Inactive Getting ads and enhanced text from adnxs.com

D

DjangoMango

It is happening for me in Chrome on every website. I don't seem to have the problem in Firefox. I am on Windows 8 x64. Any help would be greatly appreciated! Here are the logs:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.10

Windows 7 x64 NTFS
Internet Explorer 9.10.9200.16433
Jon :: JON-THINKPAD [administrator]

11/20/2012 12:52:29 AM
mbam-log-2012-11-20 (00-52-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202444
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.9.2
Run by Jon at 0:56:03 on 2012-11-20
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.8075.6370 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Lenovo\Communications Utility\CamMute.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe
C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\ThumbnailExtractionHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{2D4F8976-7521-422E-AFB1-95D7D088D188} : DHCPNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C}\5425D414847454254402755425645425 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
x64-Run: [Lenovo Settings Dependency Package] wscript.exe "C:\Program Files\Lenovo\SettingsDependency\cpyMachineInformation_xml.vbs"
x64-Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-05 01:24; scriptish@erikvold.com; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\scriptish@erikvold.com.xpi
FF - ExtSQL: 2012-11-05 01:24; {4324f4a6-3a89-477e-b388-6bca032df78b}; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
FF - ExtSQL: 2012-11-12 00:23; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2012-11-5 56336]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2011-12-15 2246184]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-11-4 201376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-11-5 127800]
R2 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-11-4 501312]
R2 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-11-4 496192]
R2 LENOVO.TVTVCAM;Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-11-4 660032]
R2 LnvHotSpotSvc;LnvMHService;C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [2012-11-4 457792]
R2 LocationTaskManager;Location Task Manager;C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2012-10-2 458304]
R2 Power Manager DBC Service;Lenovo Settings Power Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-11-4 1692040]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-4 342528]
R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-9-2 4291624]
R3 risdxc;risdxc;C:\Windows\System32\Drivers\risdxc64.sys [2012-11-4 105472]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-4 43832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 mvusbews;USB EWS Device;C:\Windows\System32\Drivers\mvusbews.sys [2012-11-5 20480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-7-9 52736]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2012-11-20 05:51:109125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51332A19-BAB3-4031-8EEF-E1455E05D561}\mpengine.dll
2012-11-20 01:34:30--------d-----w-C:\Users\Jon\AppData\Roaming\Malwarebytes
2012-11-20 01:34:01--------d-----w-C:\ProgramData\Malwarebytes
2012-11-20 01:34:0025928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-20 01:34:00--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-19 08:54:599291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-19 00:45:52--------d-----w-C:\Users\Jon\AppData\Local\ElevatedDiagnostics
2012-11-18 02:03:2017888----a-w-C:\Windows\System32\msvcr100_clr0400.dll
2012-11-18 02:03:1117888----a-w-C:\Windows\SysWow64\msvcr100_clr0400.dll
2012-11-18 01:56:05929792----a-w-C:\Windows\SysWow64\mfnetsrc.dll
2012-11-18 01:56:051172992----a-w-C:\Windows\System32\mfnetsrc.dll
2012-11-18 01:56:04850944----a-w-C:\Windows\SysWow64\mfasfsrcsnk.dll
2012-11-18 01:56:04677888----a-w-C:\Windows\System32\mfnetcore.dll
2012-11-18 01:56:04673280----a-w-C:\Windows\System32\mfmpeg2srcsnk.dll
2012-11-18 01:56:04568832----a-w-C:\Windows\SysWow64\mfnetcore.dll
2012-11-18 01:56:04513024----a-w-C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2012-11-18 01:56:041048064----a-w-C:\Windows\System32\mfasfsrcsnk.dll
2012-11-16 05:59:03--------d-----w-C:\Fraps
2012-11-14 04:45:3294208----a-w-C:\Windows\System32\synceng.dll
2012-11-14 04:45:3272192----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-14 04:45:27439296----a-w-C:\Windows\System32\ReAgent.dll
2012-11-14 04:45:27371712----a-w-C:\Windows\SysWow64\ReAgent.dll
2012-11-14 04:45:2726624----a-w-C:\Windows\System32\ReAgentc.exe
2012-11-14 04:45:2724064----a-w-C:\Windows\SysWow64\ReAgentc.exe
2012-11-14 04:45:254056576----a-w-C:\Windows\System32\win32k.sys
2012-11-14 04:26:30--------d-----w-C:\ProgramData\Redfield
2012-11-14 03:47:50--------dc-h--w-C:\ProgramData\{33570351-B6F8-4097-AC41-91625CF5D4EF}
2012-11-14 03:47:44--------dc-h--w-C:\ProgramData\{60E17BBA-9D2D-4E1B-BDCF-1D654329EA31}
2012-11-14 03:47:35--------dc-h--w-C:\ProgramData\{961C7791-DF59-4BC0-9DC6-D2A8D3F2B1B5}
2012-11-14 03:47:30--------dc-h--w-C:\ProgramData\{E7058808-8C97-4A08-99A2-015D24FDC13B}
2012-11-14 03:47:17--------dc-h--w-C:\ProgramData\{90230F46-BE74-4EE2-8E60-E2EC40A3EF30}
2012-11-14 03:47:13--------dc-h--w-C:\ProgramData\{C081E8AB-3AD3-4F73-A2C4-BB04BB77DB08}
2012-11-14 03:47:04--------dc-h--w-C:\ProgramData\{36DC9A85-0AC4-4BA0-BEDB-99E0F95BA4F1}
2012-11-14 03:47:01--------dc-h--w-C:\ProgramData\{1CD9BC02-6909-4C6D-9DE6-AD1CF151FF24}
2012-11-14 03:47:00--------dc-h--w-C:\ProgramData\{0C544878-1DB6-409D-A998-0664599014C4}
2012-11-14 03:46:54--------dc-h--w-C:\ProgramData\{69A57C2A-4B82-4C12-A998-7EE1C7C0256F}
2012-11-14 03:46:45--------dc-h--w-C:\ProgramData\{86A7919A-1CA3-4459-8124-76C789A6402B}
2012-11-14 03:46:41--------dc-h--w-C:\ProgramData\{E6FD2223-C904-40C1-A119-7C0A8A7FE045}
2012-11-14 03:46:34--------dc-h--w-C:\ProgramData\{7B507839-38D8-4587-A29F-FE5A5EC55A03}
2012-11-14 03:46:31--------dc-h--w-C:\ProgramData\{E176482F-0DEA-4B06-9697-D12D614FECB9}
2012-11-14 03:46:24--------dc-h--w-C:\ProgramData\{8331949C-0661-45E0-BDFD-C71C7F94A6E2}
2012-11-14 03:46:20--------dc-h--w-C:\ProgramData\{447B4BF8-DCC8-4693-A8CD-A6A63F5BC176}
2012-11-14 03:46:15--------dc-h--w-C:\ProgramData\{A3BF8AE0-D933-4056-88A7-28E0C483C866}
2012-11-14 03:46:11--------dc-h--w-C:\ProgramData\{7CAFEB17-971D-44F2-91C0-1EEC4F54E1DB}
2012-11-14 03:46:06--------dc-h--w-C:\ProgramData\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}
2012-11-14 03:46:01--------dc-h--w-C:\ProgramData\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}
2012-11-14 03:45:58--------dc-h--w-C:\ProgramData\{AA5C05EA-7FB9-4519-BBE2-03ADD8EF0E5D}
2012-11-14 03:45:58--------d-----w-C:\Program Files\Common Files\Topaz Labs
2012-11-14 03:45:53--------dc-h--w-C:\ProgramData\{3C2CC1BA-EC03-48E5-A0EF-A0B455E1343F}
2012-11-14 03:45:53--------d-----w-C:\Program Files (x86)\Topaz Labs
2012-11-14 03:45:53--------d-----w-C:\Program Files (x86)\Common Files\Topaz Labs
2012-11-14 03:40:26--------d-----w-C:\Users\Jon\AppData\Local\PackageAware
2012-11-14 03:31:03--------d-----w-C:\Program Files (x86)\Imagenomic
2012-11-14 03:21:04--------d-----w-C:\Users\Jon\AppData\Roaming\Guitar Pro 6
2012-11-14 03:21:04--------d-----w-C:\ProgramData\Guitar Pro 6
2012-11-14 03:20:07--------d-----w-C:\Program Files (x86)\Guitar Pro 6
2012-11-13 23:14:13--------d-----w-C:\Users\Jon\.imagej
