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {2B75487F-64D5-44F6-B02C-6596B2B52C2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3272EE8C-95DA-44AF-9908-1C6565AFA594} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-09-03] (Lenovo Group Limited)
Task: {37F1B509-6386-4A39-BD89-CF410A42F509} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08] (Google Inc.)
Task: {4B3D62C9-B18D-416E-9DC1-6B86DF3FDF97} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {604FCBD0-A593-4916-94CE-8267BB36E58F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {6C8EE14D-7F5D-44AD-89FE-CD483A804059} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4003607533-4287508695-3187829015-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6D51C613-AD54-4B81-BA1C-9A7483F03E33} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4003607533-4287508695-3187829015-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {71ABA6A3-C781-4905-A5A0-A5C3B0178198} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {72BEB512-A949-45A3-A994-AEB1D0B7EDCB} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {844FBD36-9894-4CDB-B91F-A4B98281EDA8} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {8BA6A254-A4E8-49D4-AD1B-AAE04A85661A} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {8E037216-249C-47BC-813D-9917596784C9} - \ParetoLogic Registration3 No Task File
Task: {9167B633-DECA-44E6-9883-013D5623231E} - System32\Tasks\Bob Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {9E39B027-5466-4866-A026-63D662EE1FD8} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2010-08-20] (Lenovo Limited Group Corporation)
Task: {A5F5B0DE-909A-4C3E-8DD6-9387DE6813C9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {A8F51580-68F8-43E3-A7B1-A64E615FEC9A} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {AEC3DE7C-6D2D-4202-809A-1D289C29BC73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08] (Google Inc.)
Task: {B1C8640F-D945-47A5-A54A-A54F391E1DF8} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-10-18] (Seagate Technology LLC)
Task: {B5CDFA4A-FF82-4476-AF9D-2BD390EBB2D6} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B7A9F4C7-9C2A-4B27-B37E-5A70F9A72E87} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BC95D796-1415-4A38-BB4D-ABE364304054} - System32\Tasks\Bob-THINK\Bob\bot4_project_1 => C:\Program Files (x86)\Roxio\BackOnTrack\App\BNotify.exe [2010-09-13] (Roxio, Inc.)
Task: {C30CA821-C159-4E2C-96BB-056D5395DBBD} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {CCB7E78F-6926-4EC4-94A0-FA1AB9D306D4} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {CED6B48E-C575-463B-A4A9-F54A0410F7E2} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
Task: {CFB75108-51C3-4F98-96B3-4A47BDB035A4} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {D047A63B-44CF-435E-B323-AD415392A2BD} - System32\Tasks\Bob => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-10-18] (Seagate Technology LLC)
Task: {D4768D46-B625-4710-BB27-9D3C7B1F6DC2} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {FE35973A-03F4-4994-958B-41260ECA7950} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-10-26 09:21 - 2013-09-03 05:03 - 00104448 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-01-11 03:08 - 2013-01-11 03:08 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2011-04-14 11:15 - 2011-04-14 11:15 - 00086016 ____N () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-11 11:57 - 2013-12-11 11:57 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:72EE41A0
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Bob\Documents\Slideshow.dmsm:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45786902.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45786902.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2014 07:50:27 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/18/2014 11:10:18 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4039240e-ed38-4b72-b026-0afaf75087d3}

Error: (01/18/2014 10:49:29 AM) (Source: Application Hang) (User: )
Description: The program Dashboard.EXE version 2.2.42.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 211c

Start Time: 01cf147db15a5da6

Termination Time: 16

Application Path: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.EXE

Report Id: 3b2ca185-8071-11e3-a71f-60eb69b5c745

Error: (01/18/2014 10:48:03 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 928

Start Time: 01cf13a107768f6d

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 025e16c1-8071-11e3-a71f-60eb69b5c745

Error: (01/17/2014 00:05:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/17/2014 00:03:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/16/2014 03:40:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/15/2014 10:02:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc60f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0542f5cc
Faulting process id: 0x18f0
Faulting application start time: 0xNOTEPAD.EXE0
Faulting application path: NOTEPAD.EXE1
Faulting module path: NOTEPAD.EXE2
Report Id: NOTEPAD.EXE3

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134

System errors:
=============
Error: (01/23/2014 07:42:02 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (01/23/2014 07:41:49 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (01/23/2014 07:41:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2014 01:20:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/18/2014 01:19:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/18/2014 01:19:05 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/18/2014 01:18:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (01/18/2014 01:17:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (01/18/2014 01:17:55 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2014 01:16:59 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Microsoft Office Sessions:
=========================
Error: (01/23/2014 07:50:27 AM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/18/2014 11:10:18 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4039240e-ed38-4b72-b026-0afaf75087d3}

Error: (01/18/2014 10:49:29 AM) (Source: Application Hang)(User: )
Description: Dashboard.EXE2.2.42.0211c01cf147db15a5da616C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.EXE3b2ca185-8071-11e3-a71f-60eb69b5c745

Error: (01/18/2014 10:48:03 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756792801cf13a107768f6d0C:\Windows\Explorer.EXE025e16c1-8071-11e3-a71f-60eb69b5c745

