.
Hi,
I have an issue like this one: https://www.techspot.com/community/topics/virus-cant-install-malwarebytes-access-is-denied.163660/
My Win7 Pro Thinkpad SP1 computer was randomly rebooting, so I tried to install MBAM but it said access was denied -- it couldn't write the file in the temp directory. So I googled and ran:
Combofix
MBAM Clean
[FONT=Helvetica Neue]RKill[/FONT]
[FONT=Helvetica Neue][FONT=helvetica]TDSSkiller[/FONT][/FONT]
[FONT=helvetica]aswMBR[/FONT]
[FONT=helvetica]ESET online scanner[/FONT]
[FONT=helvetica]adware cleaner[/FONT]
[FONT=helvetica]FSS[/FONT]
Unhide
Ran all of these; still access denied when trying to install MBAM. I don't know much about the logs. Would you be willing to help?
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by Barbara at 23:46:16 on 2013-05-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.563 [GMT -4:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Prey\platform\windows\cron.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [087BFA070BC68B68EF72E800FF7EF859CE1EC0E9._service_run] "C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [Prey Laptop Tracker] C:\Program Files\Prey\platform\windows\cron.exe --log
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONAL
mRun: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Users\Barbara\AppData\Local\Apps\2.0\X2XRTH5L.08D\71V3PPR9.7Q5\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\37475607863736F6265616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\45F475E4F6663484D275966496 : DHCPNameServer = 101.104.178.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\54467716274637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\64C6563786F584F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\7457164756D616C616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DABEC673-63C3-4275-8501-8392D7D9F517} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.easwaran.org/thoughts-for-the-day-quotes.html
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-6-7 29512]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2010-6-7 163072]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-6-7 292864]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-6-7 294064]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-6-7 151936]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-7 244736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102368]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-13 03:40:16--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2013-05-13 03:40:16--------d-----w-C:\Program Files\SUPERAntiSpyware
2013-05-13 03:39:41--------d-----w-C:\ProgramData\SUPERSetup
2013-05-13 02:10:45174----a-w-C:\Windows\DeleteOnReboot.bat
2013-05-13 01:41:55--------d-----w-C:\Program Files (x86)\ESET
2013-05-13 00:07:20--------d-sh--w-C:\$RECYCLE.BIN
2013-05-12 23:51:3098816----a-w-C:\Windows\sed.exe
2013-05-12 23:51:30256000----a-w-C:\Windows\PEV.exe
2013-05-12 23:51:30208896----a-w-C:\Windows\MBR.exe
2013-05-03 17:58:29--------d-----w-C:\Program Files (x86)\Canon
2013-05-03 17:58:2815872----a-w-C:\Windows\SysWow64\CNHMCA.dll
2013-05-03 17:58:27320000----a-w-C:\Windows\SysWow64\CNC_BBL.dll
2013-05-03 17:58:27103424----a-w-C:\Windows\SysWow64\CNC_BBU.dll
2013-05-03 17:55:4030208----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPDBB.DLL
2013-05-03 17:55:40100352----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPPBB.DLL
2013-05-03 17:55:33363520----a-w-C:\Windows\System32\CNC_BBL.dll
2013-05-03 17:55:33287744----a-w-C:\Windows\System32\CNC_BBC.dll
2013-05-03 17:55:3317920----a-w-C:\Windows\System32\CNHMCA6.dll
2013-05-03 17:55:33106496----a-w-C:\Windows\System32\CNC_BBI.dll
2013-05-03 17:55:22389120----a-w-C:\Windows\System32\CNMLMBB.DLL
2013-04-28 03:48:33--------d-----w-C:\Users\Barbara\Cloud Drive
2013-04-28 03:47:32--------d-----w-C:\Users\Barbara\AppData\Local\Amazon Cloud Drive
2013-04-28 03:42:42--------d-----w-C:\Users\Barbara\AppData\Local\Apps
2013-04-28 03:42:41--------d-----w-C:\Users\Barbara\AppData\Local\Deployment
2013-04-24 11:41:0995648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 00:09:001656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-20 00:24:27--------d-----w-C:\Users\Barbara\.android
2013-04-20 00:24:10--------d-----w-C:\Users\Barbara\workspace
2013-04-20 00:10:15--------d-----w-C:\New Folder
2013-04-19 16:38:13708168----a-w-C:\Windows\System32\WinUSBCoInstaller.dll
2013-04-19 16:38:131490656----a-w-C:\Windows\System32\WdfCoInstaller01007.dll
2013-04-19 16:38:12203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys
2013-04-19 16:38:12102368----a-w-C:\Windows\System32\drivers\ssudbus.sys
2013-04-19 16:36:10--------d-----w-C:\Verizon_Android
2013-04-19 16:35:44--------d-----w-C:\ProgramData\Samsung
.
