Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome Browser.exe Issues


  • This topic is locked This topic is locked
7 replies to this topic

#1 twcron

twcron

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 31 August 2014 - 09:26 AM

Hello all,  I'm new here and am having similar issues as sebveral other postings.

 

Something happened a few days ago when using Google Chrome to download a piece of software.

Since then I continuously hear random music and radio ads when nothing is open.

When I check task manager it says usually 2 instances of Chrome is still open and running random web sites.

When I kill the tasks the regenerate automatically.

In addition, there are many instances of Browser.exe processes that are related to Chrome.

 

I have tried deleting Chrome but the issue is still the same.

Even though Chrome has been uninstalled, I constantly get the "Chrome has crashed" popup and option to restart.

 

Malwarebytes and anti virus finds nothing so I'm a bit confused as to what is going on.

 

I'm attaching as others do the logs from FRST.

 

Thanks,

TomAttached File  Addition.txt   96.41KB   2 downloads

 

 

Pasted FRST log - Hamluis.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014
Ran by C01248 (administrator) on CSDPBWKGFX on 31-08-2014 09:14:24
Running from E:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp) C:\WINDOWS\system32\nslsvice.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(BeyondTrust Software, Inc.) C:\WINDOWS\system32\btservice.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Altiris, Inc.) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\WINDOWS\system32\BEDevCtl.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\WINDOWS\system32\BEFCSvcn.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(National Instruments, Inc.) C:\WINDOWS\system32\lkcitdl.exe
(National Instruments Corporation) C:\WINDOWS\system32\lkads.exe
(National Instruments Corporation) C:\WINDOWS\system32\lktsrv.exe
(Lakeside Software, Inc.) C:\Program Files\SysTrack\LsiAgent\LsiAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(IBM Corp) C:\Program Files\Lotus\Notes\ntmulti.exe
(National Instruments Corporation) C:\Program Files\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\WINDOWS\system32\nipalsm.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corp.) C:\WINDOWS\system32\nisvcloc.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\WINDOWS\system32\SGN_MasterServicen.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Sierra Wireless, Inc.) C:\Program Files\Sprint\Sprint SmartView\SwiCardDetect.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(National Instruments Corporation) C:\WINDOWS\system32\nipalsm.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office Communicator\communicator.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\Program Files\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe
(National Instruments Corporation) C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
(Altiris, Inc.) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
(Sprint) C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(The Imaging Source Europe GmbH) C:\Program Files\The Imaging Source Europe GmbH\Quick Driver Installer\QuickDriverInstaller.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(AT&T Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\ATT Connect\Participant\pull.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIHBA.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
(SmithMicro Inc.) C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\launch4j-tmp\MoboManager.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
(Bytemobile, Inc.) C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
(Lakeside Software, Inc.) C:\Program Files\SysTrack\LsiAgent\Utilities\LsiUser.exe
() C:\Program Files\Mobolize CacheFront\MoboProcessWatcher.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\launch4j-tmp\MoboIndexer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [LenovoAutoScrollUtility] => C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [62512 2013-11-29] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [64064 2011-11-21] (Lenovo Group Limited)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [342360 2013-11-29] (Lenovo.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM\...\Run: [SGNMasterApplication] => C:\Program Files\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2010-10-22] (McAfee, Inc.)
HKLM\...\Run: [AeXAgentLogon] => C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [152872 2010-02-26] (Altiris, Inc.)
HKLM\...\Run: [niDevMon] => C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [106064 2007-07-14] (National Instruments Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [55656 2012-09-27] (AuthenTec Inc.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [432488 2013-03-12] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [194920 2013-03-12] (Lenovo )
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1122304 2008-11-12] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-08-12] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe [628000 2008-02-27] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe [58656 2008-02-27] (Nuance Communications, Inc.)
HKLM\...\Run: [Sprint SmartView] => C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [69632 2012-07-13] (Sprint)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 1999-12-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333856 2013-09-27] (McAfee, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated)
HKLM Group Policy restriction on software: x-Pro.exe <====== ATTENTION
HKLM Group Policy restriction on software: edonkey.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipclient.exe <====== ATTENTION
HKLM Group Policy restriction on software: Napigator.exe <====== ATTENTION
HKLM Group Policy restriction on software: BitSpirit.exe <====== ATTENTION
HKLM Group Policy restriction on software: freecall.exe <====== ATTENTION
HKLM Group Policy restriction on software: icq.exe <====== ATTENTION
HKLM Group Policy restriction on software: peercast.exe <====== ATTENTION
HKLM Group Policy restriction on software: MsnMsgr.exe <====== ATTENTION
HKLM Group Policy restriction on software: btdownloadgui.exe <====== ATTENTION
HKLM Group Policy restriction on software: yahoomessenger.exe <====== ATTENTION
HKLM Group Policy restriction on software: winmx.exe <====== ATTENTION
HKLM Group Policy restriction on software: ymsgr6_beta.exe <====== ATTENTION
HKLM Group Policy restriction on software: swapper.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2pre.exe <====== ATTENTION
HKLM Group Policy restriction on software: woize.exe <====== ATTENTION
HKLM Group Policy restriction on software: edonkey2000.exe <====== ATTENTION
HKLM Group Policy restriction on software: mtorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: zultrax.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2processfactory.exe <====== ATTENTION
HKLM Group Policy restriction on software: Piolet.exe <====== ATTENTION
HKLM Group Policy restriction on software: entropy.exe <====== ATTENTION
HKLM Group Policy restriction on software: kiwialpha.exe <====== ATTENTION
HKLM Group Policy restriction on software: ventrilo.exe <====== ATTENTION
HKLM Group Policy restriction on software: BITTORNADO.exe <====== ATTENTION
HKLM Group Policy restriction on software: Phex.exe <====== ATTENTION
HKLM Group Policy restriction on software: ipphone.exe <====== ATTENTION
HKLM Group Policy restriction on software: eyebeam.exe <====== ATTENTION
HKLM Group Policy restriction on software: iceshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: LimeWire.exe <====== ATTENTION
HKLM Group Policy restriction on software: Tvants.exe <====== ATTENTION
HKLM Group Policy restriction on software: PPlive.exe <====== ATTENTION
HKLM Group Policy restriction on software: Xfire.exe <====== ATTENTION
HKLM Group Policy restriction on software: sipps.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipcheap.exe <====== ATTENTION
HKLM Group Policy restriction on software: g3torrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: ekiga.exe <====== ATTENTION
HKLM Group Policy restriction on software: kazaa.exe <====== ATTENTION
HKLM Group Policy restriction on software: tribler.exe <====== ATTENTION
HKLM Group Policy restriction on software: abc.exe <====== ATTENTION
HKLM Group Policy restriction on software: eBuddy.exe <====== ATTENTION
HKLM Group Policy restriction on software: sparVoip.exe <====== ATTENTION
HKLM Group Policy restriction on software: Shareaza.exe <====== ATTENTION
HKLM Group Policy restriction on software: phone.exe <====== ATTENTION
HKLM Group Policy restriction on software: rufus.exe <====== ATTENTION
HKLM Group Policy restriction on software: slsk.exe <====== ATTENTION
HKLM Group Policy restriction on software: Pruna.exe <====== ATTENTION
HKLM Group Policy restriction on software: MXit.exe <====== ATTENTION
HKLM Group Policy restriction on software: Azureus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Cabos.exe <====== ATTENTION
HKLM Group Policy restriction on software: boinc.exe <====== ATTENTION
HKLM Group Policy restriction on software: StrongDC.exe <====== ATTENTION
HKLM Group Policy restriction on software: bitcomet.exe <====== ATTENTION
HKLM Group Policy restriction on software: DCPlusPlus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Blubster.exe <====== ATTENTION
HKLM Group Policy restriction on software: UseNeXT.exe <====== ATTENTION
HKLM Group Policy restriction on software: bitlord.exe <====== ATTENTION
HKLM Group Policy restriction on software: mlnet.exe <====== ATTENTION
HKLM Group Policy restriction on software: trillian.exe <====== ATTENTION
HKLM Group Policy restriction on software: grokster.exe <====== ATTENTION
HKLM Group Policy restriction on software: mirc.exe <====== ATTENTION
HKLM Group Policy restriction on software: gopcsrv.exe <====== ATTENTION
HKLM Group Policy restriction on software: db2syscs.exe <====== ATTENTION
HKLM Group Policy restriction on software: moorhunt.exe <====== ATTENTION
HKLM Group Policy restriction on software: mosvs8.exe <====== ATTENTION
HKLM Group Policy restriction on software: coolstreaming.exe <====== ATTENTION
HKLM Group Policy restriction on software: KCeasy.exe <====== ATTENTION
HKLM Group Policy restriction on software: kenmap.exe <====== ATTENTION
HKLM Group Policy restriction on software: bearshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: miranda32.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: eye.exe <====== ATTENTION
HKLM Group Policy restriction on software: icqlite.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\win????.exe <====== ATTENTION
HKLM Group Policy restriction on software: xolox.exe <====== ATTENTION
HKLM Group Policy restriction on software: Jubster.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Acquisition.exe <====== ATTENTION
HKLM Group Policy restriction on software: entropy.exe <====== ATTENTION
HKLM Group Policy restriction on software: STRONGDC.EXE <====== ATTENTION
HKLM Group Policy restriction on software: kazaaLite.kpp <====== ATTENTION
HKLM Group Policy restriction on software: googletalk.exe <====== ATTENTION
HKLM Group Policy restriction on software: sametime.exe <====== ATTENTION
HKLM Group Policy restriction on software: Overnet.exe <====== ATTENTION
HKLM Group Policy restriction on software: ctv.exe <====== ATTENTION
HKLM Group Policy restriction on software: emule.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2printh.exe <====== ATTENTION
HKLM Group Policy restriction on software: gizmo.exe <====== ATTENTION
HKLM Group Policy restriction on software: gift.exe <====== ATTENTION
HKLM Group Policy restriction on software: Cabos.exe <====== ATTENTION
HKLM Group Policy restriction on software: Grokster.exe <====== ATTENTION
HKLM Group Policy restriction on software: tvprunner.exe <====== ATTENTION
HKLM Group Policy restriction on software: Meebo.exe <====== ATTENTION
HKLM Group Policy restriction on software: aMule.exe <====== ATTENTION
HKLM Group Policy restriction on software: newsLeecher.exe <====== ATTENTION
HKLM Group Policy restriction on software: hydranode.exe <====== ATTENTION
HKLM Group Policy restriction on software: FrostWire.exe <====== ATTENTION
HKLM Group Policy restriction on software: PALTALK.EXE <====== ATTENTION
HKLM Group Policy restriction on software: bittorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: warez.exe <====== ATTENTION
HKLM Group Policy restriction on software: anonproxy.exe <====== ATTENTION
HKLM Group Policy restriction on software: x-Lite.exe <====== ATTENTION
HKLM Group Policy restriction on software: TVUPlayer.exe <====== ATTENTION
HKLM Group Policy restriction on software: utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: hamachi.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipbuster.exe <====== ATTENTION
HKLM Group Policy restriction on software: gadugadu.exe <====== ATTENTION
HKLM Group Policy restriction on software: jabber.exe <====== ATTENTION
HKLM Group Policy restriction on software: Xfire.exe <====== ATTENTION
HKLM Group Policy restriction on software: morpheus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Ares.exe <====== ATTENTION
HKLM Group Policy restriction on software: tvprunner.exe <====== ATTENTION
HKLM Group Policy restriction on software: leechget.exe <====== ATTENTION
HKLM Group Policy restriction on software: TeamSpeak.exe <====== ATTENTION
HKLM Group Policy restriction on software: qtorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: imesh.exe <====== ATTENTION
HKLM Group Policy restriction on software: aim.exe <====== ATTENTION
HKLM Group Policy restriction on software: icqlight.exe <====== ATTENTION
HKLM Group Policy restriction on software: bearshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: QQ.exe <====== ATTENTION
HKLM Group Policy restriction on software: burst.exe <====== ATTENTION
HKLM Group Policy restriction on software: morpheus.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\ACNotify: C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
Winlogon\Notify\NotLog: C:\WINDOWS\system32\SGM_SMProtectn.dll (Utimaco Safeware AG - a member of the Sophos Group)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (AuthenTec Inc.)
Winlogon\Notify\SGSSOGinaExt: C:\WINDOWS\system32\SGSSOGinaExtension.dll (Utimaco Safeware AG - a member of the Sophos Group)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [The Imaging Source Quick Driver Installer] => C:\Program Files\The Imaging Source Europe GmbH\Quick Driver Installer\QuickDriverInstaller.exe [688128 2007-03-09] (The Imaging Source Europe GmbH)
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [Push Client] => C:\Documents and Settings\C01248\Local Settings\Application Data\ATT Connect\Participant\pull.exe [922864 2009-04-01] (AT&T Inc.)
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHBA.EXE [249440 2013-06-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [UIBeerware] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\C01248\Local Settings\Application Data\UIBeerware\UIBeerware.dll",DllRegisterServer
AppInit_DLLs: lsihok32.dll => C:\WINDOWS\system32\lsihok32.dll [56944 2013-08-14] (Lakeside Software, Inc.)
AppInit_DLLs:  BTPLOAD32.DLL => C:\WINDOWS\system32\BTPLOAD32.DLL [100168 2011-04-14] (BeyondTrust Software, Inc.)
AppInit_DLLs:  AMINIT.dll => C:\WINDOWS\system32\AMINIT.dll [61440 2007-02-16] (Altiris, Inc.)
Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mobolize CacheFront Manager.lnk
ShortcutTarget: Mobolize CacheFront Manager.lnk -> C:\Program Files\Mobolize CacheFront\MoboManager.exe (Mobolize, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
ShellIconOverlayIdentifiers: FEOverlayDenied -> {8756BF5A-0833-46DE-B27A-36462A724433} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: FEOverlayEnc -> {BF6CE06F-D876-4513-80DA-53FC713DAEC2} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: FEOverlayPlain -> {6F2CF642-97EF-437A-908C-8FFF083E065C} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: FEOverlayRule -> {3FFDF070-C234-4B40-A159-70235626596F} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln1 -> {93c136f0-91dc-4456-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln2 -> {93c136f0-91dc-4457-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln3 -> {93c136f0-91dc-4458-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln4 -> {93c136f0-91dc-4459-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=wwwgate.ti.com:80;https=wwwgate.ti.com:81;ftp=wwwgate.ti.com:80;gopher=wwwgate.ti.com:80;socks=wwwgate.ti.com:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO: PowerBroker Desktops Browser Helper -> {0A9CDB52-EBDF-4210-9C6A-B90C2FD410AB} -> C:\WINDOWS\system32\pmbho.dll (BeyondTrust Software, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: LsiBrowserHook Class -> {2E5E4BAC-FEC7-4DD6-AFAF-F4139B1B9FB6} -> C:\Program Files\SysTrack\LsiAgent\Utilities\browserHook.dll (Lakeside Software, Inc.)
BHO: MoboIEPlugIn.dll -> {5147157F-A082-4F23-BD35-DE02C0E2D132} -> C:\Program Files\Mobolize CacheFront\MoboIEPlugIn.dll (Mobolize, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - Mobolize CacheFront Toolbar - {FB948A8A-17D5-4F3C-9DCF-2477467E2583} - C:\Program Files\Mobolize CacheFront\moboietoolbar.DLL (Mobolize, Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} http://csdaltnsprod1.intra.cymer.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} https://cysm.cymer.com/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn1.cymer.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1392759224281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32_CP21-15858/webex/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn9.intra.cymer.com/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: LWAPlugin15.8 -> C:\Documents and Settings\C01248\Application Data\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\C01248\Application Data\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-03]