Error: (01/17/2014 00:05:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe

Error: (01/17/2014 00:03:37 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (01/16/2014 03:40:43 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (01/15/2014 10:02:06 AM) (Source: Application Error)(User: )
Description: NOTEPAD.EXE6.1.7600.163854a5bc60funknown0.0.0.000000000c00000050542f5cc18f001cf121b9492888fC:\Windows\SysWOW64\NOTEPAD.EXEunknown24cbf007-7e0f-11e3-abde-60eb69b5c745

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134

Error: (01/15/2014 04:56:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134

CodeIntegrity Errors:
===================================
  Date: 2013-08-01 10:15:24.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-01 10:15:24.368
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-31 10:55:06.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:06.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:05.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-31 10:55:04.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 7988.55 MB
Available physical RAM: 5575.81 MB
Total Pagefile: 13824.73 MB
Available Pagefile: 10774.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:316.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:3.69 GB) (Free:0 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DA3B3ED1)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

The results from the FRST.tex file is as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014
Ran by Bob (administrator) on BOB-THINK on 23-01-2014 08:28:48
Running from C:\Users\Bob\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC)
HKU\Administrator\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [5973272 2013-12-17] (Piriform Ltd)
HKU\Administrator\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC)
HKU\Administrator\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\Administrator\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\LogMeInRemoteUser\...\RunOnce: [] - [x]
HKU\LogMeInRemoteUser\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(3).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [85304 2013-03-07] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(3).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [78136 2013-03-07] (Zemana Ltd.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x50CC0BB1450BCF01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {05EC8CA7-76CA-58C0-92D0-1F621275E43D} URL =
SearchScopes: HKCU - {C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
DPF: HKLM-x32 {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{15CB24B0-EBD9-4BEF-9044-CDB350CB1E3B}: [NameServer]75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{2F99E228-6C04-41F0-B0FB-1753873AA8AE}: [NameServer]75.75.75.75,75.75.76.76