==================== Find3M ====================
.
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-03-10 00:51:44861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-03-10 00:51:44782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 06:08:4044032----a-w-C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:113717632----a-w-C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26158720----a-w-C:\Windows\System32\aaclient.dll
2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-02-13 13:53:480----a-w-C:\Windows\SysWow64\sho2F08.tmp
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 23:49:30.06 ===============
***************************************************************************************************
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2010 3:11:55 AM
System Uptime: 5/12/2013 10:12:38 PM (1 hours ago)
.
Motherboard: LENOVO | | 2516CTO
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 213.232 GiB free.
Q: is FIXED (NTFS) - 10 GiB total, 0.004 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PC Tools Data Store
Device ID: ROOT\LEGACY_PCTDS\0000
Manufacturer:
Name: PC Tools Data Store
PNP Device ID: ROOT\LEGACY_PCTDS\0000
Service: pctDS
.
==== System Restore Points ===================
.
RP375: 4/24/2013 3:00:27 AM - Windows Update
RP376: 4/24/2013 7:39:48 AM - Installed Java 7 Update 21
RP377: 4/26/2013 9:20:52 PM - Windows Update
RP378: 4/30/2013 3:00:15 AM - Windows Update
RP379: 5/1/2013 3:00:35 AM - Windows Update
RP380: 5/10/2013 7:53:10 AM - Scheduled Checkpoint
RP381: 5/12/2013 7:51:38 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Sansa Media Converter
Update for Microsoft Office 2007 (KB2508958)
µTorrent
3ivx D4 4.5.1 Decoder (remove only)
ABBYY FineReader for ScanSnap (TM) 4.0
Access Help
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Affixa
Affixa 3.2012.12.22
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Downloader 1.0.17
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Blackboard IM 4.1.0-C
Bonjour
Browser Guard 4.0
Burn.Now 4.5
Canon IJ Scan Utility
Canon MG5400 series MP Drivers
Canon MP530
CardMinder
CardMinder V4.0
Conexant 20585 SmartAudio HD
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
Direct DiscRecorder
ESET Online Scanner v3
Evernote v. 4.6.3
Fastest Free YouTube Downloader to MP3 Converter
GIMP 2.6.11
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Human Design Life Chart
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Monitor
InterVideo WinDVD 8
IP Camera
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 31
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Warranty Information
Lenovo Welcome
LG SP USB Driver
LG USB WML Modem Driver
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mini-stream Ripper 3.1.2.1.2010.03.30
Mobile Broadband
Mozilla Firefox (3.6.12)
Mozilla Firefox 14.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft VideoCacheView
NTI Backup Now EZ
Pam Call Recorder 4.8
PC Tools Spyware Doctor with AntiVirus 9.0
Power Manager
Quicken 2011
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Rosetta Stone Homeschool
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3
SAMSUNG USB Driver for Mobile Phones
Sansa Updater
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Suite Specific
SUPERAntiSpyware
swMSM
System Update
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
TurboTax 2009
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnciper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnciper
TurboTax 2012 wrapper
TurboTax Business 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebTablet IE Plugin
WebTablet Netscape Plugin
WinASO Registry Optimizer 4.8.2
Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows XP Mode
WinRAR archiver
Wisdom Quest
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/9/2013 8:15:49 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/8/2013 9:56:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
5/8/2013 2:18:06 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
5/7/2013 5:36:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/7/2013 5:28:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} because another computer on the network has the same name. The server could not start.
5/12/2013 8:05:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/12/2013 8:04:04 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/12/2013 10:13:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
5/12/2013 10:12:50 PM, Error: Ntfs [137] - The default transaction resource manager on volume Q: encountered a non-retryable error and could not start. The data contains the error code.
5/12/2013 10:12:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/11/2013 1:48:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
.