Chrome:
=======
CHR HomePage: Default -> FA9E2A2A9EE0C1157CF23C0A009CE1F8C4A60AB40D9C05D57BD8411F47710B0C
CHR DefaultSearchKeyword: Default -> 1B641F7E62F8E38860855D8F474AF95D2C15A98046E33BCE005AC11CE96749BE
CHR DefaultSearchProvider: Default -> 8FDBF17D385F5D0989475684E9D06C188C219DAF5EE8E3969E7A5F2200336611
CHR DefaultSearchURL: Default -> 790F0C2FE51BB6854730B758E3B83504F6C6DD4C4C538304A933A8AE41CFC152
CHR CustomProfile: C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]
CHR Extension: (Google Search) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR Extension: (example) - C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\SupporterPale [2014-08-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [1287464 2010-02-26] (Altiris, Inc.)
R2 BEDevCtl; C:\WINDOWS\system32\BEDevCtl.exe [1314816 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 BEFCSvcn; C:\WINDOWS\system32\BEFCSvcn.exe [20480 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 BTService; C:\WINDOWS\system32\btservice.exe [479560 2011-04-14] (BeyondTrust Software, Inc.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 EapSgnSvc; C:\Program Files\Common Files\Wlan SDK\EapSgnSvc.exe [156560 2011-07-06] (Smith Micro Software, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121240 2013-01-03] (Intel Corporation)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [58664 2013-10-25] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [110128 2014-04-07] (Lenovo Group Limited)
R2 LkCitadelServer; C:\WINDOWS\system32\lkcitdl.exe [695136 2007-03-21] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\system32\lkads.exe [40488 2007-07-16] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\system32\lktsrv.exe [50736 2007-07-16] (National Instruments Corporation)
R2 Lotus Notes Single Logon; C:\WINDOWS\system32\nslsvice.exe [20530 2005-12-01] (IBM Corp) [File not signed]
R2 LsiAgent; C:\Program Files\SysTrack\LsiAgent\LsiAgent.exe [3645464 2013-08-14] (Lakeside Software, Inc.)
R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [22816 2010-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [133152 2013-09-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [147984 2010-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2010-10-22] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [69192 2010-10-22] (McAfee, Inc.)
R2 Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [57393 2005-12-01] (IBM Corp) [File not signed]
R2 mxssvr; C:\Program Files\National Instruments\MAX\nimxs.exe [12696 2007-03-08] (National Instruments Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 nidevldu; C:\WINDOWS\system32\nipalsm.exe [12696 2007-02-16] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [213040 2007-07-16] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation) [File not signed]
R2 nipxirmu; C:\WINDOWS\system32\nipalsm.exe [12696 2007-02-16] (National Instruments Corporation)
R2 niSvcLoc; C:\WINDOWS\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.)
R2 NITaggerService; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [609384 2007-07-23] (National Instruments Corporation)
R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-07] ()
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-27] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [1645568 2013-01-11] () [File not signed]
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1663272 2013-01-11] (Lenovo Group Limited)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [920304 2013-02-21] (Intel® Corporation)
R2 SGN_BEService; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_FEService; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_LogSystem; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_Sem; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_Trans; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R3 SprintRcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [120424 2012-05-30] (SmithMicro Inc.)
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 SwiCardDetectSvc; C:\Program Files\Sprint\Sprint SmartView\SwiCardDetect.exe [226672 2010-09-22] (Sierra Wireless, Inc.)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [115696 2014-06-10] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 1999-12-31] (Creative)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2013-03-07] (IBM Corp.) [File not signed]
S3 bcm; C:\WINDOWS\System32\DRIVERS\drxvi314.sys [365568 2012-03-20] (Beceem Communications Inc.)
S3 bcmbusctr; C:\WINDOWS\System32\DRIVERS\BcmBusCtr.sys [52736 2012-03-20] (Beceem Communications Inc.)
R0 BeFlt; C:\WINDOWS\System32\DRIVERS\BEFLT.SYS [117504 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\WINDOWS\System32\DRIVERS\be_fltim.sys [59648 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
U0 BMLoad; C:\WINDOWS\System32\drivers\BMLoad.sys [13184 2010-12-20] (Bytemobile, Inc.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [939056 2013-02-14] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 CEAES2M; C:\WINDOWS\System32\Drivers\cegaes2m.sys [63232 2011-08-05] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\WINDOWS\System32\Drivers\cegaesm.sys [62720 2011-08-05] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEDES3M; C:\WINDOWS\System32\Drivers\cedes3m.sys [20224 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEDESM; C:\WINDOWS\System32\Drivers\cedesm.sys [19712 2010-06-15] ()
R0 CEEIDEM; C:\WINDOWS\System32\Drivers\ceeidem.sys [16128 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\WINDOWS\System32\Drivers\cehmacm.sys [25344 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEIDEM; C:\WINDOWS\System32\Drivers\ceidem.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\WINDOWS\System32\Drivers\cerndm.sys [15616 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\WINDOWS\System32\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
S3 cm_net; C:\WINDOWS\System32\DRIVERS\cm_net.sys [112640 2008-05-29] (C-motech Co.,Ltd.)
S3 cm_ser; C:\WINDOWS\System32\DRIVERS\cm_ser.sys [103680 2008-05-29] (C-motech Co.,Ltd.)
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2007-07-24] () [File not signed]
R3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
S3 DFGUSB2; C:\WINDOWS\System32\DRIVERS\dfg_usb2-lt.sys [65024 2006-09-07] () [File not signed]
S3 DIFMBUS; C:\WINDOWS\System32\DRIVERS\DIFMBUS.sys [56392 2010-04-28] (DEVGURU Co., LTD.)
S3 DIFMCVsp; C:\WINDOWS\System32\DRIVERS\DIFMCVsp.sys [164552 2010-04-28] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 DIFMMdm; C:\WINDOWS\System32\DRIVERS\DIFMMdm.sys [164552 2010-04-28] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 DIFMNET; C:\WINDOWS\System32\DRIVERS\DIFMNET.sys [105544 2010-05-04] (DEVGURU Co., LTD.)
S3 DIFMNVsp; C:\WINDOWS\System32\DRIVERS\DIFMNVsp.sys [164552 2010-04-28] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 DIFMVsp; C:\WINDOWS\System32\DRIVERS\DIFMVsp.sys [164552 2010-04-28] (DEVGURU Co., LTD.(
www.devguru.co.kr))
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [203944 2012-01-11] (Intel Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [24177 2004-02-04] (FTDI Ltd.) [File not signed]
S3 FTSER2K; C:\WINDOWS\System32\drivers\ftser2k.sys [57372 2004-02-04] (FTDI Ltd.) [File not signed]
R0 LCENCM; C:\WINDOWS\System32\drivers\lcencm.sys [1350912 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\WINDOWS\System32\Drivers\lcfiltm.sys [66816 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\WINDOWS\System32\Drivers\lcrecm.sys [40192 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
S3 lvalarmk; C:\WINDOWS\system32\drivers\lvalarmk.sys [20256 2007-01-11] (National Instruments Corporation)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [76024 2010-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [91896 2010-10-22] (McAfee, Inc.)
R3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [43192 2010-10-22] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [344712 2010-10-22] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [66536 2010-10-22] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [64208 2010-10-22] (McAfee, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 1999-12-31] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NEOFLTR_717_20581; C:\WINDOWS\system32\Drivers\NEOFLTR_717_20581.SYS [85064 2012-03-12] (Juniper Networks)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\Netwxn00.sys [10281088 2012-09-30] (Intel Corporation)
S3 ni1006k; C:\WINDOWS\system32\drivers\ni1006k.sys [25888 2007-02-22] (National Instruments Corporation)
S3 ni1045k; C:\WINDOWS\system32\drivers\ni1045kl.sys [11552 2007-02-22] (National Instruments Corporation)
S3 ni1065k; C:\WINDOWS\system32\drivers\ni1065k.sys [22360 2007-05-25] (National Instruments Corporation)
R2 niarbk; C:\WINDOWS\System32\drivers\niarbk.dll [37376 2006-07-04] (National Instruments Corporation) [File not signed]
R2 nibffrk; C:\WINDOWS\System32\drivers\nibffrk.dll [21504 2006-07-04] (National Instruments Corporation) [File not signed]
R2 nicanpk; C:\WINDOWS\System32\DRIVERS\nicanpkl.sys [11336 2007-07-17] (National Instruments Corporation)
S3 nicanpkw; C:\WINDOWS\System32\DRIVERS\nicanpkw.sys [11336 2007-07-17] (National Instruments Corporation)
S3 nicdrk; C:\WINDOWS\system32\drivers\nicdrkl.sys [11352 2007-07-15] (National Instruments Corporation)
S2 Nidaq32k; C:\WINDOWS\system32\Drivers\Nidaq32k.sys [674304 2006-07-04] (National Instruments Corporation) [File not signed]
R3 nidimk; C:\WINDOWS\system32\drivers\nidimkl.sys [11360 2007-07-12] (National Instruments Corporation)
S2 nidmmk; C:\WINDOWS\System32\drivers\nidmmk.dll [50688 2006-07-04] (National Instruments Corporation) [File not signed]
S3 nidmxfk; C:\WINDOWS\system32\drivers\nidmxfkl.sys [11336 2007-07-14] (National Instruments Corporation)
S3 nidsark; C:\WINDOWS\system32\drivers\nidsarkl.sys [11344 2007-07-19] (National Instruments Corporation)
S3 niemrk; C:\WINDOWS\system32\drivers\niemrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 niesrk; C:\WINDOWS\system32\drivers\niesrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 nifslk; C:\WINDOWS\system32\drivers\nifslkl.sys [11352 2007-07-15] (National Instruments Corporation)
S3 nigplk; C:\WINDOWS\system32\drivers\nigplkl.sys [11552 2007-02-23] (National Instruments Corporation)
S3 nihsdrk; C:\WINDOWS\system32\drivers\nihsdrkl.sys [11352 2007-07-25] (National Instruments Corporation)
R3 nimdbgk; C:\WINDOWS\system32\drivers\nimdbgkl.sys [11360 2007-07-12] (National Instruments Corporation)
R2 nimdsk; C:\WINDOWS\System32\drivers\nimdsk.dll [30208 2006-07-04] (National Instruments Corporation) [File not signed]
R3 nimru2k; C:\WINDOWS\system32\drivers\nimru2kl.sys [11360 2007-07-24] (National Instruments Corporation)
S3 nimsdrk; C:\WINDOWS\system32\drivers\nimsdrkl.sys [11392 2007-07-18] (National Instruments Corporation)
S3 nimslk; C:\WINDOWS\system32\drivers\nimslk.dll [14464 2007-06-21] (National Instruments Corporation) [File not signed]
S3 nimsrlk; C:\WINDOWS\system32\drivers\nimsrlk.dll [151683 2007-06-21] (National Instruments Corporation) [File not signed]
R3 nimstsk; C:\WINDOWS\system32\drivers\nimstskl.sys [11360 2007-07-13] (National Instruments Corporation)
R3 nimxdfk; C:\WINDOWS\system32\drivers\nimxdfkl.sys [11344 2007-07-12] (National Instruments Corporation)
S3 nimxpk; C:\WINDOWS\system32\drivers\nimxpkl.sys [11368 2007-07-13] (National Instruments Corporation)
S3 ninshsdk; C:\WINDOWS\system32\drivers\ninshsdkl.sys [11360 2007-07-19] (National Instruments Corporation)
R3 niorbk; C:\WINDOWS\system32\drivers\niorbkl.sys [11344 2007-07-12] (National Instruments Corporation)
S3 nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [11904 2007-07-18] (National Instruments Corporation)
R0 NIPALK; C:\WINDOWS\System32\drivers\nipalk.sys [580184 2007-07-18] (National Instruments Corporation)
S3 nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [11896 2007-07-18] (National Instruments Corporation)
R0 nipbcfk; C:\WINDOWS\System32\drivers\nipbcfk.sys [15448 2007-07-10] (National Instruments Corporation)
S3 nipxigpk; C:\WINDOWS\system32\drivers\nipxigpk.sys [20768 2007-02-22] (National Instruments Corporation)
R2 nipxirmk; C:\WINDOWS\system32\drivers\nipxirmkl.sys [11552 2007-02-22] (National Instruments Corporation)
S3 niscdk; C:\WINDOWS\system32\drivers\niscdkl.sys [11376 2007-07-19] (National Instruments Corporation)
S3 nisdigk; C:\WINDOWS\system32\drivers\nisdigkl.sys [11352 2007-07-17] (National Instruments Corporation)
S3 nisftk; C:\WINDOWS\system32\drivers\nisftkl.sys [11344 2007-07-16] (National Instruments Corporation)
S3 nispdk; C:\WINDOWS\system32\drivers\nispdkl.sys [11376 2007-07-19] (National Instruments Corporation)
S3 nissrk; C:\WINDOWS\system32\drivers\nissrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 nistc2k; C:\WINDOWS\system32\drivers\nistc2kl.sys [11312 2007-07-15] (National Instruments Corporation)
R2 nistck; C:\WINDOWS\System32\drivers\nistck.dll [111616 2006-07-04] (National Instruments Corporation) [File not signed]
S3 nistcrk; C:\WINDOWS\system32\drivers\nistcrkl.sys [11360 2007-07-15] (National Instruments Corporation)
S3 niswdk; C:\WINDOWS\system32\drivers\niswdkl.sys [11336 2007-07-17] (National Instruments Corporation)
S3 nitiork; C:\WINDOWS\system32\drivers\nitiorkl.sys [11360 2007-07-19] (National Instruments Corporation)
S3 NiViFWK; C:\WINDOWS\System32\drivers\NiViFWKl.sys [11384 2007-07-19] (National Instruments Corporation)
S3 NiViPciK; C:\WINDOWS\System32\drivers\NiViPciKl.sys [11360 2007-07-19] (National Instruments Corporation)
R2 NiViPxiK; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [11360 2007-07-19] (National Instruments Corporation)
S3 niwfrk; C:\WINDOWS\system32\drivers\niwfrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 nixsrk; C:\WINDOWS\system32\drivers\nixsrkl.sys [11336 2007-07-24] (National Instruments Corporation)
R3 Nmea; C:\WINDOWS\System32\DRIVERS\pctnullport.sys [38680 2010-10-19] (PCTEL Inc.)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2011-02-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 privman; C:\WINDOWS\System32\DRIVERS\privman.sys [30416 2011-04-14] (BeyondTrust Software, Inc.)
R2 risdxc; C:\WINDOWS\System32\DRIVERS\risdxc86.sys [76288 2011-05-25] (REDC)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R0 SGSTDRVM; C:\WINDOWS\System32\Drivers\sgstdrvm.sys [51968 2011-08-05] (Utimaco Safeware AG - a member of the Sophos Group)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
S3 SMSIWLAN5; C:\Program Files\Sprint\Sprint SmartView\SMSIWLAN5.SYS [32408 2011-03-01] (Smith Micro Inc.)