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={5A620AE0-5356-4ADA-BD6A-12A4072B1154}&mid=e32c791eb9c34ab39f8cc03833f0dada-b93315cb4cd1893882b3c750552abbfe215c150c&lang=en&ds=hk018&coid=avgtbdishk&cmpid=&pr=sa&d=2014-01-15 10:05:02&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll No File
CHR Plugin: (Motive Management Plug-in) - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Password Genie) - C:\Program Files (x86)\PasswordGenie\npPGPlugin\npPGPlugin.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-26]
CHR Extension: (Google Drive) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26]
CHR Extension: (Google Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2013-12-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
S3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [9421312 2010-03-12] ()
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] ()
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()
S4 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2010-09-13] ()
S4 CareMon; C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] ()
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138032 2012-04-13] (Portrait Displays, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S4 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2013-03-22] (Gladinet, INC)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-11-28] (SurfRight B.V.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-05] (Nuance Communications, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
S3 RoxMediaDBVHS; C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [1114384 2011-12-19] (Rovi Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-14] (Realtek Semiconductor)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-20] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1490944 2010-09-06] (Lenovo Group Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-13] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140122.001\IDSvia64.sys [521944 2014-01-23] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25784 2013-03-07] (Zemana Ltd.)
S3 lmimirr; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.009\ENG64.SYS [126040 2013-11-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.009\EX64.SYS [2099288 2013-11-27] (Symantec Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20784 2012-04-13] (Portrait Displays, Inc.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S0 TfFsMon; No ImagePath
S3 TfNetMon; No ImagePath
S0 TFSysMon; No ImagePath
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-23 08:28 - 2014-01-23 08:29 - 00027256 _____ C:\Users\Bob\Downloads\FRST.txt
2014-01-23 08:28 - 2014-01-23 08:28 - 00000000 ____D C:\FRST
2014-01-23 08:27 - 2014-01-23 08:27 - 00000000 ____D C:\Users\Bob\Desktop\Bleeping Computer 012314
2014-01-23 08:25 - 2014-01-23 08:25 - 00023596 _____ C:\Users\Bob\Downloads\Result.txt
2014-01-23 08:19 - 2014-01-23 08:23 - 02077184 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2014-01-23 08:01 - 2014-01-23 08:17 - 00982016 _____ (Farbar) C:\Users\Bob\Downloads\MiniToolBox.exe
2014-01-17 10:25 - 2014-01-17 10:25 - 00173144 _____ (Gibson Research Corp.) C:\Users\Bob\Downloads\SpinRite (1).exe
2014-01-17 10:13 - 2014-01-17 10:13 - 00002725 _____ C:\Users\Public\Desktop\Seagate Dashboard 2.0.lnk
2014-01-17 10:05 - 2014-01-17 10:05 - 00020334 _____ C:\Users\Bob\Documents\BOB-THINK_Bob_2014_ 1_17.csv
2014-01-16 10:55 - 2014-01-17 10:07 - 00000000 ____D C:\Users\Bob\Desktop\Old Quicken Files
2014-01-16 10:53 - 2014-01-17 10:06 - 00000000 ____D C:\Users\Bob\Desktop\Virus Problem
2014-01-16 10:46 - 2014-01-16 10:46 - 01394694 _____ C:\Users\Bob\Documents\sshot(1).bmp
2014-01-16 09:44 - 2014-01-16 09:44 - 00000000 ____D C:\Users\Bob\AppData\Local\QuickenWindow
2014-01-16 09:35 - 2014-01-17 09:44 - 00000000 ____D C:\Program Files (x86)\Quicken
2014-01-16 09:35 - 2014-01-16 09:35 - 00000329 _____ C:\Users\Public\Desktop\View Credit Score.url
2014-01-16 09:35 - 2013-12-13 15:10 - 04200744 _____ (Amyuni Technologies
http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2014-01-16 09:31 - 2014-01-16 09:31 - 113976752 _____ (Intuit Inc.                                                 ) C:\Users\Bob\Downloads\Quicken_Premier_2014.exe
2014-01-15 10:58 - 2014-01-15 10:58 - 00002154 _____ C:\Users\Bob\Documents\cc_20140115_105854.reg
2014-01-15 10:12 - 2014-01-15 10:12 - 00000000 ____D C:\Users\Bob\AppData\Local\WinZip
2014-01-15 10:05 - 2014-01-15 10:12 - 00000000 ____D C:\ProgramData\WinZip
2014-01-15 10:05 - 2014-01-15 10:05 - 00002292 _____ C:\Users\Public\Desktop\WinZip.lnk
2014-01-15 10:05 - 2014-01-15 10:05 - 00000000 ____D C:\Program Files\WinZip
2014-01-15 10:03 - 2014-01-15 10:03 - 00420808 _____ (WinZip Computing) C:\Users\Bob\Downloads\WinZip180.exe