==== End Of File ===========================
Can't run MBAM, but here are the results from AdwCleaner:
# AdwCleaner v2.300 - Logfile created 05/12/2013 at 22:09:17
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Barbara - BARBARA-THINK
# Boot Mode : Normal
# Running from : C:\Users\Barbara\Favorites\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Folder Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef32f59633787dd828adf56352222c0f-795373474
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0 (en-US)
File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\prefs.js
Deleted : user_pref("CT3078318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2817 octets] - [12/05/2013 22:08:23]
AdwCleaner[S1].txt - [2619 octets] - [12/05/2013 22:09:17]
########## EOF - C:\AdwCleaner[S1].txt - [2679 octets] ##########
Hi,
I have an issue like this one: https://www.techspot.com/community/topics/virus-cant-install-malwarebytes-access-is-denied.163660/
My Win7 Pro Thinkpad SP1 computer was randomly rebooting, so I tried to install MBAM but it said access was denied -- it couldn't write the file in the temp directory. So I googled and ran:
Combofix
MBAM Clean
[FONT=Helvetica Neue]RKill[/FONT]
[FONT=Helvetica Neue][FONT=helvetica]TDSSkiller[/FONT][/FONT]
[FONT=helvetica]aswMBR[/FONT]
[FONT=helvetica]ESET online scanner[/FONT]
[FONT=helvetica]adware cleaner[/FONT]
[FONT=helvetica]FSS[/FONT]
Unhide
Ran all of these; still access denied when trying to install MBAM. I don't know much about the logs. Would you be willing to help?
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by Barbara at 23:46:16 on 2013-05-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.563 [GMT -4:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Prey\platform\windows\cron.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [087BFA070BC68B68EF72E800FF7EF859CE1EC0E9._service_run] "C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [Prey Laptop Tracker] C:\Program Files\Prey\platform\windows\cron.exe --log
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONAL
mRun: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Users\Barbara\AppData\Local\Apps\2.0\X2XRTH5L.08D\71V3PPR9.7Q5\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\37475607863736F6265616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\45F475E4F6663484D275966496 : DHCPNameServer = 101.104.178.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\54467716274637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\64C6563786F584F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\7457164756D616C616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DABEC673-63C3-4275-8501-8392D7D9F517} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.easwaran.org/thoughts-for-the-day-quotes.html
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-6-7 29512]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2010-6-7 163072]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-6-7 292864]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-6-7 294064]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-6-7 151936]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-7 244736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102368]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-13 03:40:16--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2013-05-13 03:40:16--------d-----w-C:\Program Files\SUPERAntiSpyware
2013-05-13 03:39:41--------d-----w-C:\ProgramData\SUPERSetup
2013-05-13 02:10:45174----a-w-C:\Windows\DeleteOnReboot.bat
2013-05-13 01:41:55--------d-----w-C:\Program Files (x86)\ESET
2013-05-13 00:07:20--------d-sh--w-C:\$RECYCLE.BIN
2013-05-12 23:51:3098816----a-w-C:\Windows\sed.exe
2013-05-12 23:51:30256000----a-w-C:\Windows\PEV.exe
2013-05-12 23:51:30208896----a-w-C:\Windows\MBR.exe
2013-05-03 17:58:29--------d-----w-C:\Program Files (x86)\Canon
2013-05-03 17:58:2815872----a-w-C:\Windows\SysWow64\CNHMCA.dll
2013-05-03 17:58:27320000----a-w-C:\Windows\SysWow64\CNC_BBL.dll
2013-05-03 17:58:27103424----a-w-C:\Windows\SysWow64\CNC_BBU.dll
2013-05-03 17:55:4030208----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPDBB.DLL
2013-05-03 17:55:40100352----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPPBB.DLL
2013-05-03 17:55:33363520----a-w-C:\Windows\System32\CNC_BBL.dll
2013-05-03 17:55:33287744----a-w-C:\Windows\System32\CNC_BBC.dll
2013-05-03 17:55:3317920----a-w-C:\Windows\System32\CNHMCA6.dll
2013-05-03 17:55:33106496----a-w-C:\Windows\System32\CNC_BBI.dll
2013-05-03 17:55:22389120----a-w-C:\Windows\System32\CNMLMBB.DLL
2013-04-28 03:48:33--------d-----w-C:\Users\Barbara\Cloud Drive
2013-04-28 03:47:32--------d-----w-C:\Users\Barbara\AppData\Local\Amazon Cloud Drive
2013-04-28 03:42:42--------d-----w-C:\Users\Barbara\AppData\Local\Apps
2013-04-28 03:42:41--------d-----w-C:\Users\Barbara\AppData\Local\Deployment
2013-04-24 11:41:0995648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 00:09:001656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-20 00:24:27--------d-----w-C:\Users\Barbara\.android
2013-04-20 00:24:10--------d-----w-C:\Users\Barbara\workspace
2013-04-20 00:10:15--------d-----w-C:\New Folder
2013-04-19 16:38:13708168----a-w-C:\Windows\System32\WinUSBCoInstaller.dll
2013-04-19 16:38:131490656----a-w-C:\Windows\System32\WdfCoInstaller01007.dll
2013-04-19 16:38:12203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys
2013-04-19 16:38:12102368----a-w-C:\Windows\System32\drivers\ssudbus.sys
2013-04-19 16:36:10--------d-----w-C:\Verizon_Android
2013-04-19 16:35:44--------d-----w-C:\ProgramData\Samsung
.