R0 stmtpm; C:\WINDOWS\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-02-19] ()
R1 tcpipBM; C:\WINDOWS\system32\drivers\tcpipBM.sys [24192 2010-12-20] (Bytemobile, Inc.) [File not signed]
R3 TcUsb; C:\WINDOWS\System32\Drivers\tcusb.sys [51400 2011-08-19] (AuthenTec, Inc.)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [13936 2013-01-11] (Lenovo Group Limited)
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2011-11-21] () [File not signed]
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [194362 2008-02-14] (Jungo) [File not signed]
R2 XilinxPC4Driver; C:\WINDOWS\System32\drivers\xpc4drvr.sys [16000 2008-02-14] (Xilinx, Inc.) [File not signed]
S4 IntelIde; No ImagePath
S3 niimaqk; system32\drivers\niimaqk.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-05-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 usb6xxxk; \??\C:\WINDOWS\system32\drivers\usb6xxxkl.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 09:14 - 2014-08-31 09:15 - 00000000 ____D () C:\FRST
2014-08-31 08:49 - 2014-08-31 08:49 - 00010287 _____ () C:\Documents and Settings\C01248\Desktop\hs_err_pid7576.log
2014-08-29 12:18 - 2014-08-29 12:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PrevxCSI
2014-08-29 12:18 - 2014-08-29 12:18 - 00076696 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys
2014-08-29 12:18 - 2014-08-29 12:18 - 00000049 _____ () C:\WINDOWS\wininit.ini
2014-08-29 12:18 - 2014-08-29 12:18 - 00000000 ____D () C:\Program Files\Prevx
2014-08-27 12:36 - 2014-08-27 12:38 - 00065612 _____ () C:\Documents and Settings\C01248\Desktop\FRST.txt
2014-08-27 12:08 - 2014-08-27 12:12 - 00000000 ____D () C:\AdwCleaner
2014-08-27 10:06 - 2014-08-31 08:21 - 00056129 _____ () C:\WINDOWS\setupapi.log
2014-08-27 07:25 - 2014-08-27 07:25 - 00000000 __SHD () C:\found.000
2014-08-26 20:44 - 2014-08-26 20:45 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-26 20:44 - 2014-08-26 20:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-26 14:52 - 2014-08-31 09:15 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\ValidatorHumble
2014-08-26 14:51 - 2014-08-31 09:17 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterRadio
2014-08-26 14:49 - 2014-08-26 14:52 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy
2014-08-26 14:49 - 2014-08-26 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\UIBeerware
2014-08-25 18:19 - 2014-08-25 18:19 - 237101056 _____ () C:\Documents and Settings\C01248\Desktop\LVRTE2012f3std.exe
2014-08-25 16:46 - 2014-08-25 16:46 - 04761014 _____ () C:\Documents and Settings\C01248\Desktop\PERFECT Test 12.3.0.0.zip
2014-08-21 14:22 - 2014-08-21 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2014-08-21 14:21 - 2014-08-21 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2014-08-20 12:45 - 2014-08-20 12:45 - 00429992 _____ () C:\Documents and Settings\C01248\Desktop\Post Service checks.xlsm
2014-08-16 14:17 - 2014-08-27 09:13 - 00000000 ____D () C:\Quarantine
2014-08-14 10:30 - 2014-08-18 10:31 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\DM6 Long Term Shutdown
2014-08-13 21:25 - 2014-08-13 21:25 - 03238415 _____ () C:\Documents and Settings\C01248\Desktop\Tom Cron Cymer WW-Closed SR Cycle Time-08112014-V4 (2).xlsx
2014-08-13 10:21 - 2014-08-13 10:22 - 01187960 _____ () C:\Documents and Settings\C01248\Desktop\ProcessExplorer.zip
2014-08-12 19:27 - 2014-08-12 19:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio .NET 2003
2014-08-12 18:04 - 2014-08-26 19:05 - 00000000 ____D () C:\Documents and Settings\l403196a\Local Settings\Temp
2014-08-12 18:04 - 2014-08-12 18:32 - 00000178 ___SH () C:\Documents and Settings\l403196a\ntuser.ini
2014-08-12 18:04 - 2014-08-12 18:04 - 00000000 ____D () C:\Documents and Settings\l403196a
2014-08-12 18:04 - 2014-05-27 18:20 - 00000000 __SHD () C:\Documents and Settings\l403196a\IETldCache
2014-08-12 18:04 - 2013-11-23 04:20 - 00000000 ____D () C:\Documents and Settings\l403196a\Local Settings\Application Data\Microsoft Help
2014-08-12 18:04 - 2013-06-10 18:47 - 00000000 ____D () C:\Documents and Settings\l403196a\Application Data\Intel
2014-08-12 18:04 - 2013-05-03 16:26 - 00001599 _____ () C:\Documents and Settings\l403196a\Start Menu\Programs\Remote Assistance.lnk
2014-08-12 18:04 - 2013-05-03 16:26 - 00000792 _____ () C:\Documents and Settings\l403196a\Start Menu\Programs\Windows Media Player.lnk
2014-08-12 18:04 - 2013-05-03 16:26 - 00000000 ___RD () C:\Documents and Settings\l403196a\Start Menu\Programs\Accessories
2014-08-12 18:04 - 2013-05-03 13:40 - 00000000 ____D () C:\Documents and Settings\l403196a\Application Data\Sun
2014-08-06 09:31 - 2014-08-06 09:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-06 09:31 - 2014-06-26 17:38 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-06 08:17 - 2014-08-06 08:18 - 00000000 ____D () C:\WINDOWS\pss
2014-08-03 21:42 - 2013-11-15 15:40 - 00143088 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo14.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 09:17 - 2014-08-26 14:51 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterRadio
2014-08-31 09:17 - 2013-05-23 13:04 - 00000000 ____D () C:\Documents and Settings\C01248\Application Data\Mobolize
2014-08-31 09:16 - 2013-05-23 12:25 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Temp
2014-08-31 09:15 - 2014-08-31 09:14 - 00000000 ____D () C:\FRST
2014-08-31 09:15 - 2014-08-26 14:52 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\ValidatorHumble
2014-08-31 09:02 - 2013-05-03 16:25 - 01520277 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-31 08:57 - 2013-06-05 15:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-31 08:49 - 2014-08-31 08:49 - 00010287 _____ () C:\Documents and Settings\C01248\Desktop\hs_err_pid7576.log
2014-08-31 08:28 - 2013-05-03 16:24 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-31 08:28 - 2013-05-03 09:21 - 00000259 _____ () C:\WINDOWS\wiadebug.log
2014-08-31 08:25 - 2013-06-04 22:55 - 00000302 _____ () C:\WINDOWS\Tasks\PMTask.job
2014-08-31 08:25 - 2013-05-23 12:26 - 00000000 ____D () C:\Documents and Settings\C01248\Tracing
2014-08-31 08:23 - 2011-07-13 16:57 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-31 08:22 - 2013-05-23 14:52 - 00000069 _____ () C:\WINDOWS\pxisys.ini
2014-08-31 08:22 - 2013-05-23 14:52 - 00000030 _____ () C:\WINDOWS\pxiesys.ini
2014-08-31 08:21 - 2014-08-27 10:06 - 00056129 _____ () C:\WINDOWS\setupapi.log
2014-08-31 08:21 - 2013-05-03 09:21 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-31 08:18 - 2013-05-03 13:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-30 21:50 - 2014-02-18 18:21 - 01153456 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-30 21:50 - 2013-06-05 22:56 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-08-30 21:50 - 2013-05-23 12:25 - 00000708 ___SH () C:\Documents and Settings\C01248\ntuser.ini
2014-08-30 21:50 - 2013-05-03 13:31 - 00032440 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-30 18:44 - 2014-04-24 09:05 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 21:03 - 2014-06-01 21:18 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\Google
2014-08-29 20:59 - 2014-05-20 09:40 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\Deployment
2014-08-29 20:35 - 2013-05-23 12:49 - 00000000 ____D () C:\Program Files\Mobolize CacheFront
2014-08-29 12:38 - 2014-08-29 12:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PrevxCSI
2014-08-29 12:18 - 2014-08-29 12:18 - 00076696 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys
2014-08-29 12:18 - 2014-08-29 12:18 - 00000049 _____ () C:\WINDOWS\wininit.ini
2014-08-29 12:18 - 2014-08-29 12:18 - 00000000 ____D () C:\Program Files\Prevx
2014-08-29 12:17 - 2013-06-05 13:39 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Software
2014-08-29 12:10 - 2013-05-23 14:19 - 00001860 _____ () C:\Documents and Settings\C01248\Desktop\IC Imaging Control 3.0.lnk
2014-08-29 12:10 - 2013-05-23 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IC Imaging Control 3.0
2014-08-29 12:08 - 2013-05-23 14:19 - 00000000 ____D () C:\Program Files\Common Files\IC Imaging Control 3
2014-08-29 11:47 - 2013-05-03 13:31 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-28 15:46 - 2013-05-03 09:07 - 326062080 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-28 14:51 - 2014-03-18 10:59 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\6XXX Chamber Directive
2014-08-28 14:46 - 2013-06-05 13:38 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Laser Calibrations
2014-08-28 09:35 - 2013-06-05 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\SR's
2014-08-27 12:38 - 2014-08-27 12:36 - 00065612 _____ () C:\Documents and Settings\C01248\Desktop\FRST.txt
2014-08-27 12:12 - 2014-08-27 12:08 - 00000000 ____D () C:\AdwCleaner
2014-08-27 11:58 - 2014-03-21 09:27 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Outlook Files
2014-08-27 11:58 - 2013-05-03 16:24 - 00000240 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-08-27 09:13 - 2014-08-16 14:17 - 00000000 ____D () C:\Quarantine
2014-08-27 09:03 - 2013-05-23 12:25 - 00000000 ____D () C:\Documents and Settings\C01248
2014-08-27 07:25 - 2014-08-27 07:25 - 00000000 __SHD () C:\found.000
2014-08-26 22:18 - 2013-08-26 12:32 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-26 22:12 - 2013-05-03 09:19 - 00598638 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-26 20:45 - 2014-08-26 20:44 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-26 20:44 - 2014-08-26 20:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-26 19:14 - 2013-06-04 23:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-26 19:05 - 2014-08-12 18:04 - 00000000 ____D () C:\Documents and Settings\l403196a\Local Settings\Temp
2014-08-26 19:05 - 2013-07-11 18:25 - 00000000 ____D () C:\Documents and Settings\L401934\Local Settings\Temp
2014-08-26 19:05 - 2013-05-03 14:32 - 00000000 ____D () C:\Documents and Settings\CymerAdmin\Local Settings\Temp
2014-08-26 19:05 - 2013-05-03 13:46 - 00000000 ____D () C:\TEMP
2014-08-26 19:05 - 2013-05-03 13:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-26 19:01 - 2013-05-03 09:14 - 00000000 ____D () C:\WINDOWS\Resources
2014-08-26 16:04 - 2013-05-03 13:57 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-26 14:52 - 2014-08-26 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy
2014-08-26 14:49 - 2014-08-26 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\UIBeerware
2014-08-26 08:46 - 2013-05-03 13:36 - 00000178 ___SH () C:\Documents and Settings\SVC-ALTIRIS-PROD\ntuser.ini
2014-08-25 19:16 - 2013-06-05 14:50 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\Weekly Reports
2014-08-25 18:57 - 2013-06-05 13:37 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Cymer PAT
2014-08-25 18:19 - 2014-08-25 18:19 - 237101056 _____ () C:\Documents and Settings\C01248\Desktop\LVRTE2012f3std.exe
2014-08-25 16:53 - 2013-05-23 14:10 - 00000000 ____D () C:\Program Files\PERFECT Test
2014-08-25 16:46 - 2014-08-25 16:46 - 04761014 _____ () C:\Documents and Settings\C01248\Desktop\PERFECT Test 12.3.0.0.zip
2014-08-25 08:40 - 2013-06-05 13:49 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Timesheets
2014-08-21 15:01 - 2013-06-05 14:50 - 00762502 _____ () C:\Documents and Settings\C01248\Desktop\187146_C.xlsm
2014-08-21 14:22 - 2014-08-21 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2014-08-21 14:21 - 2014-08-21 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2014-08-21 14:21 - 2013-05-03 15:08 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-08-20 12:45 - 2014-08-20 12:45 - 00429992 _____ () C:\Documents and Settings\C01248\Desktop\Post Service checks.xlsm
2014-08-19 07:15 - 2013-05-03 09:14 - 00000000 ____D () C:\WINDOWS\security
2014-08-18 11:23 - 2013-06-05 13:37 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\GoldLists
2014-08-18 10:35 - 2013-09-06 10:19 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\Spansion
2014-08-18 10:31 - 2014-08-14 10:30 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\DM6 Long Term Shutdown
2014-08-13 21:31 - 2013-06-10 21:48 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\RFAB Quotes
2014-08-13 21:25 - 2014-08-13 21:25 - 03238415 _____ () C:\Documents and Settings\C01248\Desktop\Tom Cron Cymer WW-Closed SR Cycle Time-08112014-V4 (2).xlsx
2014-08-13 10:22 - 2014-08-13 10:21 - 01187960 _____ () C:\Documents and Settings\C01248\Desktop\ProcessExplorer.zip
2014-08-12 19:38 - 2013-05-03 13:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-12 19:30 - 2013-05-23 13:56 - 00000000 ____D () C:\Program Files\Common Files\Merge Modules
2014-08-12 19:27 - 2014-08-12 19:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio .NET 2003
2014-08-12 19:26 - 2013-05-23 13:59 - 00000000 ____D () C:\Program Files\Cymer FSE Laptop Drivers_v2.0.0
2014-08-12 19:26 - 2013-05-23 13:52 - 00000000 ____D () C:\Program Files\National Instruments
2014-08-12 18:32 - 2014-08-12 18:04 - 00000178 ___SH () C:\Documents and Settings\l403196a\ntuser.ini
2014-08-12 18:04 - 2014-08-12 18:04 - 00000000 ____D () C:\Documents and Settings\l403196a
2014-08-06 09:33 - 2014-08-06 09:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-06 08:18 - 2014-08-06 08:17 - 00000000 ____D () C:\WINDOWS\pss
2014-08-06 08:18 - 2013-05-03 09:17 - 00000211 ___SH () C:\boot.ini
2014-08-06 08:18 - 2011-07-13 16:57 - 00000603 _____ () C:\WINDOWS\win.ini
2014-08-06 08:18 - 2011-07-13 16:57 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-06 07:34 - 2013-05-23 14:10 - 00000000 ____D () C:\Program Files\Super Cubit
2014-08-06 07:33 - 2013-05-23 14:10 - 00286720 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2014-08-06 07:33 - 2013-05-23 14:10 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2014-08-05 20:10 - 2014-04-24 09:05 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-05 20:10 - 2014-04-24 09:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 20:10 - 2014-04-24 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-05 18:55 - 2013-05-23 13:17 - 00000000 ____D () C:\XLA_Diags
2014-08-05 17:09 - 2013-06-05 15:28 - 00000000 ____D () C:\Documents and Settings\C01248\Application Data\FileZilla
2014-08-05 08:16 - 2013-05-03 13:47 - 00000000 ____D () C:\Program Files\Intel
2014-08-05 08:11 - 2013-06-04 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intel
2014-08-04 17:40 - 2013-06-04 20:20 - 00000000 ____D () C:\SWTOOLS
2014-08-03 21:43 - 2013-05-03 13:50 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups

Some content of TEMP:
====================
C:\Documents and Settings\C01248\Local Settings\Temp\jna1207955988111681176.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna2596630332205884207.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna2852727779105272702.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna2873631279531282496.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna3189274540272018572.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna3310978012686383541.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna3636692912735920811.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna4268471432060714560.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna4384217263427520317.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna4760509551714747384.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna5768026713607530563.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna6137686205234646959.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna7264201487098340486.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna7600411830033577938.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna8211829265401105562.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna8461497366057804547.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna962119339549398959.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jniwrap.dll
C:\Documents and Settings\C01248\Local Settings\Temp\pvxinst109.exe
C:\Documents and Settings\C01248\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 


Edited by hamluis, 31 August 2014 - 10:26 AM.
Moved from XP to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 AM

Posted 02 September 2014 - 09:00 AM


This fix may take awhile to complete. Let it finish.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: x-Pro.exe <====== ATTENTION
HKLM Group Policy restriction on software: edonkey.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipclient.exe <====== ATTENTION
HKLM Group Policy restriction on software: Napigator.exe <====== ATTENTION
HKLM Group Policy restriction on software: BitSpirit.exe <====== ATTENTION
HKLM Group Policy restriction on software: freecall.exe <====== ATTENTION
HKLM Group Policy restriction on software: icq.exe <====== ATTENTION
HKLM Group Policy restriction on software: peercast.exe <====== ATTENTION
HKLM Group Policy restriction on software: MsnMsgr.exe <====== ATTENTION
HKLM Group Policy restriction on software: btdownloadgui.exe <====== ATTENTION
HKLM Group Policy restriction on software: yahoomessenger.exe <====== ATTENTION
HKLM Group Policy restriction on software: winmx.exe <====== ATTENTION
HKLM Group Policy restriction on software: ymsgr6_beta.exe <====== ATTENTION
HKLM Group Policy restriction on software: swapper.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2pre.exe <====== ATTENTION
HKLM Group Policy restriction on software: woize.exe <====== ATTENTION
HKLM Group Policy restriction on software: edonkey2000.exe <====== ATTENTION
HKLM Group Policy restriction on software: mtorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: zultrax.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2processfactory.exe <====== ATTENTION
HKLM Group Policy restriction on software: Piolet.exe <====== ATTENTION
HKLM Group Policy restriction on software: entropy.exe <====== ATTENTION
HKLM Group Policy restriction on software: kiwialpha.exe <====== ATTENTION
HKLM Group Policy restriction on software: ventrilo.exe <====== ATTENTION
HKLM Group Policy restriction on software: BITTORNADO.exe <====== ATTENTION
HKLM Group Policy restriction on software: Phex.exe <====== ATTENTION
HKLM Group Policy restriction on software: ipphone.exe <====== ATTENTION
HKLM Group Policy restriction on software: eyebeam.exe <====== ATTENTION
HKLM Group Policy restriction on software: iceshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: LimeWire.exe <====== ATTENTION
HKLM Group Policy restriction on software: Tvants.exe <====== ATTENTION
HKLM Group Policy restriction on software: PPlive.exe <====== ATTENTION
HKLM Group Policy restriction on software: Xfire.exe <====== ATTENTION
HKLM Group Policy restriction on software: sipps.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipcheap.exe <====== ATTENTION
HKLM Group Policy restriction on software: g3torrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: ekiga.exe <====== ATTENTION
HKLM Group Policy restriction on software: kazaa.exe <====== ATTENTION
HKLM Group Policy restriction on software: tribler.exe <====== ATTENTION
HKLM Group Policy restriction on software: abc.exe <====== ATTENTION
HKLM Group Policy restriction on software: eBuddy.exe <====== ATTENTION
HKLM Group Policy restriction on software: sparVoip.exe <====== ATTENTION
HKLM Group Policy restriction on software: Shareaza.exe <====== ATTENTION
HKLM Group Policy restriction on software: phone.exe <====== ATTENTION
HKLM Group Policy restriction on software: rufus.exe <====== ATTENTION
HKLM Group Policy restriction on software: slsk.exe <====== ATTENTION
HKLM Group Policy restriction on software: Pruna.exe <====== ATTENTION
HKLM Group Policy restriction on software: MXit.exe <====== ATTENTION
HKLM Group Policy restriction on software: Azureus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Cabos.exe <====== ATTENTION
HKLM Group Policy restriction on software: boinc.exe <====== ATTENTION
HKLM Group Policy restriction on software: StrongDC.exe <====== ATTENTION
HKLM Group Policy restriction on software: bitcomet.exe <====== ATTENTION
HKLM Group Policy restriction on software: DCPlusPlus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Blubster.exe <====== ATTENTION
HKLM Group Policy restriction on software: UseNeXT.exe <====== ATTENTION
HKLM Group Policy restriction on software: bitlord.exe <====== ATTENTION
HKLM Group Policy restriction on software: mlnet.exe <====== ATTENTION
HKLM Group Policy restriction on software: trillian.exe <====== ATTENTION
HKLM Group Policy restriction on software: grokster.exe <====== ATTENTION
HKLM Group Policy restriction on software: mirc.exe <====== ATTENTION
HKLM Group Policy restriction on software: gopcsrv.exe <====== ATTENTION
HKLM Group Policy restriction on software: db2syscs.exe <====== ATTENTION
HKLM Group Policy restriction on software: moorhunt.exe <====== ATTENTION
HKLM Group Policy restriction on software: mosvs8.exe <====== ATTENTION
HKLM Group Policy restriction on software: coolstreaming.exe <====== ATTENTION
HKLM Group Policy restriction on software: KCeasy.exe <====== ATTENTION
HKLM Group Policy restriction on software: kenmap.exe <====== ATTENTION
HKLM Group Policy restriction on software: bearshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: miranda32.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: eye.exe <====== ATTENTION
HKLM Group Policy restriction on software: icqlite.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\win????.exe <====== ATTENTION
HKLM Group Policy restriction on software: xolox.exe <====== ATTENTION
HKLM Group Policy restriction on software: Jubster.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Acquisition.exe <====== ATTENTION
HKLM Group Policy restriction on software: entropy.exe <====== ATTENTION
HKLM Group Policy restriction on software: STRONGDC.EXE <====== ATTENTION
HKLM Group Policy restriction on software: kazaaLite.kpp <====== ATTENTION
HKLM Group Policy restriction on software: googletalk.exe <====== ATTENTION
HKLM Group Policy restriction on software: sametime.exe <====== ATTENTION
HKLM Group Policy restriction on software: Overnet.exe <====== ATTENTION
HKLM Group Policy restriction on software: ctv.exe <====== ATTENTION
HKLM Group Policy restriction on software: emule.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2printh.exe <====== ATTENTION
HKLM Group Policy restriction on software: gizmo.exe <====== ATTENTION
HKLM Group Policy restriction on software: gift.exe <====== ATTENTION
HKLM Group Policy restriction on software: Cabos.exe <====== ATTENTION
HKLM Group Policy restriction on software: Grokster.exe <====== ATTENTION
HKLM Group Policy restriction on software: tvprunner.exe <====== ATTENTION
HKLM Group Policy restriction on software: Meebo.exe <====== ATTENTION
HKLM Group Policy restriction on software: aMule.exe <====== ATTENTION
HKLM Group Policy restriction on software: newsLeecher.exe <====== ATTENTION
HKLM Group Policy restriction on software: hydranode.exe <====== ATTENTION
HKLM Group Policy restriction on software: FrostWire.exe <====== ATTENTION
HKLM Group Policy restriction on software: PALTALK.EXE <====== ATTENTION
HKLM Group Policy restriction on software: bittorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: warez.exe <====== ATTENTION
HKLM Group Policy restriction on software: anonproxy.exe <====== ATTENTION
HKLM Group Policy restriction on software: x-Lite.exe <====== ATTENTION
HKLM Group Policy restriction on software: TVUPlayer.exe <====== ATTENTION
HKLM Group Policy restriction on software: utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: hamachi.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipbuster.exe <====== ATTENTION
HKLM Group Policy restriction on software: gadugadu.exe <====== ATTENTION
HKLM Group Policy restriction on software: jabber.exe <====== ATTENTION
HKLM Group Policy restriction on software: Xfire.exe <====== ATTENTION
HKLM Group Policy restriction on software: morpheus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Ares.exe <====== ATTENTION
HKLM Group Policy restriction on software: tvprunner.exe <====== ATTENTION
HKLM Group Policy restriction on software: leechget.exe <====== ATTENTION
HKLM Group Policy restriction on software: TeamSpeak.exe <====== ATTENTION
HKLM Group Policy restriction on software: qtorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: imesh.exe <====== ATTENTION
HKLM Group Policy restriction on software: aim.exe <====== ATTENTION
HKLM Group Policy restriction on software: icqlight.exe <====== ATTENTION
HKLM Group Policy restriction on software: bearshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: QQ.exe <====== ATTENTION
HKLM Group Policy restriction on software: burst.exe <====== ATTENTION
HKLM Group Policy restriction on software: morpheus.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
CHR HomePage: Default -> FA9E2A2A9EE0C1157CF23C0A009CE1F8C4A60AB40D9C05D57BD8411F47710B0C
CHR DefaultSearchKeyword: Default -> 1B641F7E62F8E38860855D8F474AF95D2C15A98046E33BCE005AC11CE96749BE
CHR DefaultSearchProvider: Default -> 8FDBF17D385F5D0989475684E9D06C188C219DAF5EE8E3969E7A5F2200336611
CHR DefaultSearchURL: Default -> 790F0C2FE51BB6854730B758E3B83504F6C6DD4C4C538304A933A8AE41CFC152
CHR Extension: (example) - C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\SupporterPale [2014-08-26]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]
S3 niimaqk; system32\drivers\niimaqk.sys [X]
S3 usb6xxxk; \??\C:\WINDOWS\system32\drivers\usb6xxxkl.sys [X]
U1 WS2IFSL; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problem persists.

#3 twcron

twcron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 02 September 2014 - 10:52 AM

Hello Nasdaq and Thanks for your help!!

 

I ran the fix and it successfully completed.  I was very hopeful but after the reboot the issue seems to be the same.  Task manager shows the same 2 random streaming Chrome sites and many browser.exe processes.

 