2014-01-15 10:03 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 10:03 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 10:03 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 10:03 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 10:03 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 10:03 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 10:03 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 10:03 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 10:03 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 09:58 - 2014-01-15 09:58 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds (1).com
2014-01-12 19:12 - 2014-01-12 19:12 - 00001800 _____ C:\Users\Bob\Documents\cc_20140112_191211.reg
2014-01-11 09:07 - 2014-01-11 09:07 - 00003742 _____ C:\Users\Bob\Documents\cc_20140111_090700.reg
2014-01-11 08:48 - 2014-01-11 08:48 - 00991232 _____ C:\Users\Bob\Downloads\MicrosoftFixit50267.msi
2014-01-11 08:35 - 2014-01-11 08:35 - 00152892 _____ C:\Users\Bob\Downloads\OTL.Txt
2014-01-11 08:35 - 2014-01-11 08:35 - 00099330 _____ C:\Users\Bob\Downloads\Extras.Txt
2014-01-11 08:25 - 2014-01-11 08:25 - 03810304 _____ C:\Users\Bob\Downloads\RogueKiller.exe
2014-01-11 08:24 - 2014-01-11 08:24 - 00602112 _____ (OldTimer Tools) C:\Users\Bob\Downloads\OTL.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00342082 _____ C:\Users\Bob\Downloads\Hinge_for_thin_doors_CMD.skp
2014-01-09 15:41 - 2014-01-09 15:41 - 00301754 _____ C:\Users\Bob\Downloads\Untitled.skp
2014-01-09 15:39 - 2014-01-09 15:39 - 00233262 _____ C:\Users\Bob\Downloads\kf_15_1.skp
2014-01-09 15:39 - 2014-01-09 15:39 - 00127093 _____ C:\Users\Bob\Downloads\60-1-3536.skp
2014-01-09 14:20 - 2014-01-09 14:20 - 00020014 _____ C:\Users\Bob\Documents\BOB-THINK_Bob_2014_ 1_ 9.csv
2014-01-09 12:21 - 2014-01-09 12:24 - 00000000 ____D C:\Users\Bob\Downloads\TCPView
2014-01-09 12:20 - 2014-01-09 12:21 - 00291606 _____ C:\Users\Bob\Downloads\TCPView.zip
2014-01-09 11:58 - 2014-01-09 11:58 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\rkill.com
2014-01-09 11:57 - 2014-01-09 11:57 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\iExplore (1).exe
2014-01-09 11:25 - 2014-01-09 11:25 - 00016382 _____ C:\Users\Bob\Documents\Attach.txt
2014-01-09 11:24 - 2014-01-09 11:24 - 00028832 _____ C:\Users\Bob\Documents\DDS.txt
2014-01-09 11:21 - 2014-01-09 11:21 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-01-09 09:12 - 2014-01-09 09:12 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-08 16:12 - 2014-01-08 16:12 - 00009389 _____ C:\Users\Bob\Downloads\user (1).conf
2014-01-08 12:42 - 2014-01-08 12:42 - 00001117 _____ C:\Users\Public\Desktop\PDF Converter Assistant.lnk
2014-01-08 12:40 - 2014-01-08 12:40 - 00000000 ____D C:\pdfconv8-efg-r-12313-100
2014-01-08 11:54 - 2014-01-08 11:54 - 00002024 _____ C:\Users\Bob\Documents\cc_20140108_115430.reg
2014-01-08 11:23 - 2014-01-08 11:23 - 00550371 _____ C:\Users\Bob\Downloads\Autoruns.zip
2014-01-07 19:15 - 2014-01-07 19:15 - 00272315 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2014-01-07 18:34 - 2014-01-13 11:32 - 00001278 _____ C:\Users\Public\Desktop\Music Collector.lnk
2014-01-06 18:57 - 2014-01-06 18:57 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-06 18:57 - 2014-01-06 18:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-06 18:57 - 2014-01-06 18:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-06 18:57 - 2014-01-06 18:57 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-06 18:56 - 2014-01-06 18:57 - 00000000 ____D C:\ProgramData\Oracle
2014-01-06 18:56 - 2014-01-06 18:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-06 18:55 - 2014-01-06 18:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-06 18:55 - 2014-01-06 18:55 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-06 18:55 - 2014-01-06 18:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-04 10:16 - 2014-01-04 10:16 - 04101441 _____ C:\Users\Bob\Downloads\tdsskiller (1).zip
2014-01-04 09:46 - 2014-01-04 09:46 - 00002064 _____ C:\Users\Bob\Documents\cc_20140104_094630.reg
2014-01-04 09:17 - 2014-01-04 09:18 - 94341104 _____ C:\Users\Bob\Downloads\w_turbotax_1040_prm_2013.060.0100.exe
2014-01-03 16:43 - 2014-01-03 16:44 - 36289824 _____ (Dropbox, Inc.) C:\Users\Bob\Downloads\Dropbox 2.4.11.exe
2014-01-02 15:03 - 2014-01-02 15:03 - 00000258 _____ C:\Windows\SysWOW64\http_ss.log
2014-01-02 15:03 - 2014-01-02 15:03 - 00000074 _____ C:\Windows\SysWOW64\log.log
2013-12-30 10:42 - 2013-12-30 10:42 - 00000618 _____ C:\Users\Bob\Documents\BOB-THINK_Bob_2013_12_30.csv
2013-12-29 08:40 - 2013-12-29 08:40 - 00001728 _____ C:\Users\Bob\Documents\cc_20131229_084028.reg
2013-12-28 09:24 - 2013-12-28 09:24 - 00001724 _____ C:\Users\Bob\Documents\cc_20131228_092422.reg
2013-12-27 08:21 - 2013-12-27 08:22 - 11436096 _____ (2BrightSparks Pte Ltd                                       ) C:\Users\Bob\Downloads\SyncBack_Setup.exe

