My internet usage has spiked dramatically. It seems to decrease when I have my laptop off and am only using streaming devices. I've ran my Kaspresky antivirus and MS bot tool but they didn't find anything. Any help would be appreciated!!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8172 Mb
Graphics Card: AMD Radeon HD 6550M, 1024 Mb
Hard Drives: C: Total - 430419 MB, Free - 56456 MB; D: Total - 31208 MB, Free - 28287 MB;
Motherboard: LENOVO, KL2
Antivirus: Kaspersky PURE 3.0, Updated and Enabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:26 PM, on 6/24/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\tk\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
O4 - HKCU\..\Run: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Slidebar Notifier Service - Lenovo - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12974 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
Run by tk at 20:01:10 on 2014-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.4888 [GMT -7:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [AmazonMP3DownloaderHelper] C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\tk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Drop box.lnk - C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{67059FF0-CB67-4A42-862C-5A9559E73FD2} : DHCPNameServer = 8.8.8.8 8.8.4.4 172.16.2.5
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\47B666F65727 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\84643535D275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\C616B65667963647F627961623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\D49784F64744F676 : DHCPNameServer = 210.154.134.150 180.131.208.53
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynBtnAsst] C:\Program Files (x86)\Synaptics\SynTP\SynBtnAsst.exe Utility_Window
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\e72isk5b.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\tk\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2013-7-14 84536]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-5-4 39008]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [2013-10-21 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2013-10-21 102992]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-14 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-10-18 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-12-1 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2013-4-8 152576]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2011-5-4 69568]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-5-4 28176]
R3 bcbtums;Bluetooth USB LD Filter;C:\windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 btwampfl;btwampfl;C:\windows\System32\drivers\btwampfl.sys [2013-10-28 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-4 35104]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-11 31088]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2011-5-4 17904]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2011-5-4 57072]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2011-5-4 31344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-7 406056]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-2 54824]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-2 160880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-7-21 19456]
S3 tapstrong;StrongVPN Adapter;C:\windows\System32\drivers\tapstrong.sys [2013-11-23 38760]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-25 02:30:43 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05C4A088-0ED5-4CEA-A347-63B03AA5EA0E}\mpengine.dll
2014-06-25 00:32:36 -------- d-----w- C:\Users\tk\AppData\Local\Fuze Box
2014-06-20 03:05:17 -------- d-----w- C:\Users\tk\AppData\Roaming\VERIZON
2014-06-12 16:07:31 801280 ----a-w- C:\windows\System32\usp10.dll
2014-06-01 01:35:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 01:35:19 -------- d-----w- C:\Program Files\iTunes
2014-06-01 01:35:19 -------- d-----w- C:\Program Files\iPod
2014-06-01 01:35:19 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-31 00:37:55 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-27 12:49:19 -------- d-----r- C:\Users\tk\Dropbox
2014-05-27 12:48:08 -------- d-----w- C:\Users\tk\AppData\Roaming\DropboxMaster
2014-05-27 02:16:22 -------- d-----w- C:\Program Files (x86)\YNAB 4
.
==================== Find3M ====================
.
2014-06-12 15:32:47 92768 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-06-08 09:13:05 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-14 13:14:14 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 13:14:14 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:11 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-04-24 21:14:00 138664 ----a-w- C:\windows\SysWow64\drivers\AnyDVD.sys
2014-04-24 21:14:00 138664 ----a-w- C:\windows\System32\drivers\AnyDVD.sys
2014-04-15 09:34:10 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-04-03 02:52:39 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2014-04-03 02:52:39 29792 ----a-w- C:\windows\System32\drivers\klim6.sys
2014-03-31 16:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 20:01:41.03 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/14/2013 9:21:19 PM
System Uptime: 6/24/2014 6:17:32 AM (14 hours ago)
.