Here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014
Ran by C01248 at 2014-09-02 09:54:30 Run:1
Running from E:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: x-Pro.exe <====== ATTENTION
HKLM Group Policy restriction on software: edonkey.exe <====== ATTENTION
HKLM Group Policy restriction on
software: voipclient.exe <====== ATTENTION
HKLM Group Policy restriction on software: Napigator.exe <====== ATTENTION
HKLM Group Policy restriction on software: BitSpirit.exe <====== ATTENTION
HKLM Group Policy restriction on software: freecall.exe <====== ATTENTION
HKLM Group Policy restriction on software: icq.exe <====== ATTENTION
HKLM Group Policy restriction on software: peercast.exe <====== ATTENTION
HKLM Group Policy restriction on software: MsnMsgr.exe <====== ATTENTION
HKLM Group Policy restriction on software: btdownloadgui.exe <====== ATTENTION
HKLM Group Policy restriction on software: yahoomessenger.exe <====== ATTENTION
HKLM Group Policy restriction on software: winmx.exe <====== ATTENTION
HKLM Group Policy restriction on software: ymsgr6_beta.exe <====== ATTENTION
HKLM Group Policy restriction on software: swapper.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group
Policy restriction on software: g2pre.exe <====== ATTENTION
HKLM Group Policy restriction on software: woize.exe <====== ATTENTION
HKLM Group Policy restriction on software: edonkey2000.exe <====== ATTENTION
HKLM Group Policy restriction on software: mtorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: zultrax.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2processfactory.exe <====== ATTENTION
HKLM Group Policy restriction on software: Piolet.exe <====== ATTENTION
HKLM Group Policy restriction on software: entropy.exe <====== ATTENTION
HKLM Group Policy restriction on software: kiwialpha.exe <====== ATTENTION
HKLM Group Policy restriction on software: ventrilo.exe <====== ATTENTION
HKLM Group Policy restriction on software: BITTORNADO.exe <====== ATTENTION
HKLM Group Policy restriction on software: Phex.exe <====== ATTENTION
HKLM Group Policy restriction on software: ipphone.exe <======
ATTENTION
HKLM Group Policy restriction on software: eyebeam.exe <====== ATTENTION
HKLM Group Policy restriction on software: iceshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: LimeWire.exe <====== ATTENTION
HKLM Group Policy restriction on software: Tvants.exe <====== ATTENTION
HKLM Group Policy restriction on software: PPlive.exe <====== ATTENTION
HKLM Group Policy restriction on software: Xfire.exe <====== ATTENTION
HKLM Group Policy restriction on software: sipps.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipcheap.exe <====== ATTENTION
HKLM Group Policy restriction on software: g3torrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: ekiga.exe <====== ATTENTION
HKLM Group Policy restriction on software: kazaa.exe <====== ATTENTION
HKLM Group Policy restriction on software: tribler.exe <====== ATTENTION
HKLM Group Policy restriction on software: abc.exe <======
ATTENTION
HKLM Group Policy restriction on software: eBuddy.exe <====== ATTENTION
HKLM Group Policy restriction on software: sparVoip.exe <====== ATTENTION
HKLM Group Policy restriction on software: Shareaza.exe <====== ATTENTION
HKLM Group Policy restriction on software: phone.exe <====== ATTENTION
HKLM Group Policy restriction on software: rufus.exe <====== ATTENTION
HKLM Group Policy restriction on software: slsk.exe <====== ATTENTION
HKLM Group Policy restriction on software: Pruna.exe <====== ATTENTION
HKLM Group Policy restriction on software: MXit.exe <====== ATTENTION
HKLM Group Policy restriction on software: Azureus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Cabos.exe <====== ATTENTION
HKLM Group Policy restriction on software: boinc.exe <====== ATTENTION
HKLM Group Policy restriction on software: StrongDC.exe <====== ATTENTION
HKLM Group Policy restriction on software: bitcomet.exe <====== ATTENTION
HKLM
Group Policy restriction on software: DCPlusPlus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Blubster.exe <====== ATTENTION
HKLM Group Policy restriction on software: UseNeXT.exe <====== ATTENTION
HKLM Group Policy restriction on software: bitlord.exe <====== ATTENTION
HKLM Group Policy restriction on software: mlnet.exe <====== ATTENTION
HKLM Group Policy restriction on software: trillian.exe <====== ATTENTION
HKLM Group Policy restriction on software: grokster.exe <====== ATTENTION
HKLM Group Policy restriction on software: mirc.exe <====== ATTENTION
HKLM Group Policy restriction on software: gopcsrv.exe <====== ATTENTION
HKLM Group Policy restriction on software: db2syscs.exe <====== ATTENTION
HKLM Group Policy restriction on software: moorhunt.exe <====== ATTENTION
HKLM Group Policy restriction on software: mosvs8.exe <====== ATTENTION
HKLM Group Policy restriction on software: coolstreaming.exe <======
ATTENTION
HKLM Group Policy restriction on software: KCeasy.exe <====== ATTENTION
HKLM Group Policy restriction on software: kenmap.exe <====== ATTENTION
HKLM Group Policy restriction on software: bearshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: miranda32.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: eye.exe <====== ATTENTION
HKLM Group Policy restriction on software: icqlite.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\win????.exe <====== ATTENTION
HKLM Group Policy restriction on software: xolox.exe <====== ATTENTION
HKLM Group Policy restriction on software: Jubster.exe <====== ATTENTION
HKLM Group Policy restriction on software: gnucleus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Acquisition.exe <====== ATTENTION
HKLM Group Policy restriction on software: entropy.exe
<====== ATTENTION
HKLM Group Policy restriction on software: STRONGDC.EXE <====== ATTENTION
HKLM Group Policy restriction on software: kazaaLite.kpp <====== ATTENTION
HKLM Group Policy restriction on software: googletalk.exe <====== ATTENTION
HKLM Group Policy restriction on software: sametime.exe <====== ATTENTION
HKLM Group Policy restriction on software: Overnet.exe <====== ATTENTION
HKLM Group Policy restriction on software: ctv.exe <====== ATTENTION
HKLM Group Policy restriction on software: emule.exe <====== ATTENTION
HKLM Group Policy restriction on software: g2printh.exe <====== ATTENTION
HKLM Group Policy restriction on software: gizmo.exe <====== ATTENTION
HKLM Group Policy restriction on software: gift.exe <====== ATTENTION
HKLM Group Policy restriction on software: Cabos.exe <====== ATTENTION
HKLM Group Policy restriction on software: Grokster.exe <====== ATTENTION
HKLM Group Policy restriction on software: tvprunner.exe
<====== ATTENTION
HKLM Group Policy restriction on software: Meebo.exe <====== ATTENTION
HKLM Group Policy restriction on software: aMule.exe <====== ATTENTION
HKLM Group Policy restriction on software: newsLeecher.exe <====== ATTENTION
HKLM Group Policy restriction on software: hydranode.exe <====== ATTENTION
HKLM Group Policy restriction on software: FrostWire.exe <====== ATTENTION
HKLM Group Policy restriction on software: PALTALK.EXE <====== ATTENTION
HKLM Group Policy restriction on software: bittorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: warez.exe <====== ATTENTION
HKLM Group Policy restriction on software: anonproxy.exe <====== ATTENTION
HKLM Group Policy restriction on software: x-Lite.exe <====== ATTENTION
HKLM Group Policy restriction on software: TVUPlayer.exe <====== ATTENTION
HKLM Group Policy restriction on software: utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software:
hamachi.exe <====== ATTENTION
HKLM Group Policy restriction on software: voipbuster.exe <====== ATTENTION
HKLM Group Policy restriction on software: gadugadu.exe <====== ATTENTION
HKLM Group Policy restriction on software: jabber.exe <====== ATTENTION
HKLM Group Policy restriction on software: Xfire.exe <====== ATTENTION
HKLM Group Policy restriction on software: morpheus.exe <====== ATTENTION
HKLM Group Policy restriction on software: Ares.exe <====== ATTENTION
HKLM Group Policy restriction on software: tvprunner.exe <====== ATTENTION
HKLM Group Policy restriction on software: leechget.exe <====== ATTENTION
HKLM Group Policy restriction on software: TeamSpeak.exe <====== ATTENTION
HKLM Group Policy restriction on software: qtorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: imesh.exe <====== ATTENTION
HKLM Group Policy restriction on software: aim.exe <====== ATTENTION
HKLM Group Policy restriction on software:
icqlight.exe <====== ATTENTION
HKLM Group Policy restriction on software: bearshare.exe <====== ATTENTION
HKLM Group Policy restriction on software: QQ.exe <====== ATTENTION
HKLM Group Policy restriction on software: burst.exe <====== ATTENTION
HKLM Group Policy restriction on software: morpheus.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No
File
CHR HomePage: Default -> FA9E2A2A9EE0C1157CF23C0A009CE1F8C4A60AB40D9C05D57BD8411F47710B0C
CHR DefaultSearchKeyword: Default -> 1B641F7E62F8E38860855D8F474AF95D2C15A98046E33BCE005AC11CE96749BE
CHR DefaultSearchProvider: Default -> 8FDBF17D385F5D0989475684E9D06C188C219DAF5EE8E3969E7A5F2200336611
CHR DefaultSearchURL: Default -> 790F0C2FE51BB6854730B758E3B83504F6C6DD4C4C538304A933A8AE41CFC152
CHR Extension: (example) - C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\SupporterPale [2014-08-26]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]
S3 niimaqk; system32\drivers\niimaqk.sys [X]
S3 usb6xxxk; \??\C:\WINDOWS\system32\drivers\usb6xxxkl.sys [X]
U1 WS2IFSL; No ImagePath

End

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM Group Policy restriction on => Error: No automatic fix found for this entry.
software: voipclient.exe <====== ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM Group => Error: No automatic fix found for this entry.
Policy restriction on software: g2pre.exe <====== ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Error: No automatic fix found for this entry.
HKCU => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
<====== ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
<====== ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
hamachi.exe <====== ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
icqlight.exe <====== ATTENTION => Error: No automatic fix found for this entry.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.
"HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => Key not found.
File => Error: No automatic fix found for this entry.
Chrome HomePage deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> 8FDBF17D385F5D0989475684E9D06C188C219DAF5EE8E3969E7A5F2200336611 ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\SupporterPale => Moved successfully.
SessionLauncher => Service deleted successfully.
niimaqk => Service deleted successfully.
usb6xxxk => Service deleted successfully.
WS2IFSL => Service deleted successfully.

==== End of Fixlog ====

 

I also re-an FRST and here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014
Ran by C01248 (administrator) on CSDPBWKGFX on 02-09-2014 10:35:39
Running from E:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp) C:\WINDOWS\system32\nslsvice.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(BeyondTrust Software, Inc.) C:\WINDOWS\system32\btservice.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Altiris, Inc.) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\WINDOWS\system32\BEDevCtl.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\WINDOWS\system32\BEFCSvcn.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(National Instruments, Inc.) C:\WINDOWS\system32\lkcitdl.exe
(National Instruments Corporation) C:\WINDOWS\system32\lkads.exe
(National Instruments Corporation) C:\WINDOWS\system32\lktsrv.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(IBM Corp) C:\Program Files\Lotus\Notes\ntmulti.exe
(National Instruments Corporation) C:\Program Files\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\WINDOWS\system32\nipalsm.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corp.) C:\WINDOWS\system32\nisvcloc.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\WINDOWS\system32\SGN_MasterServicen.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Sierra Wireless, Inc.) C:\Program Files\Sprint\Sprint SmartView\SwiCardDetect.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(National Instruments Corporation) C:\WINDOWS\system32\nipalsm.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office Communicator\communicator.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\Program Files\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe
(National Instruments Corporation) C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Altiris, Inc.) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Sprint) C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(The Imaging Source Europe GmbH) C:\Program Files\The Imaging Source Europe GmbH\Quick Driver Installer\QuickDriverInstaller.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(AT&T Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\ATT Connect\Participant\pull.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIHBA.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(SmithMicro Inc.) C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\launch4j-tmp\MoboManager.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
(Bytemobile, Inc.) C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
() C:\Program Files\Mobolize CacheFront\MoboProcessWatcher.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\launch4j-tmp\MoboIndexer.exe
(Lakeside Software, Inc.) C:\Program Files\SysTrack\LsiAgent\LsiAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Lakeside Software, Inc.) C:\Program Files\SysTrack\LsiAgent\Utilities\LsiUser.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
(Google Inc.) C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [LenovoAutoScrollUtility] => C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [62512 2013-11-29] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [64064 2011-11-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [342360 2013-11-29] (Lenovo.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM\...\Run: [SGNMasterApplication] => C:\Program Files\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2010-10-22] (McAfee, Inc.)
HKLM\...\Run: [AeXAgentLogon] => C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [152872 2010-02-26] (Altiris, Inc.)
HKLM\...\Run: [niDevMon] => C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [106064 2007-07-14] (National Instruments Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [55656 2012-09-27] (AuthenTec Inc.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [432488 2013-03-12] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [194920 2013-03-12] (Lenovo )
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1122304 2008-11-12] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-08-12] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe [628000 2008-02-27] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe [58656 2008-02-27] (Nuance Communications, Inc.)
HKLM\...\Run: [Sprint SmartView] => C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [69632 2012-07-13] (Sprint)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 1999-12-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333856 2013-09-27] (McAfee, Inc.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated)
Winlogon\Notify\ACNotify: C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
Winlogon\Notify\NotLog: C:\WINDOWS\system32\SGM_SMProtectn.dll (Utimaco Safeware AG - a member of the Sophos Group)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (AuthenTec Inc.)
Winlogon\Notify\SGSSOGinaExt: C:\WINDOWS\system32\SGSSOGinaExtension.dll (Utimaco Safeware AG - a member of the Sophos Group)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [The Imaging Source Quick Driver Installer] => C:\Program Files\The Imaging Source Europe GmbH\Quick Driver Installer\QuickDriverInstaller.exe [688128 2007-03-09] (The Imaging Source Europe GmbH)
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [Push Client] => C:\Documents and Settings\C01248\Local Settings\Application Data\ATT Connect\Participant\pull.exe [922864 2009-04-01] (AT&T Inc.)
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHBA.EXE [249440 2013-06-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [UIBeerware] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\C01248\Local Settings\Application Data\UIBeerware\UIBeerware.dll",DllRegisterServer
HKU\S-1-5-21-784300987-1996436899-9522986-2784\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6688024 2014-08-14] (SUPERAntiSpyware)
AppInit_DLLs: lsihok32.dll => C:\WINDOWS\system32\lsihok32.dll [56944 2013-08-14] (Lakeside Software, Inc.)
AppInit_DLLs:  BTPLOAD32.DLL => C:\WINDOWS\system32\BTPLOAD32.DLL [100168 2011-04-14] (BeyondTrust Software, Inc.)
AppInit_DLLs:  AMINIT.dll => C:\WINDOWS\system32\AMINIT.dll [61440 2007-02-16] (Altiris, Inc.)
Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mobolize CacheFront Manager.lnk
ShortcutTarget: Mobolize CacheFront Manager.lnk -> C:\Program Files\Mobolize CacheFront\MoboManager.exe (Mobolize, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
ShellIconOverlayIdentifiers: FEOverlayDenied -> {8756BF5A-0833-46DE-B27A-36462A724433} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: FEOverlayEnc -> {BF6CE06F-D876-4513-80DA-53FC713DAEC2} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: FEOverlayPlain -> {6F2CF642-97EF-437A-908C-8FFF083E065C} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: FEOverlayRule -> {3FFDF070-C234-4B40-A159-70235626596F} => C:\Program Files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln1 -> {93c136f0-91dc-4456-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln2 -> {93c136f0-91dc-4457-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln3 -> {93c136f0-91dc-4458-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)
ShellIconOverlayIdentifiers: SgnIconOvln4 -> {93c136f0-91dc-4459-a586-98f72aff8d89} => C:\WINDOWS\system32\sgn_beshellextn.dll (Utimaco Safeware AG - a member of the Sophos Group)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=wwwgate.ti.com:80;https=wwwgate.ti.com:81;ftp=wwwgate.ti.com:80;gopher=wwwgate.ti.com:80;socks=wwwgate.ti.com:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO: PowerBroker Desktops Browser Helper -> {0A9CDB52-EBDF-4210-9C6A-B90C2FD410AB} -> C:\WINDOWS\system32\pmbho.dll (BeyondTrust Software, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: LsiBrowserHook Class -> {2E5E4BAC-FEC7-4DD6-AFAF-F4139B1B9FB6} -> C:\Program Files\SysTrack\LsiAgent\Utilities\browserHook.dll (Lakeside Software, Inc.)
BHO: MoboIEPlugIn.dll -> {5147157F-A082-4F23-BD35-DE02C0E2D132} -> C:\Program Files\Mobolize CacheFront\MoboIEPlugIn.dll (Mobolize, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - Mobolize CacheFront Toolbar - {FB948A8A-17D5-4F3C-9DCF-2477467E2583} - C:\Program Files\Mobolize CacheFront\moboietoolbar.DLL (Mobolize, Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} http://csdaltnsprod1.intra.cymer.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} https://cysm.cymer.com/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn1.cymer.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1392759224281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32_CP21-15858/webex/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn9.intra.cymer.com/dana-cached/sc/JuniperSetupClient.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.94.94.26 192.94.94.27
Tcpip\..\Interfaces\{28C4015C-0685-4197-B8FA-93F4F5AF20E3}: [NameServer] 192.168.65.4,192.168.65.7

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: LWAPlugin15.8 -> C:\Documents and Settings\C01248\Application Data\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\C01248\Application Data\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-03]