==================== One Month Modified Files and Folders =======

2014-01-23 08:29 - 2014-01-23 08:28 - 00027256 _____ C:\Users\Bob\Downloads\FRST.txt
2014-01-23 08:28 - 2014-01-23 08:28 - 00000000 ____D C:\FRST
2014-01-23 08:27 - 2014-01-23 08:27 - 00000000 ____D C:\Users\Bob\Desktop\Bleeping Computer 012314
2014-01-23 08:25 - 2014-01-23 08:25 - 00023596 _____ C:\Users\Bob\Downloads\Result.txt
2014-01-23 08:23 - 2014-01-23 08:19 - 02077184 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2014-01-23 08:23 - 2011-03-08 18:25 - 00000000 ____D C:\Users\Bob\Documents\Outlook Files
2014-01-23 08:18 - 2011-03-05 19:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A2B6A1D4-D4DA-43D5-B151-6C56E2FDC258}
2014-01-23 08:17 - 2014-01-23 08:01 - 00982016 _____ (Farbar) C:\Users\Bob\Downloads\MiniToolBox.exe
2014-01-23 08:15 - 2013-12-18 10:45 - 00000509 _____ C:\Users\Bob\AppData\Roaming\com.iliumsoft.ewallet.plist
2014-01-23 07:55 - 2012-10-28 08:19 - 00000000 ____D C:\Windows\Minidump
2014-01-23 07:52 - 2013-04-28 09:56 - 00000000 ____D C:\Users\Bob\AppData\Roaming\ID Vault
2014-01-23 07:52 - 2012-12-18 15:03 - 00000000 ____D C:\Users\Bob\AppData\Local\0E52E043-BB36-4611-B04D-B0F979919938.aplzod
2014-01-23 07:49 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-23 07:49 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-23 07:46 - 2011-01-16 00:35 - 01340641 ____N C:\Windows\WindowsUpdate.log
2014-01-23 07:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 12:55 - 2009-07-13 21:13 - 00796806 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-18 11:54 - 2011-04-10 08:03 - 00007615 _____ C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2014-01-18 10:49 - 2012-04-02 16:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-18 10:49 - 2011-05-19 16:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-18 10:49 - 2011-03-06 05:45 - 00000000 ____D C:\Users\Bob\AppData\Local\Adobe
2014-01-18 10:22 - 2011-03-19 12:58 - 00173056 _____ C:\Users\Bob\Documents\My Wallet.wlt
2014-01-18 03:47 - 2013-04-28 09:56 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2014-01-17 10:26 - 2012-09-28 09:48 - 00000000 ____D C:\Users\Bob\Documents\WillMaker
2014-01-17 10:26 - 2011-03-26 09:22 - 00000000 ____D C:\Users\Bob\Documents\Wine inventories
2014-01-17 10:25 - 2014-01-17 10:25 - 00173144 _____ (Gibson Research Corp.) C:\Users\Bob\Downloads\SpinRite (1).exe
2014-01-17 10:13 - 2014-01-17 10:13 - 00002725 _____ C:\Users\Public\Desktop\Seagate Dashboard 2.0.lnk
2014-01-17 10:13 - 2013-04-27 15:27 - 00003500 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-01-17 10:07 - 2014-01-16 10:55 - 00000000 ____D C:\Users\Bob\Desktop\Old Quicken Files
2014-01-17 10:06 - 2014-01-16 10:53 - 00000000 ____D C:\Users\Bob\Desktop\Virus Problem
2014-01-17 10:05 - 2014-01-17 10:05 - 00020334 _____ C:\Users\Bob\Documents\BOB-THINK_Bob_2014_ 1_17.csv
2014-01-17 09:44 - 2014-01-16 09:35 - 00000000 ____D C:\Program Files (x86)\Quicken
2014-01-16 14:59 - 2011-03-06 06:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 13:13 - 2013-06-30 12:27 - 00000000 ____D C:\Users\Bob\Documents\Music Collector
2014-01-16 11:11 - 2011-03-06 12:40 - 00000000 ____D C:\Users\Bob\Documents\Quicken
2014-01-16 10:47 - 2011-11-18 10:20 - 00001372 _____ C:\Users\Bob\AppData\Roaming\sshot.ini
2014-01-16 10:46 - 2014-01-16 10:46 - 01394694 _____ C:\Users\Bob\Documents\sshot(1).bmp
2014-01-16 09:44 - 2014-01-16 09:44 - 00000000 ____D C:\Users\Bob\AppData\Local\QuickenWindow
2014-01-16 09:35 - 2014-01-16 09:35 - 00000329 _____ C:\Users\Public\Desktop\View Credit Score.url
2014-01-16 09:35 - 2011-03-06 12:35 - 00000126 _____ C:\Windows\QUICKEN.INI
2014-01-16 09:31 - 2014-01-16 09:31 - 113976752 _____ (Intuit Inc.                                                 ) C:\Users\Bob\Downloads\Quicken_Premier_2014.exe
2014-01-16 09:11 - 2011-03-27 15:26 - 00000000 ____D C:\Users\Bob\AppData\Local\CutePDF Writer
2014-01-16 08:04 - 2009-07-13 20:45 - 00491344 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 11:10 - 2013-08-16 02:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 11:05 - 2011-03-05 20:44 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 10:58 - 2014-01-15 10:58 - 00002154 _____ C:\Users\Bob\Documents\cc_20140115_105854.reg
2014-01-15 10:56 - 2011-06-13 20:46 - 00000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2014-01-15 10:12 - 2014-01-15 10:12 - 00000000 ____D C:\Users\Bob\AppData\Local\WinZip
2014-01-15 10:12 - 2014-01-15 10:05 - 00000000 ____D C:\ProgramData\WinZip
2014-01-15 10:05 - 2014-01-15 10:05 - 00002292 _____ C:\Users\Public\Desktop\WinZip.lnk
2014-01-15 10:05 - 2014-01-15 10:05 - 00000000 ____D C:\Program Files\WinZip
2014-01-15 10:03 - 2014-01-15 10:03 - 00420808 _____ (WinZip Computing) C:\Users\Bob\Downloads\WinZip180.exe
2014-01-15 09:58 - 2014-01-15 09:58 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds (1).com
2014-01-13 11:32 - 2014-01-07 18:34 - 00001278 _____ C:\Users\Public\Desktop\Music Collector.lnk
2014-01-12 19:12 - 2014-01-12 19:12 - 00001800 _____ C:\Users\Bob\Documents\cc_20140112_191211.reg
2014-01-11 09:07 - 2014-01-11 09:07 - 00003742 _____ C:\Users\Bob\Documents\cc_20140111_090700.reg
2014-01-11 08:48 - 2014-01-11 08:48 - 00991232 _____ C:\Users\Bob\Downloads\MicrosoftFixit50267.msi
2014-01-11 08:35 - 2014-01-11 08:35 - 00152892 _____ C:\Users\Bob\Downloads\OTL.Txt
2014-01-11 08:35 - 2014-01-11 08:35 - 00099330 _____ C:\Users\Bob\Downloads\Extras.Txt
2014-01-11 08:25 - 2014-01-11 08:25 - 03810304 _____ C:\Users\Bob\Downloads\RogueKiller.exe
2014-01-11 08:24 - 2014-01-11 08:24 - 00602112 _____ (OldTimer Tools) C:\Users\Bob\Downloads\OTL.exe