2012-11-13 21:04:53--------d-----w-C:\Program Files (x86)\ImageJ
2012-11-12 07:11:49821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-11-12 07:11:49746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-11-12 07:11:4895208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 20:20:11--------d-----w-C:\Users\Jon\AppData\Local\SCE
2012-11-11 20:20:11--------d-----w-C:\Crash
2012-11-11 20:20:03--------d--h--w-C:\Windows\msdownld.tmp
2012-11-11 05:14:41--------d-----w-C:\Users\Jon\AppData\Local\LogMeIn Hamachi
2012-11-11 05:14:34--------d-----w-C:\Program Files (x86)\LogMeIn Hamachi
2012-11-10 21:29:17--------d-----w-C:\Users\Jon\AppData\Local\Diagnostics
2012-11-10 08:09:32--------d-----w-C:\Users\Jon\AppData\Roaming\LOVE
2012-11-10 04:36:36--------d-----w-C:\Users\Jon\AppData\Local\Macromedia
2012-11-06 02:34:16--------d-----w-C:\Users\Jon\AppData\Roaming\HexChat
2012-11-06 02:33:56--------d-----w-C:\Program Files\HexChat
2012-11-06 02:33:21--------d-----w-C:\Users\Jon\AppData\Local\Programs
2012-11-05 22:53:55--------d-sh--w-C:\Windows\ftpcache
2012-11-05 22:53:35127800----a-w-C:\Windows\System32\HPSIsvc.exe
2012-11-05 22:53:2774240----a-w-C:\Windows\System32\Spool\prtprocs\x64\HP1100PP.dll
2012-11-05 22:53:131695232----a-w-C:\Windows\System32\HP1100SM.EXE
2012-11-05 22:53:12290816----a-w-C:\Windows\System32\HP1100LM.DLL
2012-11-05 22:53:00350720----a-w-C:\Windows\System32\mvhlewsi.dll
2012-11-05 22:52:58--------d-----w-C:\Program Files\HP
2012-11-05 22:52:5720480----a-w-C:\Windows\System32\drivers\mvusbews.sys
2012-11-05 22:52:561490656----a-w-C:\Windows\System32\WdfCoInstaller01007.dll
2012-11-05 22:52:5282432----a-w-C:\Windows\System32\mvusbews.dll
2012-11-05 22:52:4749664----a-w-C:\Windows\System32\HP1100SMs.dll
2012-11-05 18:39:55--------d-----w-C:\Users\Jon\AppData\Roaming\Foxit Software
2012-11-05 17:44:14737072----a-w-C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-05 17:44:122876528----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-05 17:44:0942776----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-05 17:21:07--------d-----w-C:\Program Files (x86)\Foxit Software
2012-11-05 16:58:33--------d-----w-C:\Program Files (x86)\My Company Name
2012-11-05 16:58:33--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
2012-11-05 16:58:33--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
2012-11-05 16:43:41--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2012-11-05 16:42:1656336------w-C:\Windows\System32\drivers\PxHlpa64.sys
2012-11-05 16:42:1611376------w-C:\Windows\System32\drivers\cdralw2k.sys
2012-11-05 16:42:1610864------w-C:\Windows\System32\drivers\cdr4_xp.sys
2012-11-05 16:06:38--------d-----w-C:\Users\Jon\AppData\Local\Adobe
2012-11-05 16:01:11--------d-----w-C:\Program Files\Microsoft Synchronization Services
2012-11-05 16:01:04--------d-----w-C:\Program Files\Microsoft SQL Server Compact Edition
2012-11-05 15:58:34--------d-----w-C:\Program Files\Microsoft Analysis Services
2012-11-05 15:58:34--------d-----w-C:\Program Files (x86)\Microsoft Analysis Services
2012-11-05 15:40:56--------d-----w-C:\Users\Jon\AppData\Local\Microsoft Help
2012-11-05 07:02:29--------d-----w-C:\Windows\en
2012-11-05 07:02:24--------d-----w-C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-11-05 07:02:13--------d-----w-C:\Windows\PCHEALTH
2012-11-05 07:02:0089944-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DSETUP.dll
2012-11-05 07:02:00537432-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DXSETUP.exe
2012-11-05 07:02:001801048-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\dsetup32.dll
2012-11-05 07:01:5994040-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DSETUP.dll
2012-11-05 07:01:59525656-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DXSETUP.exe
2012-11-05 07:01:591691480-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\dsetup32.dll
2012-11-05 07:01:5789944-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DSETUP.dll
2012-11-05 07:01:57537432-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DXSETUP.exe
2012-11-05 07:01:571801048-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\dsetup32.dll
2012-11-05 07:01:54--------d-----w-C:\Users\Jon\AppData\Local\Windows Live
2012-11-05 07:01:02--------d-----w-C:\Program Files (x86)\Common Files\Windows Live
2012-11-05 06:34:36--------d-----w-C:\Program Files\Paint.NET
2012-11-05 06:34:35--------d-----w-C:\Users\Jon\AppData\Local\Paint.NET
2012-11-05 05:39:16--------d-----w-C:\Users\Jon\AppData\Roaming\NVIDIA
2012-11-05 05:34:07--------d-----w-C:\Windows\SysWow64\NV
2012-11-05 05:34:07--------d-----w-C:\Windows\System32\NV
2012-11-05 05:32:47--------d-----w-C:\Program Files\NVIDIA Corporation
2012-11-05 05:26:54--------d-----w-C:\NVIDIA
2012-11-05 05:07:13--------d-----w-C:\Windows\SysWow64\directx
2012-11-05 05:00:0218528----a-w-C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2012-11-05 03:27:39--------d-----w-C:\Program Files (x86)\MPC-HC
2012-11-05 03:18:20673280----a-w-C:\Windows\System32\mfmpeg2srcsnk.dll.bak
2012-11-05 03:18:20447488----a-w-C:\Windows\System32\mfds.dll.bak
2012-11-05 03:17:52513024----a-w-C:\Windows\SysWow64\mfmpeg2srcsnk.dll.bak
2012-11-05 03:17:52332800----a-w-C:\Windows\SysWow64\mfds.dll.bak
2012-11-05 03:16:33--------d-----w-C:\Users\Jon\AppData\Roaming\Shark007
2012-11-05 03:16:33--------d-----w-C:\ProgramData\Shark007
2012-11-05 03:16:30580096----a-w-C:\Windows\System32\ac3filter.acm
2012-11-05 03:16:304408832----a-w-C:\Windows\System32\x264vfw.dll
2012-11-05 03:16:30206336----a-w-C:\Windows\System32\unrar.dll
2012-11-05 03:16:301417216----a-w-C:\Windows\System32\VSFilter.dll
2012-11-05 03:16:30--------d-----w-C:\Program Files\Shark007
2012-11-05 03:12:52--------d-----w-C:\Users\Jon\AppData\Roaming\Win8codecs
2012-11-05 03:12:51--------d-----w-C:\Program Files (x86)\Win8codecs
2012-11-05 03:12:31--------d-----w-C:\ProgramData\win8codecs
2012-11-05 03:08:57--------d-----r-C:\Program Files (x86)\Skype
2012-11-05 03:05:37--------d-----w-C:\Program Files\CCleaner
2012-11-05 03:03:04737072----a-w-C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-11-05 03:03:012876528----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-05 03:02:5942776----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-05 03:02:58539984----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-05 02:59:09--------d-----w-C:\Windows\ehome
2012-11-05 02:24:4033240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-05 02:24:40--------d-----w-C:\Users\Jon\AppData\Local\Apple Computer
2012-11-05 02:24:25--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-05 02:24:25--------d-----w-C:\Program Files\iTunes
2012-11-05 02:24:25--------d-----w-C:\Program Files\iPod
2012-11-05 02:24:25--------d-----w-C:\Program Files (x86)\iTunes
2012-11-05 02:23:46--------d-----w-C:\Users\Jon\AppData\Local\Apple
2012-11-05 02:23:37--------d-----w-C:\Program Files\Bonjour
2012-11-05 02:23:37--------d-----w-C:\Program Files (x86)\Bonjour
2012-11-05 01:29:42--------d-----w-C:\Program Files (x86)\uTorrent
2012-11-05 01:27:04--------d-----w-C:\Users\Jon\AppData\Roaming\uTorrent
2012-11-05 01:24:48--------d-----w-C:\Users\Jon\AppData\Local\Deployment
2012-11-05 01:24:48--------d-----w-C:\Users\Jon\AppData\Local\Apps
2012-11-05 01:09:47--------d-----w-C:\Users\Jon\AppData\Local\CRE
2012-11-05 00:37:01--------d-----w-C:\Windows\Panther
2012-11-04 23:47:45--------d-----r-C:\Users\Jon\Dropbox