Motherboard: LENOVO | | KL2
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 420 GiB total, 55.078 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 27.625 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP113: 6/24/2014 7:27:40 PM - Removed Evernote v. 5.4
RP114: 6/24/2014 7:30:28 PM - Windows Update
RP115: 6/24/2014 7:52:11 PM - Uniblue SpeedUpMyPC installation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
Amazon Kindle
Amazon MP3 Downloader 1.0.18
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audible Download Manager
BodyMedia SYNC
Bonjour
Broadcom Gigabit NetLink Controller
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco Connect
CloneDVD2
Coupon Printer for Windows
CrashPlan
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Energy Management
Fuze Meeting
Google Chrome
Google Drive
Google Update Helper
HandBrake 0.9.9.1
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Update
HPDiagnosticAlert
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 60
Java Auto Updater
JMicron Flash Media Controller Driver
Junk Mail filter update
Kaspersky PURE 3.0
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo DirectShare
Lenovo EasyCamera
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo SlideNav
Lenovo YouCam
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Oasis2Service 1.0
Onekey Theater
QuickTime 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype 6.14
Synaptics Pointing Device Driver
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Workout Blender
YNAB 4 version 4.3.543
.
==== Event Viewer Messages From Past Week ========
.
6/22/2014 1:12:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/22/2014 1:12:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/18/2014 6:57:23 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-24 20:12:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: 0b7y8kuc.exe; Driver: C:\Users\tk\AppData\Local\Temp\pxldipoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033b4000 63 bytes [00, 00, 0D, 02, 4B, 4C, 73, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800033b4040 22 bytes [78, 06, 5B, 0E, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1888] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007754faa8 5 bytes JMP 0000000171a819b0
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1888] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077550038 5 bytes JMP 0000000171a82066
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1900b8
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd190038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1902b8
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd190238
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1901b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3280] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef265815c 5 bytes JMP 000007fefd1a01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef2658968 5 bytes JMP 000007fefd1a0238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1902b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd190238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1901b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefeb47490 5 bytes JMP 000007fffd190138
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1a02b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd1a0238
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1a01b8
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3544] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 00000001002a2710
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001002a27f0
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 00000001002a2780
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNEL32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4532] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4532] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 00000001003a2710
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001003a27f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 00000001003a2780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4164] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4164] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000100642710
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001006427f0
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000100642780
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000766d9d0b 5 bytes JMP 0000000100642850
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreate 000000007402859d 5 bytes JMP 0000000100643af0
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreateEx 000000007402ebc6 5 bytes JMP 0000000100643bb0
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4092:5620] 000007fefb4e2bf8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffadda154
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffadda154 (not active ControlSet)
---- EOF - GMER 2.1 ----
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8172 Mb
Graphics Card: AMD Radeon HD 6550M, 1024 Mb
Hard Drives: C: Total - 430419 MB, Free - 56456 MB; D: Total - 31208 MB, Free - 28287 MB;
Motherboard: LENOVO, KL2
Antivirus: Kaspersky PURE 3.0, Updated and Enabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:26 PM, on 6/24/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\tk\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
O4 - HKCU\..\Run: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Slidebar Notifier Service - Lenovo - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12974 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
Run by tk at 20:01:10 on 2014-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.4888 [GMT -7:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [AmazonMP3DownloaderHelper] C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\tk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Drop box.lnk - C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{67059FF0-CB67-4A42-862C-5A9559E73FD2} : DHCPNameServer = 8.8.8.8 8.8.4.4 172.16.2.5
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\47B666F65727 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\84643535D275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\C616B65667963647F627961623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\D49784F64744F676 : DHCPNameServer = 210.154.134.150 180.131.208.53
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynBtnAsst] C:\Program Files (x86)\Synaptics\SynTP\SynBtnAsst.exe Utility_Window
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\e72isk5b.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\tk\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2013-7-14 84536]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-5-4 39008]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [2013-10-21 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2013-10-21 102992]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-14 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-10-18 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-12-1 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2013-4-8 152576]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2011-5-4 69568]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-5-4 28176]
R3 bcbtums;Bluetooth USB LD Filter;C:\windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 btwampfl;btwampfl;C:\windows\System32\drivers\btwampfl.sys [2013-10-28 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-4 35104]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-11 31088]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2011-5-4 17904]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2011-5-4 57072]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2011-5-4 31344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-7 406056]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-2 54824]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-2 160880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-7-21 19456]
S3 tapstrong;StrongVPN Adapter;C:\windows\System32\drivers\tapstrong.sys [2013-11-23 38760]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-25 02:30:43 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05C4A088-0ED5-4CEA-A347-63B03AA5EA0E}\mpengine.dll
2014-06-25 00:32:36 -------- d-----w- C:\Users\tk\AppData\Local\Fuze Box
2014-06-20 03:05:17 -------- d-----w- C:\Users\tk\AppData\Roaming\VERIZON
2014-06-12 16:07:31 801280 ----a-w- C:\windows\System32\usp10.dll
2014-06-01 01:35:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 01:35:19 -------- d-----w- C:\Program Files\iTunes
2014-06-01 01:35:19 -------- d-----w- C:\Program Files\iPod
2014-06-01 01:35:19 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-31 00:37:55 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-27 12:49:19 -------- d-----r- C:\Users\tk\Dropbox
2014-05-27 12:48:08 -------- d-----w- C:\Users\tk\AppData\Roaming\DropboxMaster
2014-05-27 02:16:22 -------- d-----w- C:\Program Files (x86)\YNAB 4
.