2014-01-09 15:42 - 2014-01-09 15:42 - 00342082 _____ C:\Users\Bob\Downloads\Hinge_for_thin_doors_CMD.skp
2014-01-09 15:41 - 2014-01-09 15:41 - 00301754 _____ C:\Users\Bob\Downloads\Untitled.skp
2014-01-09 15:39 - 2014-01-09 15:39 - 00233262 _____ C:\Users\Bob\Downloads\kf_15_1.skp
2014-01-09 15:39 - 2014-01-09 15:39 - 00127093 _____ C:\Users\Bob\Downloads\60-1-3536.skp
2014-01-09 14:20 - 2014-01-09 14:20 - 00020014 _____ C:\Users\Bob\Documents\BOB-THINK_Bob_2014_ 1_ 9.csv
2014-01-09 12:24 - 2014-01-09 12:21 - 00000000 ____D C:\Users\Bob\Downloads\TCPView
2014-01-09 12:21 - 2014-01-09 12:20 - 00291606 _____ C:\Users\Bob\Downloads\TCPView.zip
2014-01-09 11:58 - 2014-01-09 11:58 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\rkill.com
2014-01-09 11:57 - 2014-01-09 11:57 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Bob\Downloads\iExplore (1).exe
2014-01-09 11:25 - 2014-01-09 11:25 - 00016382 _____ C:\Users\Bob\Documents\Attach.txt
2014-01-09 11:24 - 2014-01-09 11:24 - 00028832 _____ C:\Users\Bob\Documents\DDS.txt
2014-01-09 11:21 - 2014-01-09 11:21 - 00688992 ____R (Swearware) C:\Users\Bob\Downloads\dds.com
2014-01-09 11:00 - 2013-12-23 07:57 - 00000000 ____D C:\Users\Bob\Desktop\mbar
2014-01-09 11:00 - 2013-09-03 12:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-09 09:28 - 2012-04-15 12:39 - 00000000 ____D C:\Users\Bob\Documents\Shopping
2014-01-09 09:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-09 09:18 - 2013-03-09 10:40 - 00000000 ____D C:\Users\Bob\Documents\My POI
2014-01-09 09:18 - 2011-03-26 09:21 - 00000000 ____D C:\Users\Bob\Documents\Garmin
2014-01-09 09:12 - 2014-01-09 09:12 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-09 09:11 - 2013-12-23 07:57 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-08 16:53 - 2013-06-25 14:23 - 00000000 ____D C:\ProgramData\Nuance
2014-01-08 16:12 - 2014-01-08 16:12 - 00009389 _____ C:\Users\Bob\Downloads\user (1).conf
2014-01-08 15:35 - 2013-12-18 09:40 - 00001220 _____ C:\Users\Bob\Desktop\Notes.txt
2014-01-08 13:16 - 2011-03-26 09:21 - 00000000 ____D C:\Users\Bob\Documents\Insurance
2014-01-08 12:42 - 2014-01-08 12:42 - 00001117 _____ C:\Users\Public\Desktop\PDF Converter Assistant.lnk
2014-01-08 12:42 - 2013-06-25 14:26 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Nuance
2014-01-08 12:42 - 2013-06-25 14:19 - 00000000 ____D C:\Program Files (x86)\Nuance
2014-01-08 12:40 - 2014-01-08 12:40 - 00000000 ____D C:\pdfconv8-efg-r-12313-100
2014-01-08 11:54 - 2014-01-08 11:54 - 00002024 _____ C:\Users\Bob\Documents\cc_20140108_115430.reg
2014-01-08 11:23 - 2014-01-08 11:23 - 00550371 _____ C:\Users\Bob\Downloads\Autoruns.zip
2014-01-07 19:20 - 2013-07-24 08:27 - 00000000 ____D C:\Users\Administrator
2014-01-07 19:20 - 2011-10-10 19:15 - 00000000 ____D C:\Users\Bob\AppData\Local\NPE
2014-01-07 19:15 - 2014-01-07 19:15 - 00272315 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2014-01-07 19:15 - 2009-07-13 18:34 - 00000054 _____ C:\Windows\system32\Drivers\etc\hosts.old
2014-01-07 18:34 - 2013-06-30 12:27 - 00000000 ____D C:\Program Files (x86)\Collectorz.com
2014-01-06 18:57 - 2014-01-06 18:57 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-06 18:57 - 2014-01-06 18:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-06 18:57 - 2014-01-06 18:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-06 18:57 - 2014-01-06 18:57 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-06 18:57 - 2014-01-06 18:56 - 00000000 ____D C:\ProgramData\Oracle
2014-01-06 18:57 - 2011-01-16 01:01 - 00000000 ____D C:\Program Files\Java
2014-01-06 18:55 - 2014-01-06 18:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-06 18:55 - 2014-01-06 18:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-06 18:55 - 2014-01-06 18:55 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-06 18:55 - 2014-01-06 18:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-06 18:55 - 2011-01-16 01:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-04 10:16 - 2014-01-04 10:16 - 04101441 _____ C:\Users\Bob\Downloads\tdsskiller (1).zip
2014-01-04 09:47 - 2013-06-18 15:39 - 00000000 ____D C:\Program Files\CCleaner
2014-01-04 09:46 - 2014-01-04 09:46 - 00002064 _____ C:\Users\Bob\Documents\cc_20140104_094630.reg
2014-01-04 09:18 - 2014-01-04 09:17 - 94341104 _____ C:\Users\Bob\Downloads\w_turbotax_1040_prm_2013.060.0100.exe
2014-01-04 08:18 - 2012-04-22 10:41 - 00000000 ____D C:\Users\Bob\Documents\Boat Sun Runner
2014-01-03 16:44 - 2014-01-03 16:43 - 36289824 _____ (Dropbox, Inc.) C:\Users\Bob\Downloads\Dropbox 2.4.11.exe
2014-01-02 18:11 - 2013-12-23 07:47 - 00041623 _____ C:\Users\Bob\Desktop\install.xlsx
2014-01-02 17:36 - 2013-10-17 08:43 - 00000000 ____D C:\Users\Bob\Documents\Constant Guard BU
2014-01-02 15:03 - 2014-01-02 15:03 - 00000258 _____ C:\Windows\SysWOW64\http_ss.log
2014-01-02 15:03 - 2014-01-02 15:03 - 00000074 _____ C:\Windows\SysWOW64\log.log
2013-12-30 10:48 - 2013-07-24 08:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ID Vault
2013-12-30 10:44 - 2013-09-03 07:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\ID Vault
2013-12-30 10:42 - 2013-12-30 10:42 - 00000618 _____ C:\Users\Bob\Documents\BOB-THINK_Bob_2013_12_30.csv
2013-12-29 08:40 - 2013-12-29 08:40 - 00001728 _____ C:\Users\Bob\Documents\cc_20131229_084028.reg
2013-12-28 09:24 - 2013-12-28 09:24 - 00001724 _____ C:\Users\Bob\Documents\cc_20131228_092422.reg
2013-12-27 08:23 - 2013-08-31 08:41 - 00001236 _____ C:\Users\Bob\Desktop\SyncBackFree.lnk
2013-12-27 08:22 - 2013-12-27 08:21 - 11436096 _____ (2BrightSparks Pte Ltd                                       ) C:\Users\Bob\Downloads\SyncBack_Setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-09 04:17