2012-11-04 23:45:55--------d-----w-C:\Users\Jon\AppData\Roaming\Dropbox
2012-11-04 23:38:5811272192----a-w-C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-04 23:38:5710768384----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-04 23:33:57301568----a-w-C:\Windows\System32\newdev.dll
2012-11-04 23:33:57275968----a-w-C:\Windows\SysWow64\newdev.dll
2012-11-04 23:33:5676288----a-w-C:\Windows\System32\newdev.exe
2012-11-04 23:33:5675264----a-w-C:\Windows\System32\ndadmin.exe
2012-11-04 23:33:5674240----a-w-C:\Windows\SysWow64\newdev.exe
2012-11-04 23:33:5673728----a-w-C:\Windows\SysWow64\ndadmin.exe
2012-11-04 23:33:5668608----a-w-C:\Windows\System32\wwanprotdim.dll
2012-11-04 23:33:56446976----a-w-C:\Windows\System32\wwansvc.dll
2012-11-04 23:31:27--------d-----w-C:\Windows\SysWow64\XPSViewer
2012-11-04 23:30:32778856----a-w-C:\Windows\SysWow64\PresentationNative_v0300.dll
2012-11-04 23:30:3235400----a-w-C:\Windows\SysWow64\TsWpfWrp.exe
2012-11-04 23:30:3235400----a-w-C:\Windows\System32\TsWpfWrp.exe
2012-11-04 23:30:32124040----a-w-C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2012-11-04 23:30:321166440----a-w-C:\Windows\System32\PresentationNative_v0300.dll
2012-11-04 23:30:32102528----a-w-C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2012-11-04 23:26:49--------d--h--w-C:\Windows\System32\WLANProfiles
2012-11-04 23:26:01--------d-----w-C:\SWWork
2012-11-04 23:24:20--------d-----w-C:\Users\Jon\AppData\Roaming\Intel
2012-11-04 23:24:12--------d-----w-C:\Users\Jon\Roaming
2012-11-04 23:24:12--------d-----w-C:\ProgramData\Roaming
2012-11-04 23:23:45--------d-----w-C:\Program Files (x86)\Cisco
2012-11-04 23:23:44--------d-----w-C:\ProgramData\Intel.sav
2012-11-04 23:22:47--------d-----w-C:\Windows\Downloaded Installations
2012-11-04 23:22:45--------d-----w-C:\Program Files\Common Files\SPBA
2012-11-04 23:22:45--------d-----w-C:\Program Files\AuthenTec
2012-11-04 23:22:44--------d-----w-C:\Program Files (x86)\Common Files\SPBA
2012-11-04 23:22:43--------d-----w-C:\Program Files\ThinkVantage Fingerprint Software
2012-11-04 23:22:28--------d-----w-C:\SWTOOLS
2012-11-04 23:22:0420992----a-w-C:\Windows\System32\OpenCL.dll
2012-11-04 23:22:04144896----a-w-C:\Windows\System32\IntelOpenCL64.dll
2012-11-04 23:22:0317920----a-w-C:\Windows\SysWow64\OpenCL.dll
2012-11-04 23:22:03104448----a-w-C:\Windows\SysWow64\IntelOpenCL32.dll
2012-11-04 23:21:59--------d-----w-C:\Program Files\Common Files\Intel
2012-11-04 23:21:59--------d-----w-C:\Program Files (x86)\Common Files\Intel
2012-11-04 23:16:47196608----a-w-C:\Windows\System32\RiSDIcon.dll
2012-11-04 23:16:47188416----a-w-C:\Windows\System32\RiMMCIcon.dll
2012-11-04 23:16:47105472----a-w-C:\Windows\System32\drivers\risdxc64.sys
2012-11-04 23:16:47--------d-----w-C:\Program Files (x86)\Ricoh
2012-11-04 23:15:55447104----a-w-C:\Windows\SysWow64\SASrv.exe
2012-11-04 23:15:19201376----a-w-C:\Windows\System32\CxAudMsg64.exe
2012-11-04 23:15:05--------d-----w-C:\Program Files\CONEXANT
2012-11-04 22:57:122893824----a-w-C:\Windows\System32\msmpeg2vdec.dll
2012-11-04 22:57:122400256----a-w-C:\Windows\SysWow64\msmpeg2vdec.dll
2012-11-04 22:56:51--------d-----w-C:\Windows\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\wbem\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\ja
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\drivers\UMDF\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\drivers\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\0411
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\ja
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\drivers\UMDF\ja-JP
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\drivers\ja-JP
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\0411
2012-11-04 22:56:46--------d-----w-C:\Windows\System32\wbem\ja-JP
2012-11-04 22:56:46--------d-----w-C:\sources
2012-11-04 22:54:5827136----a-w-C:\Windows\System32\drivers\ja-JP\http.sys.mui
2012-11-04 22:40:44--------d-----w-C:\Program Files (x86)\Steam
2012-11-04 22:40:44--------d-----w-C:\Program Files (x86)\Common Files\Steam
2012-11-04 22:25:55--------d-----w-C:\Users\Jon\AppData\Local\Google
2012-11-04 19:10:16--------d-----w-C:\roms
.
==================== Find3M ====================
.
2012-11-02 05:22:0834304----a-w-C:\Windows\SysWow64\wuapp.exe
2012-11-02 05:21:4483968----a-w-C:\Windows\SysWow64\wudriver.dll
2012-11-02 05:21:44125952----a-w-C:\Windows\SysWow64\wuwebv.dll
2012-11-02 05:21:28246784----a-w-C:\Windows\SysWow64\ubpm.dll
2012-11-02 05:20:3139424----a-w-C:\Windows\System32\wuapp.exe
2012-11-02 05:20:2877824----a-w-C:\Windows\System32\taskhost.exe
2012-11-02 05:20:2872192----a-w-C:\Windows\System32\taskhostex.exe
2012-11-02 05:20:10141824----a-w-C:\Windows\System32\wuwebv.dll
2012-11-02 05:20:0998304----a-w-C:\Windows\System32\wudriver.dll
2012-11-02 05:20:09251904----a-w-C:\Windows\System32\WUSettingsProvider.dll
2012-11-02 05:20:0917408----a-w-C:\Windows\System32\wuaext.dll
2012-11-02 05:20:091619968----a-w-C:\Windows\System32\wucltux.dll
2012-11-02 05:19:50318464----a-w-C:\Windows\System32\ubpm.dll
2012-11-02 05:01:2799328----a-w-C:\Windows\System32\wushareduxresources.dll
2012-11-02 04:55:32212992----a-w-C:\Windows\System32\drivers\mrxsmb20.sys
2012-11-02 04:53:13366080----a-w-C:\Windows\System32\drivers\mrxsmb.sys
2012-10-29 05:04:47522640----a-w-C:\Windows\System32\AUDIOKSE.dll
2012-10-29 05:04:47490064----a-w-C:\Windows\System32\AudioEng.dll
2012-10-29 05:04:47447792----a-w-C:\Windows\System32\AudioSes.dll
2012-10-29 05:04:47253512----a-w-C:\Windows\System32\audiodg.exe
2012-10-29 03:21:531526784----a-w-C:\Windows\System32\mfcore.dll
2012-10-29 03:21:21267264----a-w-C:\Windows\System32\EncDump.dll
2012-10-29 03:20:49785920----a-w-C:\Windows\System32\audiosrv.dll
2012-10-29 03:20:49169472----a-w-C:\Windows\System32\AudioEndpointBuilder.dll
2012-10-29 03:19:08463768----a-w-C:\Windows\SysWow64\AUDIOKSE.dll
2012-10-29 03:19:08427568----a-w-C:\Windows\SysWow64\AudioEng.dll
2012-10-29 03:19:08324344----a-w-C:\Windows\SysWow64\AudioSes.dll
2012-10-29 02:46:231451520----a-w-C:\Windows\SysWow64\mfcore.dll
2012-10-26 22:19:0980728----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 22:19:09695648----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-24 04:54:066972136----a-w-C:\Windows\System32\ntoskrnl.exe
2012-10-24 03:06:122706432----a-w-C:\Windows\System32\mshtml.tlb
2012-10-24 02:27:012706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-18 06:17:1869864----a-w-C:\Windows\System32\drivers\pdc.sys
2012-10-18 03:20:4610096640----a-w-C:\Windows\System32\twinui.dll
2012-10-18 03:18:402302464----a-w-C:\Windows\System32\authui.dll
2012-10-18 03:18:332146816----a-w-C:\Windows\System32\actxprxy.dll
2012-10-18 02:46:008856576----a-w-C:\Windows\SysWow64\twinui.dll
2012-10-18 02:44:382033664----a-w-C:\Windows\SysWow64\authui.dll
2012-10-18 02:44:33753664----a-w-C:\Windows\SysWow64\actxprxy.dll
2012-10-12 08:08:0127880----a-w-C:\Windows\System32\drivers\rdpvideominiport.sys
2012-10-12 06:14:5487040----a-w-C:\Windows\System32\srmtrace.dll
2012-10-12 06:14:54652800----a-w-C:\Windows\System32\srmscan.dll
2012-10-12 06:14:5430720----a-w-C:\Windows\System32\srm_ps.dll
2012-10-12 06:14:54279040----a-w-C:\Windows\System32\srm.dll
2012-10-12 06:14:54274432----a-w-C:\Windows\System32\srmstormod.dll
2012-10-12 06:14:54172032----a-w-C:\Windows\System32\srmshell.dll
2012-10-12 06:14:541347072----a-w-C:\Windows\System32\srmclient.dll