Chrome:
=======
CHR DefaultSearchProvider: Default -> 8FDBF17D385F5D0989475684E9D06C188C219DAF5EE8E3969E7A5F2200336611
CHR CustomProfile: C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]
CHR Extension: (Google Search) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Documents and Settings\C01248\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR Extension: (example) - C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy\SupporterPale [2014-09-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [1287464 2010-02-26] (Altiris, Inc.)
R2 BEDevCtl; C:\WINDOWS\system32\BEDevCtl.exe [1314816 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 BEFCSvcn; C:\WINDOWS\system32\BEFCSvcn.exe [20480 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 BTService; C:\WINDOWS\system32\btservice.exe [479560 2011-04-14] (BeyondTrust Software, Inc.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 EapSgnSvc; C:\Program Files\Common Files\Wlan SDK\EapSgnSvc.exe [156560 2011-07-06] (Smith Micro Software, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121240 2013-01-03] (Intel Corporation)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [58664 2013-10-25] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [110128 2014-04-07] (Lenovo Group Limited)
R2 LkCitadelServer; C:\WINDOWS\system32\lkcitdl.exe [695136 2007-03-21] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\system32\lkads.exe [40488 2007-07-16] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\system32\lktsrv.exe [50736 2007-07-16] (National Instruments Corporation)
R2 Lotus Notes Single Logon; C:\WINDOWS\system32\nslsvice.exe [20530 2005-12-01] (IBM Corp) [File not signed]
R2 LsiAgent; C:\Program Files\SysTrack\LsiAgent\LsiAgent.exe [3645464 2013-08-14] (Lakeside Software, Inc.)
R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [22816 2010-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [133152 2013-09-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [147984 2010-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2010-10-22] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [69192 2010-10-22] (McAfee, Inc.)
R2 Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [57393 2005-12-01] (IBM Corp) [File not signed]
R2 mxssvr; C:\Program Files\National Instruments\MAX\nimxs.exe [12696 2007-03-08] (National Instruments Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 nidevldu; C:\WINDOWS\system32\nipalsm.exe [12696 2007-02-16] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [213040 2007-07-16] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2007-01-29] (Macrovision Corporation) [File not signed]
R2 nipxirmu; C:\WINDOWS\system32\nipalsm.exe [12696 2007-02-16] (National Instruments Corporation)
R2 niSvcLoc; C:\WINDOWS\system32\nisvcloc.exe [48704 2007-07-19] (National Instruments Corp.)
R2 NITaggerService; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [609384 2007-07-23] (National Instruments Corporation)
R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-07] ()
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-02-27] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [1645568 2013-01-11] () [File not signed]
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1663272 2013-01-11] (Lenovo Group Limited)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [920304 2013-02-21] (Intel® Corporation)
R2 SGN_BEService; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_FEService; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_LogSystem; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_Sem; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_Trans; C:\WINDOWS\system32\SGN_MasterServicen.exe [49152 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R3 SprintRcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [120424 2012-05-30] (SmithMicro Inc.)
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 SwiCardDetectSvc; C:\Program Files\Sprint\Sprint SmartView\SwiCardDetect.exe [226672 2010-09-22] (Sierra Wireless, Inc.)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [115696 2014-06-10] (Lenovo Group Limited)
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 1999-12-31] (Creative)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2013-03-07] (IBM Corp.) [File not signed]
S3 bcm; C:\WINDOWS\System32\DRIVERS\drxvi314.sys [365568 2012-03-20] (Beceem Communications Inc.)
S3 bcmbusctr; C:\WINDOWS\System32\DRIVERS\BcmBusCtr.sys [52736 2012-03-20] (Beceem Communications Inc.)
R0 BeFlt; C:\WINDOWS\System32\DRIVERS\BEFLT.SYS [117504 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\WINDOWS\System32\DRIVERS\be_fltim.sys [59648 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
U0 BMLoad; C:\WINDOWS\System32\drivers\BMLoad.sys [13184 2010-12-20] (Bytemobile, Inc.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [939056 2013-02-14] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 CEAES2M; C:\WINDOWS\System32\Drivers\cegaes2m.sys [63232 2011-08-05] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\WINDOWS\System32\Drivers\cegaesm.sys [62720 2011-08-05] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEDES3M; C:\WINDOWS\System32\Drivers\cedes3m.sys [20224 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEDESM; C:\WINDOWS\System32\Drivers\cedesm.sys [19712 2010-06-15] ()
R0 CEEIDEM; C:\WINDOWS\System32\Drivers\ceeidem.sys [16128 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\WINDOWS\System32\Drivers\cehmacm.sys [25344 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEIDEM; C:\WINDOWS\System32\Drivers\ceidem.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\WINDOWS\System32\Drivers\cerndm.sys [15616 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\WINDOWS\System32\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
S3 cm_net; C:\WINDOWS\System32\DRIVERS\cm_net.sys [112640 2008-05-29] (C-motech Co.,Ltd.)
S3 cm_ser; C:\WINDOWS\System32\DRIVERS\cm_ser.sys [103680 2008-05-29] (C-motech Co.,Ltd.)
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2007-07-24] () [File not signed]
R3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
S3 DFGUSB2; C:\WINDOWS\System32\DRIVERS\dfg_usb2-lt.sys [65024 2006-09-07] () [File not signed]
S3 DIFMBUS; C:\WINDOWS\System32\DRIVERS\DIFMBUS.sys [56392 2010-04-28] (DEVGURU Co., LTD.)
S3 DIFMCVsp; C:\WINDOWS\System32\DRIVERS\DIFMCVsp.sys [164552 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 DIFMMdm; C:\WINDOWS\System32\DRIVERS\DIFMMdm.sys [164552 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 DIFMNET; C:\WINDOWS\System32\DRIVERS\DIFMNET.sys [105544 2010-05-04] (DEVGURU Co., LTD.)
S3 DIFMNVsp; C:\WINDOWS\System32\DRIVERS\DIFMNVsp.sys [164552 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 DIFMVsp; C:\WINDOWS\System32\DRIVERS\DIFMVsp.sys [164552 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [203944 2012-01-11] (Intel Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [24177 2004-02-04] (FTDI Ltd.) [File not signed]
S3 FTSER2K; C:\WINDOWS\System32\drivers\ftser2k.sys [57372 2004-02-04] (FTDI Ltd.) [File not signed]
R0 LCENCM; C:\WINDOWS\System32\drivers\lcencm.sys [1350912 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\WINDOWS\System32\Drivers\lcfiltm.sys [66816 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\WINDOWS\System32\Drivers\lcrecm.sys [40192 2011-08-06] (Utimaco Safeware AG - a member of the Sophos Group)
S3 lvalarmk; C:\WINDOWS\system32\drivers\lvalarmk.sys [20256 2007-01-11] (National Instruments Corporation)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [76024 2010-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [91896 2010-10-22] (McAfee, Inc.)
R3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [43192 2010-10-22] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [344712 2010-10-22] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [66536 2010-10-22] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [64208 2010-10-22] (McAfee, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 1999-12-31] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NEOFLTR_717_20581; C:\WINDOWS\system32\Drivers\NEOFLTR_717_20581.SYS [85064 2012-03-12] (Juniper Networks)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\Netwxn00.sys [10281088 2012-09-30] (Intel Corporation)
S3 ni1006k; C:\WINDOWS\system32\drivers\ni1006k.sys [25888 2007-02-22] (National Instruments Corporation)
S3 ni1045k; C:\WINDOWS\system32\drivers\ni1045kl.sys [11552 2007-02-22] (National Instruments Corporation)
S3 ni1065k; C:\WINDOWS\system32\drivers\ni1065k.sys [22360 2007-05-25] (National Instruments Corporation)
R2 niarbk; C:\WINDOWS\System32\drivers\niarbk.dll [37376 2006-07-04] (National Instruments Corporation) [File not signed]
R2 nibffrk; C:\WINDOWS\System32\drivers\nibffrk.dll [21504 2006-07-04] (National Instruments Corporation) [File not signed]
R2 nicanpk; C:\WINDOWS\System32\DRIVERS\nicanpkl.sys [11336 2007-07-17] (National Instruments Corporation)
S3 nicanpkw; C:\WINDOWS\System32\DRIVERS\nicanpkw.sys [11336 2007-07-17] (National Instruments Corporation)
S3 nicdrk; C:\WINDOWS\system32\drivers\nicdrkl.sys [11352 2007-07-15] (National Instruments Corporation)
S2 Nidaq32k; C:\WINDOWS\system32\Drivers\Nidaq32k.sys [674304 2006-07-04] (National Instruments Corporation) [File not signed]
R3 nidimk; C:\WINDOWS\system32\drivers\nidimkl.sys [11360 2007-07-12] (National Instruments Corporation)
S2 nidmmk; C:\WINDOWS\System32\drivers\nidmmk.dll [50688 2006-07-04] (National Instruments Corporation) [File not signed]
S3 nidmxfk; C:\WINDOWS\system32\drivers\nidmxfkl.sys [11336 2007-07-14] (National Instruments Corporation)
S3 nidsark; C:\WINDOWS\system32\drivers\nidsarkl.sys [11344 2007-07-19] (National Instruments Corporation)
S3 niemrk; C:\WINDOWS\system32\drivers\niemrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 niesrk; C:\WINDOWS\system32\drivers\niesrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 nifslk; C:\WINDOWS\system32\drivers\nifslkl.sys [11352 2007-07-15] (National Instruments Corporation)
S3 nigplk; C:\WINDOWS\system32\drivers\nigplkl.sys [11552 2007-02-23] (National Instruments Corporation)
S3 nihsdrk; C:\WINDOWS\system32\drivers\nihsdrkl.sys [11352 2007-07-25] (National Instruments Corporation)
R3 nimdbgk; C:\WINDOWS\system32\drivers\nimdbgkl.sys [11360 2007-07-12] (National Instruments Corporation)
R2 nimdsk; C:\WINDOWS\System32\drivers\nimdsk.dll [30208 2006-07-04] (National Instruments Corporation) [File not signed]
R3 nimru2k; C:\WINDOWS\system32\drivers\nimru2kl.sys [11360 2007-07-24] (National Instruments Corporation)
S3 nimsdrk; C:\WINDOWS\system32\drivers\nimsdrkl.sys [11392 2007-07-18] (National Instruments Corporation)
S3 nimslk; C:\WINDOWS\system32\drivers\nimslk.dll [14464 2007-06-21] (National Instruments Corporation) [File not signed]
S3 nimsrlk; C:\WINDOWS\system32\drivers\nimsrlk.dll [151683 2007-06-21] (National Instruments Corporation) [File not signed]
R3 nimstsk; C:\WINDOWS\system32\drivers\nimstskl.sys [11360 2007-07-13] (National Instruments Corporation)
R3 nimxdfk; C:\WINDOWS\system32\drivers\nimxdfkl.sys [11344 2007-07-12] (National Instruments Corporation)
S3 nimxpk; C:\WINDOWS\system32\drivers\nimxpkl.sys [11368 2007-07-13] (National Instruments Corporation)
S3 ninshsdk; C:\WINDOWS\system32\drivers\ninshsdkl.sys [11360 2007-07-19] (National Instruments Corporation)
R3 niorbk; C:\WINDOWS\system32\drivers\niorbkl.sys [11344 2007-07-12] (National Instruments Corporation)
S3 nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [11904 2007-07-18] (National Instruments Corporation)
R0 NIPALK; C:\WINDOWS\System32\drivers\nipalk.sys [580184 2007-07-18] (National Instruments Corporation)
S3 nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [11896 2007-07-18] (National Instruments Corporation)
R0 nipbcfk; C:\WINDOWS\System32\drivers\nipbcfk.sys [15448 2007-07-10] (National Instruments Corporation)
S3 nipxigpk; C:\WINDOWS\system32\drivers\nipxigpk.sys [20768 2007-02-22] (National Instruments Corporation)
R2 nipxirmk; C:\WINDOWS\system32\drivers\nipxirmkl.sys [11552 2007-02-22] (National Instruments Corporation)
S3 niscdk; C:\WINDOWS\system32\drivers\niscdkl.sys [11376 2007-07-19] (National Instruments Corporation)
S3 nisdigk; C:\WINDOWS\system32\drivers\nisdigkl.sys [11352 2007-07-17] (National Instruments Corporation)
S3 nisftk; C:\WINDOWS\system32\drivers\nisftkl.sys [11344 2007-07-16] (National Instruments Corporation)
S3 nispdk; C:\WINDOWS\system32\drivers\nispdkl.sys [11376 2007-07-19] (National Instruments Corporation)
S3 nissrk; C:\WINDOWS\system32\drivers\nissrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 nistc2k; C:\WINDOWS\system32\drivers\nistc2kl.sys [11312 2007-07-15] (National Instruments Corporation)
R2 nistck; C:\WINDOWS\System32\drivers\nistck.dll [111616 2006-07-04] (National Instruments Corporation) [File not signed]
S3 nistcrk; C:\WINDOWS\system32\drivers\nistcrkl.sys [11360 2007-07-15] (National Instruments Corporation)
S3 niswdk; C:\WINDOWS\system32\drivers\niswdkl.sys [11336 2007-07-17] (National Instruments Corporation)
S3 nitiork; C:\WINDOWS\system32\drivers\nitiorkl.sys [11360 2007-07-19] (National Instruments Corporation)
S3 NiViFWK; C:\WINDOWS\System32\drivers\NiViFWKl.sys [11384 2007-07-19] (National Instruments Corporation)
S3 NiViPciK; C:\WINDOWS\System32\drivers\NiViPciKl.sys [11360 2007-07-19] (National Instruments Corporation)
R2 NiViPxiK; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [11360 2007-07-19] (National Instruments Corporation)
S3 niwfrk; C:\WINDOWS\system32\drivers\niwfrkl.sys [11336 2007-07-24] (National Instruments Corporation)
S3 nixsrk; C:\WINDOWS\system32\drivers\nixsrkl.sys [11336 2007-07-24] (National Instruments Corporation)
R3 Nmea; C:\WINDOWS\System32\DRIVERS\pctnullport.sys [38680 2010-10-19] (PCTEL Inc.)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2011-02-07] (Printing Communications Assoc., Inc. (PCAUSA))
R1 privman; C:\WINDOWS\System32\DRIVERS\privman.sys [30416 2011-04-14] (BeyondTrust Software, Inc.)
R2 risdxc; C:\WINDOWS\System32\DRIVERS\risdxc86.sys [76288 2011-05-25] (REDC)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SGSTDRVM; C:\WINDOWS\System32\Drivers\sgstdrvm.sys [51968 2011-08-05] (Utimaco Safeware AG - a member of the Sophos Group)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
S3 SMSIWLAN5; C:\Program Files\Sprint\Sprint SmartView\SMSIWLAN5.SYS [32408 2011-03-01] (Smith Micro Inc.)
R0 stmtpm; C:\WINDOWS\System32\DRIVERS\stm_tpm.sys [21504 2007-06-08] (STMicroelectronics, INC)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-02-19] ()
R1 tcpipBM; C:\WINDOWS\system32\drivers\tcpipBM.sys [24192 2010-12-20] (Bytemobile, Inc.) [File not signed]
R3 TcUsb; C:\WINDOWS\System32\Drivers\tcusb.sys [51400 2011-08-19] (AuthenTec, Inc.)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [13936 2013-01-11] (Lenovo Group Limited)
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2011-11-21] () [File not signed]
R3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [194362 2008-02-14] (Jungo) [File not signed]
R2 XilinxPC4Driver; C:\WINDOWS\System32\drivers\xpc4drvr.sys [16000 2008-02-14] (Xilinx, Inc.) [File not signed]
S4 IntelIde; No ImagePath
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-05-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 20:53 - 2014-09-01 20:53 - 00000000 ____D () C:\Oki CMYK test page downloader utility
2014-09-01 20:15 - 2014-09-01 20:15 - 01505568 _____ () C:\Documents and Settings\C01248\Desktop\Oracle Labor Enhancements In Support of Utilization and Efficiency Improvement.pptx