==================== End Of Log ============================

 

Hopefully, this was will give you the information requested.

 

Thanks, thumbsup2



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 PM

Posted 24 January 2014 - 12:43 PM

Hi Bob,

And I apologize for my tardy reply! I was not notified you had posted. Anyway, let's get started...
 

I am constantly receiving notification from Constant Guard that it has blocked an attempt to change my DNS setting

Do you have a report you can attach or copy/paste?

Please run this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\Default\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [] - [x]
HKU\LogMeInRemoteUser\...\RunOnce: [] - [x]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {05EC8CA7-76CA-58C0-92D0-1F621275E43D} URL =
SearchScopes: HKCU - {C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} URL =
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 lmimirr; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S0 TfFsMon; No ImagePath
S3 TfNetMon; No ImagePath
S0 TFSysMon; No ImagePath
Task: {8E037216-249C-47BC-813D-9917596784C9} - \ParetoLogic Registration3 No Task File
Task: {CFB75108-51C3-4F98-96B3-4A47BDB035A4} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:72EE41A0
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Bob\Documents\Slideshow.dmsm:Roxio EMC Stream
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Bobster1052

Bobster1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 24 January 2014 - 01:07 PM

Hi Oh My,

 

Unfortunately, I don't have a screen print from Constant Guard.  I did look to see if there was an activity log, but was unsuccessful in finding one.

 

The fixlog is as follows:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014
Ran by Bob at 2014-01-24 10:02:15 Run:1
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Default\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [] - [x]
HKU\LogMeInRemoteUser\...\RunOnce: [] - [x]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {05EC8CA7-76CA-58C0-92D0-1F621275E43D} URL =
SearchScopes: HKCU - {C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} URL =
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 lmimirr; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S0 TfFsMon; No ImagePath
S3 TfNetMon; No ImagePath
S0 TFSysMon; No ImagePath
Task: {8E037216-249C-47BC-813D-9917596784C9} - \ParetoLogic Registration3 No Task File
Task: {CFB75108-51C3-4F98-96B3-4A47BDB035A4} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:72EE41A0
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Bob\Documents\Slideshow.dmsm:Roxio EMC Stream
*****************

HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.
HKU\LogMeInRemoteUser\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05EC8CA7-76CA-58C0-92D0-1F621275E43D} => Key deleted successfully.
HKCR\CLSID\{05EC8CA7-76CA-58C0-92D0-1F621275E43D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} => Key deleted successfully.
HKCR\CLSID\{C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Value deleted successfully.
HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Key not found.
HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key deleted successfully.
HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
lmimirr => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
TfFsMon => Service deleted successfully.
TfNetMon => Service deleted successfully.
TFSysMon => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E037216-249C-47BC-813D-9917596784C9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E037216-249C-47BC-813D-9917596784C9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFB75108-51C3-4F98-96B3-4A47BDB035A4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFB75108-51C3-4F98-96B3-4A47BDB035A4} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":72EE41A0" ADS removed successfully.
C:\ProgramData\TEMP => ":A303874F" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Users\Bob\Documents\Slideshow.dmsm => ":Roxio EMC Stream" ADS removed successfully.

==== End of Fixlog ====

 

Thanks again.

 

Bob



#9 Bobster1052

Bobster1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 24 January 2014 - 01:27 PM

Oh My,

 

I forgot to use the reply button rather than posting a response to your last request, so here is a copy of the posting.  Apologies for the duplicate entries:

 

Hi Oh My,

 

Unfortunately, I don't have a screen print from Constant Guard.  I did look to see if there was an activity log, but was unsuccessful in finding one.