2012-10-12 06:14:54134144----a-w-C:\Windows\System32\adrclient.dll
2012-10-12 06:14:4036352----a-w-C:\Windows\System32\rfxvmt.dll
2012-10-12 06:14:393244032----a-w-C:\Windows\System32\rdpcorets.dll
2012-10-12 06:14:34115712----a-w-C:\Windows\System32\wbem\PolicMan.dll
2012-10-12 06:13:32109568----a-w-C:\Windows\System32\dskquota.dll
2012-10-12 05:50:01235520----a-w-C:\Windows\System32\rdpudd.dll
2012-10-12 05:46:28618496----a-w-C:\Windows\System32\drivers\srv2.sys
2012-10-12 05:41:02987648----a-w-C:\Windows\SysWow64\srmclient.dll
2012-10-12 05:41:0268096----a-w-C:\Windows\SysWow64\srmtrace.dll
2012-10-12 05:41:02487936----a-w-C:\Windows\SysWow64\srmscan.dll
2012-10-12 05:41:02278528----a-w-C:\Windows\SysWow64\srm.dll
2012-10-12 05:41:02202240----a-w-C:\Windows\SysWow64\srmstormod.dll
2012-10-12 05:41:0215872----a-w-C:\Windows\SysWow64\srm_ps.dll
2012-10-12 05:41:02128000----a-w-C:\Windows\SysWow64\srmshell.dll
2012-10-12 05:41:02104448----a-w-C:\Windows\SysWow64\adrclient.dll
2012-10-12 05:40:4984992----a-w-C:\Windows\SysWow64\wbem\PolicMan.dll
2012-10-12 05:39:5482944----a-w-C:\Windows\SysWow64\dskquota.dll
2012-10-11 07:47:18793200----a-w-C:\Windows\System32\mfplat.dll
2012-10-11 07:35:162380944----a-w-C:\Windows\explorer.exe
2012-10-11 07:26:44336104----a-w-C:\Windows\System32\drivers\Classpnp.sys
2012-10-11 07:25:4856552----a-w-C:\Windows\System32\drivers\sdstor.sys
2012-10-11 07:23:331001192----a-w-C:\Windows\System32\drivers\ndis.sys
2012-10-11 07:23:32441576----a-w-C:\Windows\System32\drivers\netio.sys
2012-10-11 07:18:25172264----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2012-10-11 07:16:201403784----a-w-C:\Windows\System32\winload.efi
2012-10-11 07:16:201267424----a-w-C:\Windows\System32\winload.exe
2012-10-11 07:16:201217328----a-w-C:\Windows\System32\winresume.efi
2012-10-11 07:16:191093880----a-w-C:\Windows\System32\winresume.exe
2012-10-11 07:13:54194280----a-w-C:\Windows\System32\drivers\sdbus.sys
2012-10-11 07:13:51124648----a-w-C:\Windows\System32\drivers\dumpsd.sys
2012-10-11 07:13:4958088----a-w-C:\Windows\System32\drivers\dam.sys
2012-10-11 07:13:3733512----a-w-C:\Windows\System32\drivers\battc.sys
2012-10-11 07:08:41562392----a-w-C:\Windows\System32\drivers\cng.sys
2012-10-11 07:02:271636672----a-w-C:\Windows\System32\WMALFXGFXDSP.dll
2012-10-11 07:01:47503080----a-w-C:\Windows\System32\ci.dll
2012-10-11 05:56:412115952----a-w-C:\Windows\SysWow64\explorer.exe
2012-10-11 05:45:58907776----a-w-C:\Windows\System32\uxtheme.dll
2012-10-11 05:45:5853760----a-w-C:\Windows\System32\UXInit.dll
2012-10-11 05:45:581045504----a-w-C:\Windows\System32\usercpl.dll
2012-10-11 05:45:533554304----a-w-C:\Windows\System32\tquery.dll
2012-10-11 05:45:49370176----a-w-C:\Windows\System32\SysFxUI.dll
2012-10-11 05:45:48579584----a-w-C:\Windows\System32\StructuredQuery.dll
2012-10-11 05:45:42505344----a-w-C:\Windows\System32\SpaceControl.dll
2012-10-11 05:45:37590848----a-w-C:\Windows\System32\SHCore.dll
2012-10-11 05:45:26945152----a-w-C:\Windows\System32\resetengmig.dll
2012-10-11 05:45:261009664----a-w-C:\Windows\System32\reseteng.dll
2012-10-11 05:45:1655808----a-w-C:\Windows\System32\PCPKsp.dll
2012-10-11 05:43:571294336----a-w-C:\Windows\System32\gdi32.dll
2012-10-11 05:43:531280000----a-w-C:\Windows\System32\FntCache.dll
2012-10-11 05:43:52757760----a-w-C:\Windows\System32\FirewallAPI.dll
2012-10-11 05:43:461836032----a-w-C:\Windows\System32\DWrite.dll
2012-10-11 05:43:452206208----a-w-C:\Windows\System32\dwmcore.dll
.
============= FINISH: 0:56:12.24 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume2
Install Date: 11/4/2012 4:45:29 PM
System Uptime: 11/20/2012 12:45:00 AM (0 hours ago)
.
Motherboard: LENOVO | | 4286CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 82.008 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\LEN0068\5&2890D699&0
Manufacturer:
Name:
PNP Device ID: ACPI\LEN0068\5&2890D699&0
Service:
.
==== System Restore Points ===================
.
RP2: 11/4/2012 10:12:44 PM - Installed win8codecs.
RP3: 11/10/2012 3:01:28 AM - Installed 7-Zip 9.22 (x64 edition)
RP4: 11/12/2012 2:11:37 AM - Installed Java 7 Update 9
RP5: 11/13/2012 10:20:17 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP6: 11/17/2012 9:00:58 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22 (x64 edition)
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 Plugin
Adobe Help Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
bl
Bonjour
CCleaner
Conexant 20672 SmartAudio HD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
F.lux
Foxit Reader
Fraps
Google Chrome
Google Update Helper
Guitar Pro 6
HexChat (x64)
HP LaserJet Professional P1100-P1560-P1600 Series
ImageJ 1.46r
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
Imagenomic Noiseware 5.0 Plug-in (build 5006)
Intel PROSet Wireless
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® PROSet/Wireless WiFi Software
IPFilter Updater
iTunes
Java 7 Update 9
Java Auto Updater
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Settings - Camera Audio
Lenovo Settings Dependency Package
Lenovo Settings Mobile Hotspot
Lenovo System Update
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.4.6052
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
Paint.NET v3.5.10
PDF Settings CS6
ph
Photo Common
Photo Gallery
PlanetSide 2 Beta
RICOH_Media_Driver_v2.22.18.01
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
Skype™ 6.0
Steam
ThinkPad UltraNav Driver
ThinkVantage Fingerprint Software
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz B&W Effects
Topaz B&W Effects (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Win8 x64Components v1.2.7
win8codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
11/20/2012 12:45:10 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {7160A13D-73DA-4CEA-95B9-37356478588A} and APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
11/19/2012 2:37:31 PM, Error: Service Control Manager [7034] - The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).
11/19/2012 12:54:32 PM, Error: Service Control Manager [7034] - The LnvMHService service terminated unexpectedly. It has done this 1 time(s).
11/16/2012 9:31:51 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUSTIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 9:30:36 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRIS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 7:23:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer KIRA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 11:40:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/15/2012 12:04:58 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 66.71.90.180. The computer with the IP address 66.71.90.211 did not allow the name to be claimed by this computer.
11/15/2012 1:09:21 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
11/14/2012 5:58:02 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 5 time(s).
11/14/2012 5:39:39 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 4 time(s).
11/14/2012 4:56:17 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 3 time(s).
11/14/2012 4:43:48 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 2 time(s).
11/14/2012 4:34:38 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Hello Jay,
Thank you for the help! I included the logs from the 5-step removal instructions in the first post, but I will do the scans again.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.10