==================== Find3M ====================
.
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-03-10 00:51:44861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-03-10 00:51:44782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 06:08:4044032----a-w-C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:113717632----a-w-C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26158720----a-w-C:\Windows\System32\aaclient.dll
2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-02-13 13:53:480----a-w-C:\Windows\SysWow64\sho2F08.tmp
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 23:49:30.06 ===============
***************************************************************************************************
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2010 3:11:55 AM
System Uptime: 5/12/2013 10:12:38 PM (1 hours ago)
.
Motherboard: LENOVO | | 2516CTO
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 213.232 GiB free.
Q: is FIXED (NTFS) - 10 GiB total, 0.004 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PC Tools Data Store
Device ID: ROOT\LEGACY_PCTDS\0000
Manufacturer:
Name: PC Tools Data Store
PNP Device ID: ROOT\LEGACY_PCTDS\0000
Service: pctDS
.
==== System Restore Points ===================
.
RP375: 4/24/2013 3:00:27 AM - Windows Update
RP376: 4/24/2013 7:39:48 AM - Installed Java 7 Update 21
RP377: 4/26/2013 9:20:52 PM - Windows Update
RP378: 4/30/2013 3:00:15 AM - Windows Update
RP379: 5/1/2013 3:00:35 AM - Windows Update
RP380: 5/10/2013 7:53:10 AM - Scheduled Checkpoint
RP381: 5/12/2013 7:51:38 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Sansa Media Converter
Update for Microsoft Office 2007 (KB2508958)
µTorrent
3ivx D4 4.5.1 Decoder (remove only)
ABBYY FineReader for ScanSnap (TM) 4.0
Access Help
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Affixa
Affixa 3.2012.12.22
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Downloader 1.0.17
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Blackboard IM 4.1.0-C
Bonjour
Browser Guard 4.0
Burn.Now 4.5
Canon IJ Scan Utility
Canon MG5400 series MP Drivers
Canon MP530
CardMinder
CardMinder V4.0
Conexant 20585 SmartAudio HD
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
Direct DiscRecorder
ESET Online Scanner v3
Evernote v. 4.6.3
Fastest Free YouTube Downloader to MP3 Converter
GIMP 2.6.11
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Human Design Life Chart
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Monitor
InterVideo WinDVD 8
IP Camera
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 31
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Warranty Information
Lenovo Welcome
LG SP USB Driver
LG USB WML Modem Driver
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mini-stream Ripper 3.1.2.1.2010.03.30
Mobile Broadband
Mozilla Firefox (3.6.12)
Mozilla Firefox 14.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft VideoCacheView
NTI Backup Now EZ
Pam Call Recorder 4.8
PC Tools Spyware Doctor with AntiVirus 9.0
Power Manager
Quicken 2011
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Rosetta Stone Homeschool
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3
SAMSUNG USB Driver for Mobile Phones
Sansa Updater
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Suite Specific
SUPERAntiSpyware
swMSM
System Update
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
TurboTax 2009
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnciper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnciper
TurboTax 2012 wrapper
TurboTax Business 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebTablet IE Plugin
WebTablet Netscape Plugin
WinASO Registry Optimizer 4.8.2
Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows XP Mode
WinRAR archiver
Wisdom Quest
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/9/2013 8:15:49 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/8/2013 9:56:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
5/8/2013 2:18:06 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
5/7/2013 5:36:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/7/2013 5:28:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} because another computer on the network has the same name. The server could not start.
5/12/2013 8:05:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/12/2013 8:04:04 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/12/2013 10:13:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
5/12/2013 10:12:50 PM, Error: Ntfs [137] - The default transaction resource manager on volume Q: encountered a non-retryable error and could not start. The data contains the error code.
5/12/2013 10:12:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/11/2013 1:48:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
.
==== End Of File ===========================
Can't run MBAM, but here are the results from AdwCleaner:
# AdwCleaner v2.300 - Logfile created 05/12/2013 at 22:09:17
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Barbara - BARBARA-THINK
# Boot Mode : Normal
# Running from : C:\Users\Barbara\Favorites\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Folder Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef32f59633787dd828adf56352222c0f-795373474
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0 (en-US)
File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\prefs.js
Deleted : user_pref("CT3078318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2817 octets] - [12/05/2013 22:08:23]
AdwCleaner[S1].txt - [2619 octets] - [12/05/2013 22:09:17]
########## EOF - C:\AdwCleaner[S1].txt - [2679 octets] ##########