 

The fixlog is as follows:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014
Ran by Bob at 2014-01-24 10:02:15 Run:1
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Default\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [] - [x]
HKU\LogMeInRemoteUser\...\RunOnce: [] - [x]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {05EC8CA7-76CA-58C0-92D0-1F621275E43D} URL =
SearchScopes: HKCU - {C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} URL =
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 lmimirr; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S0 TfFsMon; No ImagePath
S3 TfNetMon; No ImagePath
S0 TFSysMon; No ImagePath
Task: {8E037216-249C-47BC-813D-9917596784C9} - \ParetoLogic Registration3 No Task File
Task: {CFB75108-51C3-4F98-96B3-4A47BDB035A4} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:72EE41A0
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Bob\Documents\Slideshow.dmsm:Roxio EMC Stream
*****************

HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.
HKU\LogMeInRemoteUser\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05EC8CA7-76CA-58C0-92D0-1F621275E43D} => Key deleted successfully.
HKCR\CLSID\{05EC8CA7-76CA-58C0-92D0-1F621275E43D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} => Key deleted successfully.
HKCR\CLSID\{C4E1541C-D42B-42FD-A124-6ED2D9CD9CFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Value deleted successfully.
HKCR\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} => Key not found.
HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key deleted successfully.
HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
lmimirr => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
TfFsMon => Service deleted successfully.
TfNetMon => Service deleted successfully.
TFSysMon => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E037216-249C-47BC-813D-9917596784C9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E037216-249C-47BC-813D-9917596784C9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFB75108-51C3-4F98-96B3-4A47BDB035A4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFB75108-51C3-4F98-96B3-4A47BDB035A4} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":72EE41A0" ADS removed successfully.
C:\ProgramData\TEMP => ":A303874F" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Users\Bob\Documents\Slideshow.dmsm => ":Roxio EMC Stream" ADS removed successfully.

==== End of Fixlog ====

 

Thanks again.

 

Bob



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 PM

Posted 24 January 2014 - 02:53 PM

Hi Bob,

How is your computer running? Other than the notifications, does anything seem suspicious to you?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Bobster1052

Bobster1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 24 January 2014 - 04:25 PM

Hi Oh My,

 

I just restarted my computer after the last procedure and it seems to be working just fine.  I don't sense anything being out of the ordinary and the DNS change notice has not appeared on restart. So, whatever that you did must have worked.  Just being curious, what was wrong with my computer and what steps should I take so that I don't get into the same situation again? 

 

Thanks again for your help and advise,

 

Bob



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 PM

Posted 24 January 2014 - 04:31 PM

Hi Bob,

In doing some research on Constant Guard (I am not familiar with it) there seems to be some general complaints regarding the pop up notifications that program produces. The things we deleted may or may not have been directly related to that issue, it is hard to tell and I can't point specifically to one line in the fix that would have taken care of it. I guess time will tell.

If you don't mind I would like to give it until tomorrow to see if things are stabilized. Doesn't cost us anything to give it a test run for a day or so. Please touch base tomorrow, or sooner if you start receiving the notifications again. Once we are all set I will be providing some information for your consideration regarding how best to keep you computer safe.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Bobster1052

Bobster1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 25 January 2014 - 04:24 PM

Hi Oh My,

 

Everything seems to be working well and much faster than before.  I did have one hiccup in that iTunes would not start and it took a bit of work to delete all of the Apple applications in order to re-install the program.  It worked fine after that effort.  On startup this morning, there were no notifications of any issues or DSN change attempts.  All in all, I feel much more confident in the security of my laptop and really appreciate the help.  If you would like to keep the thread open a couple of more days, I will post back any further issues, if any.

 

Thanks again,

 

Bob



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 PM

Posted 25 January 2014 - 06:49 PM

Hi Bob,

While we wait to see how your computer behaves I would like you to run ESET again (looks like you ran it previously) and another program to check for security vulnerabilities.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Edited by Oh My, 25 January 2014 - 06:49 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Bobster1052

Bobster1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 26 January 2014 - 07:22 PM

Hi Oh My,

 

The following is the ESET Log:

 

C:\Users\Bob\AppData\Local\Adobe\AIH.1cd403eea18fe6d882b17da84c20e308a984f189\GTB.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Bob\AppData\Roaming\EasyDuplicateFinder\Update.exe Win32/MyPCBackup.A application cleaned by deleting - quarantined
C:\Users\Bob\Downloads\cbsidlm-cbsi145-Product_Key_Finder-SEO-10694022.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
C:\Users\Bob\Downloads\duplicatephotofindersetup.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Bob\Downloads\WinZip180.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined

 

The following is the Security Check Log:

 

 Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Norton Security Suite  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 51 
  Adobe Flash Player 11.3.300.257 Flash Player out of Date! 
 Adobe Reader XI 
 Google Chrome 29.0.1547.66 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Odd notation on the Norton Security Suite application.  From all appearances, it seems to be functioning as before.  Also, should I delete the duplicate picture and file application?

 

Thanks again for the help,

 

thumbsup2

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users