Windows 7 x64 NTFS
Internet Explorer 9.10.9200.16433
Jon :: JON-THINKPAD [administrator]

11/20/2012 12:52:43 PM
mbam-log-2012-11-20 (12-52-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203099
Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.9.2
Run by Jon at 12:55:30 on 2012-11-20
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.8075.6353 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Lenovo\Communications Utility\CamMute.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Users\Jon\Local Settings\Apps\F.lux\flux.exe
C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{2D4F8976-7521-422E-AFB1-95D7D088D188} : DHCPNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C3131AB6-1B54-44FA-95AD-86F63458F24C}\5425D414847454254402755425645425 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
x64-Run: [Lenovo Settings Dependency Package] wscript.exe "C:\Program Files\Lenovo\SettingsDependency\cpyMachineInformation_xml.vbs"
x64-Run: [LnvMobHotspotClient] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-05 01:24; scriptish@erikvold.com; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\scriptish@erikvold.com.xpi
FF - ExtSQL: 2012-11-05 01:24; {4324f4a6-3a89-477e-b388-6bca032df78b}; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
FF - ExtSQL: 2012-11-12 00:23; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2012-11-5 56336]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2011-12-15 2246184]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-11-4 201376]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-11-5 127800]
R2 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-11-4 501312]
R2 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-11-4 496192]
R2 LENOVO.TVTVCAM;Lenovo AVFramework Control Center and ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-11-4 660032]
R2 LocationTaskManager;Location Task Manager;C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2012-10-2 458304]
R2 Power Manager DBC Service;Lenovo Settings Power Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-11-4 1692040]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-4 342528]
R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-9-2 4291624]
R3 risdxc;risdxc;C:\Windows\System32\Drivers\risdxc64.sys [2012-11-4 105472]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-4 43832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
S2 LnvHotSpotSvc;LnvMHService;C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [2012-11-4 457792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 mvusbews;USB EWS Device;C:\Windows\System32\Drivers\mvusbews.sys [2012-11-5 20480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-7-9 52736]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2012-11-20 06:06:1740960----a-r-C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-11-20 06:06:1740960----a-r-C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-11-20 06:06:16--------d-----w-C:\Program Files (x86)\Project64 1.6
2012-11-20 06:03:539125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E6B20F5-2997-4C18-835E-4DACCFCE1871}\mpengine.dll
2012-11-20 01:34:30--------d-----w-C:\Users\Jon\AppData\Roaming\Malwarebytes
2012-11-20 01:34:01--------d-----w-C:\ProgramData\Malwarebytes
2012-11-20 01:34:0025928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-20 01:34:00--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-19 08:54:599291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-19 00:45:52--------d-----w-C:\Users\Jon\AppData\Local\ElevatedDiagnostics
2012-11-18 02:03:2017888----a-w-C:\Windows\System32\msvcr100_clr0400.dll
2012-11-18 02:03:1117888----a-w-C:\Windows\SysWow64\msvcr100_clr0400.dll
2012-11-18 01:56:05929792----a-w-C:\Windows\SysWow64\mfnetsrc.dll
2012-11-18 01:56:051172992----a-w-C:\Windows\System32\mfnetsrc.dll
2012-11-18 01:56:04850944----a-w-C:\Windows\SysWow64\mfasfsrcsnk.dll
2012-11-18 01:56:04677888----a-w-C:\Windows\System32\mfnetcore.dll
2012-11-18 01:56:04673280----a-w-C:\Windows\System32\mfmpeg2srcsnk.dll
2012-11-18 01:56:04568832----a-w-C:\Windows\SysWow64\mfnetcore.dll
2012-11-18 01:56:04513024----a-w-C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2012-11-18 01:56:041048064----a-w-C:\Windows\System32\mfasfsrcsnk.dll
2012-11-16 05:59:03--------d-----w-C:\Fraps
2012-11-14 04:45:3294208----a-w-C:\Windows\System32\synceng.dll
2012-11-14 04:45:3272192----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-14 04:45:27439296----a-w-C:\Windows\System32\ReAgent.dll
2012-11-14 04:45:27371712----a-w-C:\Windows\SysWow64\ReAgent.dll
2012-11-14 04:45:2726624----a-w-C:\Windows\System32\ReAgentc.exe
2012-11-14 04:45:2724064----a-w-C:\Windows\SysWow64\ReAgentc.exe
2012-11-14 04:45:254056576----a-w-C:\Windows\System32\win32k.sys
2012-11-14 04:26:30--------d-----w-C:\ProgramData\Redfield
2012-11-14 03:47:50--------dc-h--w-C:\ProgramData\{33570351-B6F8-4097-AC41-91625CF5D4EF}
2012-11-14 03:47:44--------dc-h--w-C:\ProgramData\{60E17BBA-9D2D-4E1B-BDCF-1D654329EA31}
2012-11-14 03:47:35--------dc-h--w-C:\ProgramData\{961C7791-DF59-4BC0-9DC6-D2A8D3F2B1B5}
2012-11-14 03:47:30--------dc-h--w-C:\ProgramData\{E7058808-8C97-4A08-99A2-015D24FDC13B}
2012-11-14 03:47:17--------dc-h--w-C:\ProgramData\{90230F46-BE74-4EE2-8E60-E2EC40A3EF30}
2012-11-14 03:47:13--------dc-h--w-C:\ProgramData\{C081E8AB-3AD3-4F73-A2C4-BB04BB77DB08}
2012-11-14 03:47:04--------dc-h--w-C:\ProgramData\{36DC9A85-0AC4-4BA0-BEDB-99E0F95BA4F1}
2012-11-14 03:47:01--------dc-h--w-C:\ProgramData\{1CD9BC02-6909-4C6D-9DE6-AD1CF151FF24}
2012-11-14 03:47:00--------dc-h--w-C:\ProgramData\{0C544878-1DB6-409D-A998-0664599014C4}
2012-11-14 03:46:54--------dc-h--w-C:\ProgramData\{69A57C2A-4B82-4C12-A998-7EE1C7C0256F}
2012-11-14 03:46:45--------dc-h--w-C:\ProgramData\{86A7919A-1CA3-4459-8124-76C789A6402B}
2012-11-14 03:46:41--------dc-h--w-C:\ProgramData\{E6FD2223-C904-40C1-A119-7C0A8A7FE045}
2012-11-14 03:46:34--------dc-h--w-C:\ProgramData\{7B507839-38D8-4587-A29F-FE5A5EC55A03}
2012-11-14 03:46:31--------dc-h--w-C:\ProgramData\{E176482F-0DEA-4B06-9697-D12D614FECB9}
2012-11-14 03:46:24--------dc-h--w-C:\ProgramData\{8331949C-0661-45E0-BDFD-C71C7F94A6E2}
2012-11-14 03:46:20--------dc-h--w-C:\ProgramData\{447B4BF8-DCC8-4693-A8CD-A6A63F5BC176}
2012-11-14 03:46:15--------dc-h--w-C:\ProgramData\{A3BF8AE0-D933-4056-88A7-28E0C483C866}
2012-11-14 03:46:11--------dc-h--w-C:\ProgramData\{7CAFEB17-971D-44F2-91C0-1EEC4F54E1DB}
2012-11-14 03:46:06--------dc-h--w-C:\ProgramData\{774331FE-B8E8-4A4B-AFDF-F018F99FB73A}
2012-11-14 03:46:01--------dc-h--w-C:\ProgramData\{6B992C6A-E6B0-418F-9B21-FE4BF85AD3BE}
2012-11-14 03:45:58--------dc-h--w-C:\ProgramData\{AA5C05EA-7FB9-4519-BBE2-03ADD8EF0E5D}
2012-11-14 03:45:58--------d-----w-C:\Program Files\Common Files\Topaz Labs
2012-11-14 03:45:53--------dc-h--w-C:\ProgramData\{3C2CC1BA-EC03-48E5-A0EF-A0B455E1343F}
2012-11-14 03:45:53--------d-----w-C:\Program Files (x86)\Topaz Labs
2012-11-14 03:45:53--------d-----w-C:\Program Files (x86)\Common Files\Topaz Labs
2012-11-14 03:40:26--------d-----w-C:\Users\Jon\AppData\Local\PackageAware
2012-11-14 03:31:03--------d-----w-C:\Program Files (x86)\Imagenomic
2012-11-14 03:21:04--------d-----w-C:\Users\Jon\AppData\Roaming\Guitar Pro 6
2012-11-14 03:21:04--------d-----w-C:\ProgramData\Guitar Pro 6
2012-11-14 03:20:07--------d-----w-C:\Program Files (x86)\Guitar Pro 6
2012-11-13 23:14:13--------d-----w-C:\Users\Jon\.imagej
2012-11-13 21:04:53--------d-----w-C:\Program Files (x86)\ImageJ
2012-11-12 07:11:49821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-11-12 07:11:49746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-11-12 07:11:4895208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 20:20:11--------d-----w-C:\Users\Jon\AppData\Local\SCE