==================== Find3M ====================
.
2014-06-12 15:32:47 92768 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-06-08 09:13:05 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-14 13:14:14 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 13:14:14 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:11 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-04-24 21:14:00 138664 ----a-w- C:\windows\SysWow64\drivers\AnyDVD.sys
2014-04-24 21:14:00 138664 ----a-w- C:\windows\System32\drivers\AnyDVD.sys
2014-04-15 09:34:10 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-04-03 02:52:39 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2014-04-03 02:52:39 29792 ----a-w- C:\windows\System32\drivers\klim6.sys
2014-03-31 16:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 20:01:41.03 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/14/2013 9:21:19 PM
System Uptime: 6/24/2014 6:17:32 AM (14 hours ago)
.
Motherboard: LENOVO | | KL2
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 420 GiB total, 55.078 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 27.625 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP113: 6/24/2014 7:27:40 PM - Removed Evernote v. 5.4
RP114: 6/24/2014 7:30:28 PM - Windows Update
RP115: 6/24/2014 7:52:11 PM - Uniblue SpeedUpMyPC installation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
Amazon Kindle
Amazon MP3 Downloader 1.0.18
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audible Download Manager
BodyMedia SYNC
Bonjour
Broadcom Gigabit NetLink Controller
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco Connect
CloneDVD2
Coupon Printer for Windows
CrashPlan
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Energy Management
Fuze Meeting
Google Chrome
Google Drive
Google Update Helper
HandBrake 0.9.9.1
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Update
HPDiagnosticAlert
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 60
Java Auto Updater
JMicron Flash Media Controller Driver
Junk Mail filter update
Kaspersky PURE 3.0
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo DirectShare
Lenovo EasyCamera
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo SlideNav
Lenovo YouCam
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Oasis2Service 1.0
Onekey Theater
QuickTime 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype 6.14
Synaptics Pointing Device Driver
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Workout Blender
YNAB 4 version 4.3.543
.
==== Event Viewer Messages From Past Week ========
.
6/22/2014 1:12:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/22/2014 1:12:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/18/2014 6:57:23 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-24 20:12:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: 0b7y8kuc.exe; Driver: C:\Users\tk\AppData\Local\Temp\pxldipoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033b4000 63 bytes [00, 00, 0D, 02, 4B, 4C, 73, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800033b4040 22 bytes [78, 06, 5B, 0E, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1888] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007754faa8 5 bytes JMP 0000000171a819b0
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1888] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077550038 5 bytes JMP 0000000171a82066
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1900b8
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd190038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1902b8
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd190238
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1901b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3280] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef265815c 5 bytes JMP 000007fefd1a01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef2658968 5 bytes JMP 000007fefd1a0238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1902b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd190238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1901b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefeb47490 5 bytes JMP 000007fffd190138
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1a02b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd1a0238
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1a01b8
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3544] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 00000001002a2710
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001002a27f0
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 00000001002a2780
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNEL32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4532] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4532] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 00000001003a2710
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001003a27f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 00000001003a2780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4164] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4164] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000100642710
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001006427f0
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000100642780
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000766d9d0b 5 bytes JMP 0000000100642850
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreate 000000007402859d 5 bytes JMP 0000000100643af0
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreateEx 000000007402ebc6 5 bytes JMP 0000000100643bb0
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4092:5620] 000007fefb4e2bf8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffadda154
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffadda154 (not active ControlSet)
---- EOF - GMER 2.1 ----