2012-11-11 20:20:11--------d-----w-C:\Crash
2012-11-11 20:20:03--------d--h--w-C:\Windows\msdownld.tmp
2012-11-11 05:14:41--------d-----w-C:\Users\Jon\AppData\Local\LogMeIn Hamachi
2012-11-11 05:14:34--------d-----w-C:\Program Files (x86)\LogMeIn Hamachi
2012-11-10 21:29:17--------d-----w-C:\Users\Jon\AppData\Local\Diagnostics
2012-11-10 08:09:32--------d-----w-C:\Users\Jon\AppData\Roaming\LOVE
2012-11-10 04:36:36--------d-----w-C:\Users\Jon\AppData\Local\Macromedia
2012-11-06 02:34:16--------d-----w-C:\Users\Jon\AppData\Roaming\HexChat
2012-11-06 02:33:56--------d-----w-C:\Program Files\HexChat
2012-11-06 02:33:21--------d-----w-C:\Users\Jon\AppData\Local\Programs
2012-11-05 22:53:55--------d-sh--w-C:\Windows\ftpcache
2012-11-05 22:53:35127800----a-w-C:\Windows\System32\HPSIsvc.exe
2012-11-05 22:53:2774240----a-w-C:\Windows\System32\Spool\prtprocs\x64\HP1100PP.dll
2012-11-05 22:53:131695232----a-w-C:\Windows\System32\HP1100SM.EXE
2012-11-05 22:53:12290816----a-w-C:\Windows\System32\HP1100LM.DLL
2012-11-05 22:53:00350720----a-w-C:\Windows\System32\mvhlewsi.dll
2012-11-05 22:52:58--------d-----w-C:\Program Files\HP
2012-11-05 22:52:5720480----a-w-C:\Windows\System32\drivers\mvusbews.sys
2012-11-05 22:52:561490656----a-w-C:\Windows\System32\WdfCoInstaller01007.dll
2012-11-05 22:52:5282432----a-w-C:\Windows\System32\mvusbews.dll
2012-11-05 22:52:4749664----a-w-C:\Windows\System32\HP1100SMs.dll
2012-11-05 18:39:55--------d-----w-C:\Users\Jon\AppData\Roaming\Foxit Software
2012-11-05 17:44:14737072----a-w-C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-11-05 17:44:122876528----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-05 17:44:0942776----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-05 17:21:07--------d-----w-C:\Program Files (x86)\Foxit Software
2012-11-05 16:58:33--------d-----w-C:\Program Files (x86)\My Company Name
2012-11-05 16:58:33--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
2012-11-05 16:58:33--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
2012-11-05 16:43:41--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2012-11-05 16:42:1656336------w-C:\Windows\System32\drivers\PxHlpa64.sys
2012-11-05 16:42:1611376------w-C:\Windows\System32\drivers\cdralw2k.sys
2012-11-05 16:42:1610864------w-C:\Windows\System32\drivers\cdr4_xp.sys
2012-11-05 16:06:38--------d-----w-C:\Users\Jon\AppData\Local\Adobe
2012-11-05 16:01:11--------d-----w-C:\Program Files\Microsoft Synchronization Services
2012-11-05 16:01:04--------d-----w-C:\Program Files\Microsoft SQL Server Compact Edition
2012-11-05 15:58:34--------d-----w-C:\Program Files\Microsoft Analysis Services
2012-11-05 15:58:34--------d-----w-C:\Program Files (x86)\Microsoft Analysis Services
2012-11-05 15:40:56--------d-----w-C:\Users\Jon\AppData\Local\Microsoft Help
2012-11-05 07:02:29--------d-----w-C:\Windows\en
2012-11-05 07:02:24--------d-----w-C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-11-05 07:02:13--------d-----w-C:\Windows\PCHEALTH
2012-11-05 07:02:0089944-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DSETUP.dll
2012-11-05 07:02:00537432-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\DXSETUP.exe
2012-11-05 07:02:001801048-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\734b2bff1cdbb2305\dsetup32.dll
2012-11-05 07:01:5994040-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DSETUP.dll
2012-11-05 07:01:59525656-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\DXSETUP.exe
2012-11-05 07:01:591691480-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\729cd2db1cdbb2303\dsetup32.dll
2012-11-05 07:01:5789944-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DSETUP.dll
2012-11-05 07:01:57537432-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\DXSETUP.exe
2012-11-05 07:01:571801048-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\721ce6bf1cdbb2302\dsetup32.dll
2012-11-05 07:01:54--------d-----w-C:\Users\Jon\AppData\Local\Windows Live
2012-11-05 07:01:02--------d-----w-C:\Program Files (x86)\Common Files\Windows Live
2012-11-05 06:34:36--------d-----w-C:\Program Files\Paint.NET
2012-11-05 06:34:35--------d-----w-C:\Users\Jon\AppData\Local\Paint.NET
2012-11-05 05:39:16--------d-----w-C:\Users\Jon\AppData\Roaming\NVIDIA
2012-11-05 05:34:07--------d-----w-C:\Windows\SysWow64\NV
2012-11-05 05:34:07--------d-----w-C:\Windows\System32\NV
2012-11-05 05:32:47--------d-----w-C:\Program Files\NVIDIA Corporation
2012-11-05 05:26:54--------d-----w-C:\NVIDIA
2012-11-05 05:07:13--------d-----w-C:\Windows\SysWow64\directx
2012-11-05 05:00:0218528----a-w-C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2012-11-05 03:27:39--------d-----w-C:\Program Files (x86)\MPC-HC
2012-11-05 03:18:20673280----a-w-C:\Windows\System32\mfmpeg2srcsnk.dll.bak
2012-11-05 03:18:20447488----a-w-C:\Windows\System32\mfds.dll.bak
2012-11-05 03:17:52513024----a-w-C:\Windows\SysWow64\mfmpeg2srcsnk.dll.bak
2012-11-05 03:17:52332800----a-w-C:\Windows\SysWow64\mfds.dll.bak
2012-11-05 03:16:33--------d-----w-C:\Users\Jon\AppData\Roaming\Shark007
2012-11-05 03:16:33--------d-----w-C:\ProgramData\Shark007
2012-11-05 03:16:30580096----a-w-C:\Windows\System32\ac3filter.acm
2012-11-05 03:16:304408832----a-w-C:\Windows\System32\x264vfw.dll
2012-11-05 03:16:30206336----a-w-C:\Windows\System32\unrar.dll
2012-11-05 03:16:301417216----a-w-C:\Windows\System32\VSFilter.dll
2012-11-05 03:16:30--------d-----w-C:\Program Files\Shark007
2012-11-05 03:12:52--------d-----w-C:\Users\Jon\AppData\Roaming\Win8codecs
2012-11-05 03:12:51--------d-----w-C:\Program Files (x86)\Win8codecs
2012-11-05 03:12:31--------d-----w-C:\ProgramData\win8codecs
2012-11-05 03:08:57--------d-----r-C:\Program Files (x86)\Skype
2012-11-05 03:05:37--------d-----w-C:\Program Files\CCleaner
2012-11-05 03:03:04737072----a-w-C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-11-05 03:03:012876528----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-05 03:02:5942776----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-05 03:02:58539984----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-05 02:59:09--------d-----w-C:\Windows\ehome
2012-11-05 02:24:4033240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-05 02:24:40--------d-----w-C:\Users\Jon\AppData\Local\Apple Computer
2012-11-05 02:24:25--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-05 02:24:25--------d-----w-C:\Program Files\iTunes
2012-11-05 02:24:25--------d-----w-C:\Program Files\iPod
2012-11-05 02:24:25--------d-----w-C:\Program Files (x86)\iTunes
2012-11-05 02:23:46--------d-----w-C:\Users\Jon\AppData\Local\Apple
2012-11-05 02:23:37--------d-----w-C:\Program Files\Bonjour
2012-11-05 02:23:37--------d-----w-C:\Program Files (x86)\Bonjour
2012-11-05 01:29:42--------d-----w-C:\Program Files (x86)\uTorrent
2012-11-05 01:27:04--------d-----w-C:\Users\Jon\AppData\Roaming\uTorrent
2012-11-05 01:24:48--------d-----w-C:\Users\Jon\AppData\Local\Deployment
2012-11-05 01:24:48--------d-----w-C:\Users\Jon\AppData\Local\Apps
2012-11-05 01:09:47--------d-----w-C:\Users\Jon\AppData\Local\CRE
2012-11-05 00:37:01--------d-----w-C:\Windows\Panther
2012-11-04 23:47:45--------d-----r-C:\Users\Jon\Dropbox
2012-11-04 23:45:55--------d-----w-C:\Users\Jon\AppData\Roaming\Dropbox
2012-11-04 23:38:5811272192----a-w-C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-04 23:38:5710768384----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-11-04 23:33:57301568----a-w-C:\Windows\System32\newdev.dll
2012-11-04 23:33:57275968----a-w-C:\Windows\SysWow64\newdev.dll
2012-11-04 23:33:5676288----a-w-C:\Windows\System32\newdev.exe
2012-11-04 23:33:5675264----a-w-C:\Windows\System32\ndadmin.exe
2012-11-04 23:33:5674240----a-w-C:\Windows\SysWow64\newdev.exe
2012-11-04 23:33:5673728----a-w-C:\Windows\SysWow64\ndadmin.exe
2012-11-04 23:33:5668608----a-w-C:\Windows\System32\wwanprotdim.dll
2012-11-04 23:33:56446976----a-w-C:\Windows\System32\wwansvc.dll
2012-11-04 23:31:27--------d-----w-C:\Windows\SysWow64\XPSViewer
2012-11-04 23:30:32778856----a-w-C:\Windows\SysWow64\PresentationNative_v0300.dll
2012-11-04 23:30:3235400----a-w-C:\Windows\SysWow64\TsWpfWrp.exe
2012-11-04 23:30:3235400----a-w-C:\Windows\System32\TsWpfWrp.exe
2012-11-04 23:30:32124040----a-w-C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2012-11-04 23:30:321166440----a-w-C:\Windows\System32\PresentationNative_v0300.dll
2012-11-04 23:30:32102528----a-w-C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2012-11-04 23:26:49--------d--h--w-C:\Windows\System32\WLANProfiles
2012-11-04 23:26:01--------d-----w-C:\SWWork
2012-11-04 23:24:20--------d-----w-C:\Users\Jon\AppData\Roaming\Intel
2012-11-04 23:24:12--------d-----w-C:\Users\Jon\Roaming
2012-11-04 23:24:12--------d-----w-C:\ProgramData\Roaming
2012-11-04 23:23:45--------d-----w-C:\Program Files (x86)\Cisco
2012-11-04 23:23:44--------d-----w-C:\ProgramData\Intel.sav
2012-11-04 23:22:47--------d-----w-C:\Windows\Downloaded Installations
2012-11-04 23:22:45--------d-----w-C:\Program Files\Common Files\SPBA
2012-11-04 23:22:45--------d-----w-C:\Program Files\AuthenTec
2012-11-04 23:22:44--------d-----w-C:\Program Files (x86)\Common Files\SPBA
2012-11-04 23:22:43--------d-----w-C:\Program Files\ThinkVantage Fingerprint Software
2012-11-04 23:22:28--------d-----w-C:\SWTOOLS
2012-11-04 23:22:0420992----a-w-C:\Windows\System32\OpenCL.dll
2012-11-04 23:22:04144896----a-w-C:\Windows\System32\IntelOpenCL64.dll
2012-11-04 23:22:0317920----a-w-C:\Windows\SysWow64\OpenCL.dll
2012-11-04 23:22:03104448----a-w-C:\Windows\SysWow64\IntelOpenCL32.dll
2012-11-04 23:21:59--------d-----w-C:\Program Files\Common Files\Intel
2012-11-04 23:21:59--------d-----w-C:\Program Files (x86)\Common Files\Intel
2012-11-04 23:16:47196608----a-w-C:\Windows\System32\RiSDIcon.dll
2012-11-04 23:16:47188416----a-w-C:\Windows\System32\RiMMCIcon.dll
2012-11-04 23:16:47105472----a-w-C:\Windows\System32\drivers\risdxc64.sys
2012-11-04 23:16:47--------d-----w-C:\Program Files (x86)\Ricoh
2012-11-04 23:15:55447104----a-w-C:\Windows\SysWow64\SASrv.exe
2012-11-04 23:15:19201376----a-w-C:\Windows\System32\CxAudMsg64.exe
2012-11-04 23:15:05--------d-----w-C:\Program Files\CONEXANT
2012-11-04 22:57:122893824----a-w-C:\Windows\System32\msmpeg2vdec.dll
2012-11-04 22:57:122400256----a-w-C:\Windows\SysWow64\msmpeg2vdec.dll
2012-11-04 22:56:51--------d-----w-C:\Windows\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\wbem\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\ja
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\drivers\UMDF\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\drivers\ja-JP
2012-11-04 22:56:49--------d-----w-C:\Windows\SysWow64\0411
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\ja
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\drivers\UMDF\ja-JP
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\drivers\ja-JP
2012-11-04 22:56:47--------d-----w-C:\Windows\System32\0411
2012-11-04 22:56:46--------d-----w-C:\Windows\System32\wbem\ja-JP
2012-11-04 22:56:46--------d-----w-C:\sources
2012-11-04 22:54:5827136----a-w-C:\Windows\System32\drivers\ja-JP\http.sys.mui
2012-11-04 22:40:44--------d-----w-C:\Program Files (x86)\Steam
2012-11-04 22:40:44--------d-----w-C:\Program Files (x86)\Common Files\Steam
2012-11-04 22:25:55--------d-----w-C:\Users\Jon\AppData\Local\Google
2012-11-04 19:10:16--------d-----w-C:\roms
.
==================== Find3M ====================
.
2012-11-02 05:22:0834304----a-w-C:\Windows\SysWow64\wuapp.exe
2012-11-02 05:21:4483968----a-w-C:\Windows\SysWow64\wudriver.dll
2012-11-02 05:21:44125952----a-w-C:\Windows\SysWow64\wuwebv.dll
2012-11-02 05:21:28246784----a-w-C:\Windows\SysWow64\ubpm.dll
2012-11-02 05:20:3139424----a-w-C:\Windows\System32\wuapp.exe
2012-11-02 05:20:2877824----a-w-C:\Windows\System32\taskhost.exe
2012-11-02 05:20:2872192----a-w-C:\Windows\System32\taskhostex.exe
2012-11-02 05:20:10141824----a-w-C:\Windows\System32\wuwebv.dll
2012-11-02 05:20:0998304----a-w-C:\Windows\System32\wudriver.dll
2012-11-02 05:20:09251904----a-w-C:\Windows\System32\WUSettingsProvider.dll
2012-11-02 05:20:0917408----a-w-C:\Windows\System32\wuaext.dll
2012-11-02 05:20:091619968----a-w-C:\Windows\System32\wucltux.dll
2012-11-02 05:19:50318464----a-w-C:\Windows\System32\ubpm.dll
2012-11-02 05:01:2799328----a-w-C:\Windows\System32\wushareduxresources.dll
2012-11-02 04:55:32212992----a-w-C:\Windows\System32\drivers\mrxsmb20.sys
2012-11-02 04:53:13366080----a-w-C:\Windows\System32\drivers\mrxsmb.sys
2012-10-29 05:04:47522640----a-w-C:\Windows\System32\AUDIOKSE.dll
2012-10-29 05:04:47490064----a-w-C:\Windows\System32\AudioEng.dll
2012-10-29 05:04:47447792----a-w-C:\Windows\System32\AudioSes.dll
2012-10-29 05:04:47253512----a-w-C:\Windows\System32\audiodg.exe
2012-10-29 03:21:531526784----a-w-C:\Windows\System32\mfcore.dll
2012-10-29 03:21:21267264----a-w-C:\Windows\System32\EncDump.dll
2012-10-29 03:20:49785920----a-w-C:\Windows\System32\audiosrv.dll
2012-10-29 03:20:49169472----a-w-C:\Windows\System32\AudioEndpointBuilder.dll
2012-10-29 03:19:08463768----a-w-C:\Windows\SysWow64\AUDIOKSE.dll
2012-10-29 03:19:08427568----a-w-C:\Windows\SysWow64\AudioEng.dll
2012-10-29 03:19:08324344----a-w-C:\Windows\SysWow64\AudioSes.dll
2012-10-29 02:46:231451520----a-w-C:\Windows\SysWow64\mfcore.dll
2012-10-26 22:19:0980728----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 22:19:09695648----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-24 04:54:066972136----a-w-C:\Windows\System32\ntoskrnl.exe
2012-10-24 03:06:122706432----a-w-C:\Windows\System32\mshtml.tlb
2012-10-24 02:27:012706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-18 06:17:1869864----a-w-C:\Windows\System32\drivers\pdc.sys
2012-10-18 03:20:4610096640----a-w-C:\Windows\System32\twinui.dll
2012-10-18 03:18:402302464----a-w-C:\Windows\System32\authui.dll
2012-10-18 03:18:332146816----a-w-C:\Windows\System32\actxprxy.dll
2012-10-18 02:46:008856576----a-w-C:\Windows\SysWow64\twinui.dll
2012-10-18 02:44:382033664----a-w-C:\Windows\SysWow64\authui.dll
2012-10-18 02:44:33753664----a-w-C:\Windows\SysWow64\actxprxy.dll
2012-10-12 08:08:0127880----a-w-C:\Windows\System32\drivers\rdpvideominiport.sys
2012-10-12 06:14:5487040----a-w-C:\Windows\System32\srmtrace.dll
2012-10-12 06:14:54652800----a-w-C:\Windows\System32\srmscan.dll
2012-10-12 06:14:5430720----a-w-C:\Windows\System32\srm_ps.dll
2012-10-12 06:14:54279040----a-w-C:\Windows\System32\srm.dll
2012-10-12 06:14:54274432----a-w-C:\Windows\System32\srmstormod.dll
2012-10-12 06:14:54172032----a-w-C:\Windows\System32\srmshell.dll
2012-10-12 06:14:541347072----a-w-C:\Windows\System32\srmclient.dll
2012-10-12 06:14:54134144----a-w-C:\Windows\System32\adrclient.dll
2012-10-12 06:14:4036352----a-w-C:\Windows\System32\rfxvmt.dll
2012-10-12 06:14:393244032----a-w-C:\Windows\System32\rdpcorets.dll
2012-10-12 06:14:34115712----a-w-C:\Windows\System32\wbem\PolicMan.dll
2012-10-12 06:13:32109568----a-w-C:\Windows\System32\dskquota.dll
2012-10-12 05:50:01235520----a-w-C:\Windows\System32\rdpudd.dll
2012-10-12 05:46:28618496----a-w-C:\Windows\System32\drivers\srv2.sys
2012-10-12 05:41:02987648----a-w-C:\Windows\SysWow64\srmclient.dll
2012-10-12 05:41:0268096----a-w-C:\Windows\SysWow64\srmtrace.dll
2012-10-12 05:41:02487936----a-w-C:\Windows\SysWow64\srmscan.dll
2012-10-12 05:41:02278528----a-w-C:\Windows\SysWow64\srm.dll
2012-10-12 05:41:02202240----a-w-C:\Windows\SysWow64\srmstormod.dll
2012-10-12 05:41:0215872----a-w-C:\Windows\SysWow64\srm_ps.dll
2012-10-12 05:41:02128000----a-w-C:\Windows\SysWow64\srmshell.dll
2012-10-12 05:41:02104448----a-w-C:\Windows\SysWow64\adrclient.dll
2012-10-12 05:40:4984992----a-w-C:\Windows\SysWow64\wbem\PolicMan.dll
2012-10-12 05:39:5482944----a-w-C:\Windows\SysWow64\dskquota.dll
2012-10-11 07:47:18793200----a-w-C:\Windows\System32\mfplat.dll
2012-10-11 07:35:162380944----a-w-C:\Windows\explorer.exe
2012-10-11 07:26:44336104----a-w-C:\Windows\System32\drivers\Classpnp.sys
2012-10-11 07:25:4856552----a-w-C:\Windows\System32\drivers\sdstor.sys
2012-10-11 07:23:331001192----a-w-C:\Windows\System32\drivers\ndis.sys
2012-10-11 07:23:32441576----a-w-C:\Windows\System32\drivers\netio.sys
2012-10-11 07:18:25172264----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2012-10-11 07:16:201403784----a-w-C:\Windows\System32\winload.efi
2012-10-11 07:16:201267424----a-w-C:\Windows\System32\winload.exe
2012-10-11 07:16:201217328----a-w-C:\Windows\System32\winresume.efi
2012-10-11 07:16:191093880----a-w-C:\Windows\System32\winresume.exe
2012-10-11 07:13:54194280----a-w-C:\Windows\System32\drivers\sdbus.sys
2012-10-11 07:13:51124648----a-w-C:\Windows\System32\drivers\dumpsd.sys
2012-10-11 07:13:4958088----a-w-C:\Windows\System32\drivers\dam.sys
2012-10-11 07:13:3733512----a-w-C:\Windows\System32\drivers\battc.sys
2012-10-11 07:08:41562392----a-w-C:\Windows\System32\drivers\cng.sys
2012-10-11 07:02:271636672----a-w-C:\Windows\System32\WMALFXGFXDSP.dll
2012-10-11 07:01:47503080----a-w-C:\Windows\System32\ci.dll
2012-10-11 05:56:412115952----a-w-C:\Windows\SysWow64\explorer.exe
2012-10-11 05:45:58907776----a-w-C:\Windows\System32\uxtheme.dll
2012-10-11 05:45:5853760----a-w-C:\Windows\System32\UXInit.dll
2012-10-11 05:45:581045504----a-w-C:\Windows\System32\usercpl.dll
2012-10-11 05:45:533554304----a-w-C:\Windows\System32\tquery.dll
2012-10-11 05:45:49370176----a-w-C:\Windows\System32\SysFxUI.dll
2012-10-11 05:45:48579584----a-w-C:\Windows\System32\StructuredQuery.dll
2012-10-11 05:45:42505344----a-w-C:\Windows\System32\SpaceControl.dll
2012-10-11 05:45:37590848----a-w-C:\Windows\System32\SHCore.dll
2012-10-11 05:45:26945152----a-w-C:\Windows\System32\resetengmig.dll
2012-10-11 05:45:261009664----a-w-C:\Windows\System32\reseteng.dll
2012-10-11 05:45:1655808----a-w-C:\Windows\System32\PCPKsp.dll
2012-10-11 05:43:571294336----a-w-C:\Windows\System32\gdi32.dll
2012-10-11 05:43:531280000----a-w-C:\Windows\System32\FntCache.dll
2012-10-11 05:43:52757760----a-w-C:\Windows\System32\FirewallAPI.dll
2012-10-11 05:43:461836032----a-w-C:\Windows\System32\DWrite.dll
2012-10-11 05:43:452206208----a-w-C:\Windows\System32\dwmcore.dll
.
============= FINISH: 12:55:35.82 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume2
Install Date: 11/4/2012 4:45:29 PM
System Uptime: 11/20/2012 12:45:00 AM (12 hours ago)
.
Motherboard: LENOVO | | 4286CTO
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 82.104 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\LEN0068\5&2890D699&0
Manufacturer:
Name:
PNP Device ID: ACPI\LEN0068\5&2890D699&0
Service:
.
==== System Restore Points ===================
.
RP2: 11/4/2012 10:12:44 PM - Installed win8codecs.
RP3: 11/10/2012 3:01:28 AM - Installed 7-Zip 9.22 (x64 edition)
RP4: 11/12/2012 2:11:37 AM - Installed Java 7 Update 9
RP5: 11/13/2012 10:20:17 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP6: 11/17/2012 9:00:58 PM - Windows Update
RP7: 11/20/2012 1:06:10 AM - Installed Project64 1.6
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22 (x64 edition)
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 Plugin
Adobe Help Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
bl
Bonjour
CCleaner
Conexant 20672 SmartAudio HD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
F.lux
Foxit Reader
Fraps
Google Chrome
Google Update Helper
Guitar Pro 6
HexChat (x64)
HP LaserJet Professional P1100-P1560-P1600 Series
ImageJ 1.46r
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
Imagenomic Noiseware 5.0 Plug-in (build 5006)
Intel PROSet Wireless
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® PROSet/Wireless WiFi Software
IPFilter Updater
iTunes
Java 7 Update 9
Java Auto Updater
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Settings - Camera Audio
Lenovo Settings Dependency Package
Lenovo Settings Mobile Hotspot
Lenovo System Update
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.4.6052
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
Paint.NET v3.5.10
PDF Settings CS6
ph
Photo Common
Photo Gallery
PlanetSide 2 Beta
Project64 1.6
RICOH_Media_Driver_v2.22.18.01
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
Skype™ 6.0
Steam
ThinkPad UltraNav Driver
ThinkVantage Fingerprint Software
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz B&W Effects
Topaz B&W Effects (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Win8 x64Components v1.2.7
win8codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
11/20/2012 2:26:32 AM, Error: Service Control Manager [7034] - The LnvMHService service terminated unexpectedly. It has done this 1 time(s).
11/20/2012 12:51:42 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
11/20/2012 12:45:10 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {7160A13D-73DA-4CEA-95B9-37356478588A} and APPID Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
11/19/2012 2:37:31 PM, Error: Service Control Manager [7034] - The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).
11/16/2012 9:31:51 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUSTIN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 9:30:36 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRIS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 7:23:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer KIRA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/16/2012 11:40:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D4F8976-7521-422E-AFB1-95D7D088D188}. The master browser is stopping or an election is being forced.
11/15/2012 12:04:58 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 66.71.90.180. The computer with the IP address 66.71.90.211 did not allow the name to be claimed by this computer.
11/15/2012 1:09:21 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
11/14/2012 5:58:02 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 5 time(s).
11/14/2012 5:39:39 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 4 time(s).
11/14/2012 4:56:17 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 3 time(s).
11/14/2012 4:43:48 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 2 time(s).
11/14/2012 4:34:38 PM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
# AdwCleaner v2.008 - Logfile created 11/20/2012 at 12:57:10
# Updated 17/11/2012 by Xplode
# Operating system : Windows 8 Pro with Media Center (64 bits)
# User : Jon - JON-THINKPAD
# Boot Mode : Normal
# Running from : C:\Users\Jon\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.10.9200.16433

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\z2kiv0iz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3114 octets] - [20/11/2012 00:43:38]
AdwCleaner[S1].txt - [3263 octets] - [20/11/2012 00:44:27]
AdwCleaner[S2].txt - [959 octets] - [20/11/2012 12:57:10]

########## EOF - C:\AdwCleaner[S2].txt - [1018 octets] ##########
 
Now, to look for malware...

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Sorry for delay. I just came back from my short vacation. :)

Sorry for the OS error there, your MBAM log said Windows 7...I didn't look as carefully at the DDS log, which said Windows 8 Pro.


RogueKiller Scan

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.


TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back