2014-08-31 21:49 - 2014-08-31 21:49 - 00000000 ____D () C:\Documents and Settings\C01248\Application Data\SUPERAntiSpyware.com
2014-08-31 21:48 - 2014-09-02 08:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-31 21:48 - 2014-08-31 21:48 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-31 21:48 - 2014-08-31 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-08-31 21:48 - 2014-08-31 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-31 21:46 - 2014-08-31 21:46 - 19008496 _____ (SUPERAntiSpyware) C:\Documents and Settings\C01248\Desktop\SUPERAntiSpyware.exe
2014-08-31 21:34 - 2014-08-31 21:34 - 01517309 _____ () C:\Documents and Settings\C01248\Desktop\Oracle Labor Enhancements In Support of Utilization and Efficiency Improvement_Draft.pptx
2014-08-31 09:14 - 2014-09-02 10:35 - 00000000 ____D () C:\FRST
2014-08-31 08:49 - 2014-08-31 08:49 - 00010287 _____ () C:\Documents and Settings\C01248\Desktop\hs_err_pid7576.log
2014-08-29 12:18 - 2014-08-29 12:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PrevxCSI
2014-08-29 12:18 - 2014-08-29 12:18 - 00076696 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys
2014-08-29 12:18 - 2014-08-29 12:18 - 00000049 _____ () C:\WINDOWS\wininit.ini
2014-08-29 12:18 - 2014-08-29 12:18 - 00000000 ____D () C:\Program Files\Prevx
2014-08-27 12:36 - 2014-08-27 12:38 - 00065612 _____ () C:\Documents and Settings\C01248\Desktop\FRST.txt
2014-08-27 12:08 - 2014-08-27 12:12 - 00000000 ____D () C:\AdwCleaner
2014-08-27 10:06 - 2014-09-02 10:17 - 00087456 _____ () C:\WINDOWS\setupapi.log
2014-08-27 07:25 - 2014-08-27 07:25 - 00000000 __SHD () C:\found.000
2014-08-26 20:44 - 2014-08-26 20:45 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-26 20:44 - 2014-08-26 20:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-26 14:52 - 2014-09-02 10:36 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\ValidatorHumble
2014-08-26 14:51 - 2014-09-02 10:37 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterRadio
2014-08-26 14:49 - 2014-09-02 10:07 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy
2014-08-26 14:49 - 2014-08-26 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\UIBeerware
2014-08-25 18:19 - 2014-08-25 18:19 - 237101056 _____ () C:\Documents and Settings\C01248\Desktop\LVRTE2012f3std.exe
2014-08-25 16:46 - 2014-08-25 16:46 - 04761014 _____ () C:\Documents and Settings\C01248\Desktop\PERFECT Test 12.3.0.0.zip
2014-08-21 14:22 - 2014-08-21 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2014-08-21 14:21 - 2014-08-21 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2014-08-20 12:45 - 2014-08-20 12:45 - 00429992 _____ () C:\Documents and Settings\C01248\Desktop\Post Service checks.xlsm
2014-08-16 14:17 - 2014-08-27 09:13 - 00000000 ____D () C:\Quarantine
2014-08-14 10:30 - 2014-08-18 10:31 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\DM6 Long Term Shutdown
2014-08-13 21:25 - 2014-08-13 21:25 - 03238415 _____ () C:\Documents and Settings\C01248\Desktop\Tom Cron Cymer WW-Closed SR Cycle Time-08112014-V4 (2).xlsx
2014-08-13 10:21 - 2014-08-13 10:22 - 01187960 _____ () C:\Documents and Settings\C01248\Desktop\ProcessExplorer.zip
2014-08-12 19:27 - 2014-08-12 19:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio .NET 2003
2014-08-12 18:04 - 2014-08-26 19:05 - 00000000 ____D () C:\Documents and Settings\l403196a\Local Settings\Temp
2014-08-12 18:04 - 2014-08-12 18:32 - 00000178 ___SH () C:\Documents and Settings\l403196a\ntuser.ini
2014-08-12 18:04 - 2014-08-12 18:04 - 00000000 ____D () C:\Documents and Settings\l403196a
2014-08-12 18:04 - 2014-05-27 18:20 - 00000000 __SHD () C:\Documents and Settings\l403196a\IETldCache
2014-08-12 18:04 - 2013-11-23 04:20 - 00000000 ____D () C:\Documents and Settings\l403196a\Local Settings\Application Data\Microsoft Help
2014-08-12 18:04 - 2013-06-10 18:47 - 00000000 ____D () C:\Documents and Settings\l403196a\Application Data\Intel
2014-08-12 18:04 - 2013-05-03 16:26 - 00001599 _____ () C:\Documents and Settings\l403196a\Start Menu\Programs\Remote Assistance.lnk
2014-08-12 18:04 - 2013-05-03 16:26 - 00000792 _____ () C:\Documents and Settings\l403196a\Start Menu\Programs\Windows Media Player.lnk
2014-08-12 18:04 - 2013-05-03 16:26 - 00000000 ___RD () C:\Documents and Settings\l403196a\Start Menu\Programs\Accessories
2014-08-12 18:04 - 2013-05-03 13:40 - 00000000 ____D () C:\Documents and Settings\l403196a\Application Data\Sun
2014-08-06 09:31 - 2014-08-06 09:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-06 09:31 - 2014-06-26 17:38 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-06 08:17 - 2014-08-06 08:18 - 00000000 ____D () C:\WINDOWS\pss
2014-08-03 21:42 - 2013-11-15 15:40 - 00143088 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo14.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 10:37 - 2014-08-26 14:51 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterRadio
2014-09-02 10:36 - 2014-08-26 14:52 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\ValidatorHumble
2014-09-02 10:36 - 2013-05-23 12:25 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Temp
2014-09-02 10:35 - 2014-08-31 09:14 - 00000000 ____D () C:\FRST
2014-09-02 10:33 - 2013-05-03 16:25 - 01780348 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-02 10:21 - 2013-05-23 13:04 - 00000000 ____D () C:\Documents and Settings\C01248\Application Data\Mobolize
2014-09-02 10:18 - 2014-03-21 09:27 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Outlook Files
2014-09-02 10:17 - 2014-08-27 10:06 - 00087456 _____ () C:\WINDOWS\setupapi.log
2014-09-02 10:17 - 2013-05-03 16:24 - 00000240 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-09-02 10:11 - 2013-05-03 16:24 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-02 10:08 - 2013-05-03 09:21 - 00000259 _____ () C:\WINDOWS\wiadebug.log
2014-09-02 10:07 - 2014-08-26 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\SupporterNoteworthy
2014-09-02 10:06 - 2013-06-04 22:55 - 00000302 _____ () C:\WINDOWS\Tasks\PMTask.job
2014-09-02 10:05 - 2013-05-23 12:26 - 00000000 ____D () C:\Documents and Settings\C01248\Tracing
2014-09-02 10:04 - 2011-07-13 16:57 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-02 10:03 - 2013-05-23 14:52 - 00000069 _____ () C:\WINDOWS\pxisys.ini
2014-09-02 10:03 - 2013-05-23 14:52 - 00000030 _____ () C:\WINDOWS\pxiesys.ini
2014-09-02 10:03 - 2013-05-03 09:21 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-02 10:00 - 2013-05-03 13:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-02 09:57 - 2014-02-18 18:21 - 01153456 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-09-02 09:57 - 2013-06-05 22:56 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-09-02 09:57 - 2013-06-05 15:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-02 09:57 - 2013-05-23 12:49 - 00000000 ____D () C:\Program Files\Mobolize CacheFront
2014-09-02 09:57 - 2013-05-23 12:25 - 00000708 ___SH () C:\Documents and Settings\C01248\ntuser.ini
2014-09-02 09:57 - 2013-05-03 13:31 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-02 09:29 - 2013-05-03 13:31 - 00000000 __SHD () C:\WINDOWS\CSC
2014-09-02 08:03 - 2014-08-31 21:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-02 03:52 - 2013-05-03 13:57 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-09-01 20:53 - 2014-09-01 20:53 - 00000000 ____D () C:\Oki CMYK test page downloader utility
2014-09-01 20:15 - 2014-09-01 20:15 - 01505568 _____ () C:\Documents and Settings\C01248\Desktop\Oracle Labor Enhancements In Support of Utilization and Efficiency Improvement.pptx
2014-09-01 20:14 - 2013-06-05 14:50 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\Weekly Reports
2014-09-01 20:09 - 2013-06-05 13:49 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Timesheets
2014-09-01 09:17 - 2013-06-25 15:46 - 00000000 ____D () C:\Program Files\TSplus RDP 5 portable client
2014-09-01 08:05 - 2013-05-03 09:14 - 00000000 ____D () C:\WINDOWS\security
2014-08-31 21:49 - 2014-08-31 21:49 - 00000000 ____D () C:\Documents and Settings\C01248\Application Data\SUPERAntiSpyware.com
2014-08-31 21:48 - 2014-08-31 21:48 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-31 21:48 - 2014-08-31 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-08-31 21:48 - 2014-08-31 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-31 21:46 - 2014-08-31 21:46 - 19008496 _____ (SUPERAntiSpyware) C:\Documents and Settings\C01248\Desktop\SUPERAntiSpyware.exe
2014-08-31 21:34 - 2014-08-31 21:34 - 01517309 _____ () C:\Documents and Settings\C01248\Desktop\Oracle Labor Enhancements In Support of Utilization and Efficiency Improvement_Draft.pptx
2014-08-31 11:42 - 2013-05-03 13:36 - 00000178 ___SH () C:\Documents and Settings\SVC-ALTIRIS-PROD\ntuser.ini
2014-08-31 08:49 - 2014-08-31 08:49 - 00010287 _____ () C:\Documents and Settings\C01248\Desktop\hs_err_pid7576.log
2014-08-30 18:44 - 2014-04-24 09:05 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 21:03 - 2014-06-01 21:18 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\Google
2014-08-29 20:59 - 2014-05-20 09:40 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\Deployment
2014-08-29 12:38 - 2014-08-29 12:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PrevxCSI
2014-08-29 12:18 - 2014-08-29 12:18 - 00076696 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys
2014-08-29 12:18 - 2014-08-29 12:18 - 00000049 _____ () C:\WINDOWS\wininit.ini
2014-08-29 12:18 - 2014-08-29 12:18 - 00000000 ____D () C:\Program Files\Prevx
2014-08-29 12:17 - 2013-06-05 13:39 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Software
2014-08-29 12:10 - 2013-05-23 14:19 - 00001860 _____ () C:\Documents and Settings\C01248\Desktop\IC Imaging Control 3.0.lnk
2014-08-29 12:10 - 2013-05-23 14:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IC Imaging Control 3.0
2014-08-29 12:08 - 2013-05-23 14:19 - 00000000 ____D () C:\Program Files\Common Files\IC Imaging Control 3
2014-08-28 15:46 - 2013-05-03 09:07 - 326062080 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-28 14:51 - 2014-03-18 10:59 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\6XXX Chamber Directive
2014-08-28 14:46 - 2013-06-05 13:38 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Laser Calibrations
2014-08-28 09:35 - 2013-06-05 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\SR's
2014-08-27 12:38 - 2014-08-27 12:36 - 00065612 _____ () C:\Documents and Settings\C01248\Desktop\FRST.txt
2014-08-27 12:12 - 2014-08-27 12:08 - 00000000 ____D () C:\AdwCleaner
2014-08-27 09:13 - 2014-08-16 14:17 - 00000000 ____D () C:\Quarantine
2014-08-27 09:03 - 2013-05-23 12:25 - 00000000 ____D () C:\Documents and Settings\C01248
2014-08-27 07:25 - 2014-08-27 07:25 - 00000000 __SHD () C:\found.000
2014-08-26 22:18 - 2013-08-26 12:32 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-26 22:12 - 2013-05-03 09:19 - 00598638 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-26 20:45 - 2014-08-26 20:44 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-26 20:44 - 2014-08-26 20:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-26 19:14 - 2013-06-04 23:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-26 19:05 - 2014-08-12 18:04 - 00000000 ____D () C:\Documents and Settings\l403196a\Local Settings\Temp
2014-08-26 19:05 - 2013-07-11 18:25 - 00000000 ____D () C:\Documents and Settings\L401934\Local Settings\Temp
2014-08-26 19:05 - 2013-05-03 14:32 - 00000000 ____D () C:\Documents and Settings\CymerAdmin\Local Settings\Temp
2014-08-26 19:05 - 2013-05-03 13:46 - 00000000 ____D () C:\TEMP
2014-08-26 19:05 - 2013-05-03 13:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-26 19:01 - 2013-05-03 09:14 - 00000000 ____D () C:\WINDOWS\Resources
2014-08-26 14:49 - 2014-08-26 14:49 - 00000000 ____D () C:\Documents and Settings\C01248\Local Settings\Application Data\UIBeerware
2014-08-25 18:57 - 2013-06-05 13:37 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\Cymer PAT
2014-08-25 18:19 - 2014-08-25 18:19 - 237101056 _____ () C:\Documents and Settings\C01248\Desktop\LVRTE2012f3std.exe
2014-08-25 16:53 - 2013-05-23 14:10 - 00000000 ____D () C:\Program Files\PERFECT Test
2014-08-25 16:46 - 2014-08-25 16:46 - 04761014 _____ () C:\Documents and Settings\C01248\Desktop\PERFECT Test 12.3.0.0.zip
2014-08-21 15:01 - 2013-06-05 14:50 - 00762502 _____ () C:\Documents and Settings\C01248\Desktop\187146_C.xlsm
2014-08-21 14:22 - 2014-08-21 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2014-08-21 14:21 - 2014-08-21 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2014-08-21 14:21 - 2013-05-03 15:08 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-08-20 12:45 - 2014-08-20 12:45 - 00429992 _____ () C:\Documents and Settings\C01248\Desktop\Post Service checks.xlsm
2014-08-18 11:23 - 2013-06-05 13:37 - 00000000 ____D () C:\Documents and Settings\C01248\My Documents\GoldLists
2014-08-18 10:35 - 2013-09-06 10:19 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\Spansion
2014-08-18 10:31 - 2014-08-14 10:30 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\DM6 Long Term Shutdown
2014-08-13 21:31 - 2013-06-10 21:48 - 00000000 ____D () C:\Documents and Settings\C01248\Desktop\RFAB Quotes
2014-08-13 21:25 - 2014-08-13 21:25 - 03238415 _____ () C:\Documents and Settings\C01248\Desktop\Tom Cron Cymer WW-Closed SR Cycle Time-08112014-V4 (2).xlsx
2014-08-13 10:22 - 2014-08-13 10:21 - 01187960 _____ () C:\Documents and Settings\C01248\Desktop\ProcessExplorer.zip
2014-08-12 19:38 - 2013-05-03 13:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-12 19:30 - 2013-05-23 13:56 - 00000000 ____D () C:\Program Files\Common Files\Merge Modules
2014-08-12 19:27 - 2014-08-12 19:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio .NET 2003
2014-08-12 19:26 - 2013-05-23 13:59 - 00000000 ____D () C:\Program Files\Cymer FSE Laptop Drivers_v2.0.0
2014-08-12 19:26 - 2013-05-23 13:52 - 00000000 ____D () C:\Program Files\National Instruments
2014-08-12 18:32 - 2014-08-12 18:04 - 00000178 ___SH () C:\Documents and Settings\l403196a\ntuser.ini
2014-08-12 18:04 - 2014-08-12 18:04 - 00000000 ____D () C:\Documents and Settings\l403196a
2014-08-06 09:33 - 2014-08-06 09:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-06 08:18 - 2014-08-06 08:17 - 00000000 ____D () C:\WINDOWS\pss
2014-08-06 08:18 - 2013-05-03 09:17 - 00000211 ___SH () C:\boot.ini
2014-08-06 08:18 - 2011-07-13 16:57 - 00000603 _____ () C:\WINDOWS\win.ini
2014-08-06 08:18 - 2011-07-13 16:57 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-06 07:34 - 2013-05-23 14:10 - 00000000 ____D () C:\Program Files\Super Cubit
2014-08-06 07:33 - 2013-05-23 14:10 - 00286720 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2014-08-06 07:33 - 2013-05-23 14:10 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2014-08-05 20:10 - 2014-04-24 09:05 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-05 20:10 - 2014-04-24 09:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 20:10 - 2014-04-24 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-05 18:55 - 2013-05-23 13:17 - 00000000 ____D () C:\XLA_Diags
2014-08-05 17:09 - 2013-06-05 15:28 - 00000000 ____D () C:\Documents and Settings\C01248\Application Data\FileZilla
2014-08-05 08:16 - 2013-05-03 13:47 - 00000000 ____D () C:\Program Files\Intel
2014-08-05 08:11 - 2013-06-04 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intel
2014-08-04 17:40 - 2013-06-04 20:20 - 00000000 ____D () C:\SWTOOLS
2014-08-03 21:43 - 2013-05-03 13:50 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups

Some content of TEMP:
====================
C:\Documents and Settings\C01248\Local Settings\Temp\jna2596630332205884207.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna2873631279531282496.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna3189274540272018572.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna3310978012686383541.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna3636692912735920811.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna4268471432060714560.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna4384217263427520317.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna4760509551714747384.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna4946683109095573772.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna5673279155430059599.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna5768026713607530563.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna5828570565336194278.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna6137686205234646959.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna6174438098392496888.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna7009966342868971622.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna7264201487098340486.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna7600411830033577938.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna8211829265401105562.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna8461497366057804547.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jna962119339549398959.dll
C:\Documents and Settings\C01248\Local Settings\Temp\jniwrap.dll
C:\Documents and Settings\C01248\Local Settings\Temp\pvxinst109.exe
C:\Documents and Settings\C01248\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Thanks,

Tom

Attached File  FRST.txt   62.45KB   0 downloads

Attached File  Addition.txt   96.28KB   2 downloads

Attached File  Fixlog.txt   20.83KB   0 downloads

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 AM

Posted 03 September 2014 - 07:29 AM



Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#5 twcron

twcron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 04 September 2014 - 07:42 PM

Hi Nasdaq,

 

Performed everything per your request.

Here's the ComboFix log:

 

ComboFix 14-09-05.01 - C01248 09/04/2014  18:17:07.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3308.1623 [GMT -5:00]
Running from: c:\documents and settings\C01248\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\C01248\LOCALS~1\Temp\jna7443150943893881865.dll
c:\docume~1\C01248\LOCALS~1\Temp\jna8423694520232638150.dll
c:\docume~1\C01248\LOCALS~1\Temp\jniwrap.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\C01248\Application Data\LocalLow
c:\documents and settings\C01248\Local Settings\Application Data\.#
c:\documents and settings\C01248\Local Settings\Application Data\assembly\tmp
c:\documents and settings\C01248\Local Settings\Temp\jna7443150943893881865.dll
c:\documents and settings\C01248\Local Settings\Temp\jna8423694520232638150.dll
c:\documents and settings\C01248\Local Settings\Temp\jniwrap.dll
c:\documents and settings\CymerAdmin\Local Settings\Application Data\assembly\tmp
c:\program files\Common Files\Altiris_Icon.ico
c:\windows\system32\czojsbg.dll
c:\windows\system32\sggina.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-05 to 2014-09-05  )))))))))))))))))))))))))))))))
.
.
2014-09-03 22:00 . 2014-09-03 22:01 -------- d-----w- c:\windows\system32\NtmsData
2014-09-03 13:41 . 2014-09-03 13:44 -------- d-----w- c:\program files\Google
2014-09-03 13:20 . 2014-09-03 13:20 -------- d-----w- C:\found.001
2014-09-03 01:04 . 2014-09-03 01:12 -------- d-----w- c:\program files\stinger
2014-09-02 01:53 . 2014-09-02 01:53 -------- d-----w- C:\Oki CMYK test page downloader utility
2014-09-01 02:49 . 2014-09-01 02:49 -------- d-----w- c:\documents and settings\C01248\Application Data\SUPERAntiSpyware.com
2014-09-01 02:48 . 2014-09-04 22:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-09-01 02:48 . 2014-09-01 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-08-31 14:14 . 2014-09-02 15:40 -------- d-----w- C:\FRST
2014-08-29 17:18 . 2014-08-29 17:18 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2014-08-29 17:18 . 2014-08-29 17:18 -------- d-----w- c:\program files\Prevx
2014-08-29 17:18 . 2014-08-29 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2014-08-27 17:08 . 2014-08-27 17:12 -------- d-----w- C:\AdwCleaner
2014-08-27 12:25 . 2014-08-27 12:25 -------- d-----w- C:\found.000
2014-08-26 19:52 . 2014-09-04 23:53 -------- d-----w- c:\documents and settings\C01248\Local Settings\Application Data\ValidatorHumble
2014-08-26 19:51 . 2014-09-04 23:53 -------- d-----w- c:\documents and settings\C01248\Local Settings\Application Data\SupporterRadio
2014-08-26 19:49 . 2014-09-02 15:07 -------- d-----w- c:\documents and settings\C01248\Local Settings\Application Data\SupporterNoteworthy
2014-08-26 19:49 . 2014-08-26 19:49 -------- d-----w- c:\documents and settings\C01248\Local Settings\Application Data\UIBeerware
2014-08-25 23:22 . 2014-08-25 23:22 -------- d-----w- C:\National Instruments Downloads
2014-08-16 19:17 . 2014-09-03 20:42 -------- d-----w- C:\Quarantine
2014-08-13 00:27 . 2014-08-13 00:27 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2014-08-12 23:04 . 2014-08-12 23:04 -------- d-----w- c:\documents and settings\l403196a
2014-08-06 14:31 . 2014-08-06 14:33 -------- d-----w- c:\windows\system32\MRT
2014-08-06 14:25 . 2014-08-06 14:25 -------- d-----w- c:\documents and settings\C01248\Application Data\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-03 01:12 . 2013-05-03 19:15 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2014-09-03 01:12 . 2013-05-03 19:15 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-09-03 01:12 . 2013-05-03 19:15 167344 ----a-w- c:\windows\system32\mfevtps.exe
2014-09-02 22:23 . 2014-04-24 14:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-02 21:38 . 2014-04-24 14:05 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-06 12:33 . 2013-05-23 19:10 286720 ------w- c:\windows\Setup1.exe
2014-08-06 12:33 . 2013-05-23 19:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2004-03-16 00:51 . 2004-03-16 00:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 16:36 . 2003-05-01 16:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 17:32 . 2006-01-23 17:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 17:48 . 2007-02-08 17:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 02:03 . 2007-07-25 02:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2001-12-01 02:26 . 2001-12-01 02:26 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5147157F-A082-4F23-BD35-DE02C0E2D132}]
2014-02-28 03:47 467456 ----a-w- c:\program files\Mobolize CacheFront\MoboIEPlugIn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FB948A8A-17D5-4F3C-9DCF-2477467E2583}"= "c:\program files\Mobolize CacheFront\moboietoolbar.DLL" [2014-02-28 688128]
.
[HKEY_CLASSES_ROOT\clsid\{fb948a8a-17d5-4f3c-9dcf-2477467e2583}]
[HKEY_CLASSES_ROOT\MoboBar.MoboBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{87343DAF-B1A5-41EF-A390-0274C45ED988}]
[HKEY_CLASSES_ROOT\MoboBar.MoboBarObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FEOverlayDenied]
@="{8756BF5A-0833-46DE-B27A-36462A724433}"
[HKEY_CLASSES_ROOT\CLSID\{8756BF5A-0833-46DE-B27A-36462A724433}]
2011-08-06 10:38 356352 ----a-r- c:\program files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FEOverlayEnc]
@="{BF6CE06F-D876-4513-80DA-53FC713DAEC2}"
[HKEY_CLASSES_ROOT\CLSID\{BF6CE06F-D876-4513-80DA-53FC713DAEC2}]
2011-08-06 10:38 356352 ----a-r- c:\program files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FEOverlayPlain]
@="{6F2CF642-97EF-437A-908C-8FFF083E065C}"
[HKEY_CLASSES_ROOT\CLSID\{6F2CF642-97EF-437A-908C-8FFF083E065C}]
2011-08-06 10:38 356352 ----a-r- c:\program files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FEOverlayRule]
@="{3FFDF070-C234-4B40-A159-70235626596F}"
[HKEY_CLASSES_ROOT\CLSID\{3FFDF070-C234-4B40-A159-70235626596F}]
2011-08-06 10:38 356352 ----a-r- c:\program files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln1]
@="{93c136f0-91dc-4456-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4456-a586-98f72aff8d89}]
2011-08-06 18:49 319488 ----a-w- c:\windows\system32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln2]
@="{93c136f0-91dc-4457-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4457-a586-98f72aff8d89}]
2011-08-06 18:49 319488 ----a-w- c:\windows\system32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln3]
@="{93c136f0-91dc-4458-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4458-a586-98f72aff8d89}]
2011-08-06 18:49 319488 ----a-w- c:\windows\system32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln4]
@="{93c136f0-91dc-4459-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4459-a586-98f72aff8d89}]
2011-08-06 18:49 319488 ----a-w- c:\windows\system32\sgn_beshellextn.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"The Imaging Source Quick Driver Installer"="c:\program files\The Imaging Source Europe GmbH\Quick Driver Installer\QuickDriverInstaller.exe" [2007-03-09 688128]
"Push Client"="c:\documents and settings\C01248\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-04-01 922864]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIHBA.EXE" [2013-06-27 249440]
"UIBeerware"="c:\documents and settings\C01248\Local Settings\Application Data\UIBeerware\UIBeerware.dll" [2014-08-26 308736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-08-14 6688024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2013-11-29 62512]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2011-11-21 64064]
"TpShocks"="TpShocks.exe" [2013-11-30 342360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]
"SGNMasterApplication"="c:\program files\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe" [2011-08-06 94208]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-07-14 106064]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2012-09-27 55656]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2013-01-11 3713832]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2013-03-12 432488]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2013-03-12 194920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-13 1122304]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-02-27 628000]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-02-27 58656]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2012-07-13 69632]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20143688]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2013-09-27 333856]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-25 143680]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-25 181568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-25 169792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-11-15 2379504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2013-2-19 641392]
Mobolize CacheFront Manager.lnk - c:\program files\Mobolize CacheFront\MoboManager.exe [2014-2-27 1274145]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2013-6-10 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
2011-08-06 15:05 38912 ----a-w- c:\windows\system32\SGM_SMProtectn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2012-09-27 20:27 100712 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGSSOGinaExt]
2011-08-06 06:08 339968 ----a-r- c:\windows\system32\SGSSOGinaExtension.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Cymer\\Cymer Field Service Tool\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SysTrack\\LsiAgent\\LsiAgent.exe"=
"c:\\Program Files\\AFT_v9.6.0\\AFT_v9.6.0.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Prevx\\prevx.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 BE_FLTI;be_flti;c:\windows\system32\drivers\be_fltim.sys [8/6/2011 7:02 AM 59648]
R0 BeFlt;BeFlt;c:\windows\system32\drivers\BEFLT.SYS [8/6/2011 7:03 AM 117504]
R0 CEAES2M;CEAES2M;c:\windows\system32\drivers\cegaes2m.sys [8/5/2011 10:45 PM 63232]
R0 CEAESM;CEAESM;c:\windows\system32\drivers\cegaesm.sys [8/5/2011 10:45 PM 62720]
R0 CEDES3M;CEDES3M;c:\windows\system32\drivers\cedes3m.sys [6/15/2010 4:33 PM 20224]
R0 CEDESM;CEDESM;c:\windows\system32\drivers\cedesm.sys [6/15/2010 4:33 PM 19712]
R0 CEEIDEM;CEEIDEM;c:\windows\system32\drivers\ceeidem.sys [6/15/2010 4:33 PM 16128]
R0 CEHMACM;CEHMACM;c:\windows\system32\drivers\cehmacm.sys [6/15/2010 4:33 PM 25344]
R0 CEIDEM;CEIDEM;c:\windows\system32\drivers\ceidem.sys [6/15/2010 4:33 PM 17664]
R0 CERNDM;CERNDM;c:\windows\system32\drivers\cerndm.sys [6/15/2010 4:33 PM 15616]
R0 CESHAM;CESHAM;c:\windows\system32\drivers\cesham.sys [6/15/2010 4:33 PM 24832]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [6/4/2013 10:55 PM 24264]
R0 LCENCM;SafeGuard Filter;c:\windows\system32\drivers\lcencm.sys [8/6/2011 4:26 AM 1350912]
R0 LCFILTM;SafeGuard Filter Frame;c:\windows\system32\drivers\lcfiltm.sys [8/6/2011 4:25 AM 66816]
R0 LCRECM;SafeGuard Recognizer;c:\windows\system32\drivers\lcrecm.sys [8/6/2011 4:25 AM 40192]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 10:08 PM 15448]
R0 SGSTDRVM;SGMKeyStore Driver;c:\windows\system32\drivers\SGStDrvm.sys [8/5/2011 11:19 PM 51968]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [7/13/2011 5:08 PM 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [11/29/2013 7:20 PM 24888]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/3/2013 1:46 PM 13680]
R1 NEOFLTR_717_20581;Juniper Networks TDI Filter Driver (NEOFLTR_717_20581);c:\windows\system32\drivers\NEOFLTR_717_20581.SYS [1/12/2014 1:29 PM 85064]
R1 privman;privman;c:\windows\system32\drivers\privman.sys [5/3/2013 1:44 PM 30416]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 6:47 PM 142648]
R2 BEDevCtl;SafeGuard® Device Encryption Controller;c:\windows\system32\BEDevCtl.exe [8/6/2011 7:30 AM 1314816]
R2 BEFCSvcn;SafeGuard® Kernel Feature Client;c:\windows\system32\BEFCSvcn.exe [8/6/2011 7:28 AM 20480]
R2 BTService;PowerBroker Desktop Service;c:\windows\system32\btservice.exe [4/14/2011 11:10 PM 479560]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [6/4/2013 10:55 PM 280640]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [12/10/2012 2:26 PM 583680]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [1/3/2013 1:36 PM 121240]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CamMute.exe [2/19/2014 7:02 PM 58664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/3/2013 1:46 PM 110128]
R2 LsiAgent;Systems Management Agent;c:\program files\SysTrack\LsiAgent\LsiAgent.exe [8/14/2013 2:29 PM 3645464]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/3/2013 2:15 PM 167344]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [7/4/2006 6:35 PM 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [7/4/2006 6:35 PM 21504]
R2 nicanpk;nicanpk;c:\windows\system32\drivers\nicanpkl.sys [7/17/2007 4:46 PM 11336]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 1:21 PM 12696]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [7/4/2006 6:36 PM 30208]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 2:18 PM 11552]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [7/4/2006 6:36 PM 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 1:56 PM 11360]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2/7/2011 5:25 PM 92504]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2/27/2008 5:21 AM 144672]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/4/2013 10:55 PM 1645568]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [6/4/2013 10:55 PM 1663272]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [4/13/2011 7:55 PM 76288]
R2 SGN_BEService;SafeGuard® Base Encryption Service;c:\windows\system32\SGN_MasterServicen.exe [8/6/2011 11:59 AM 49152]
R2 SGN_FEService;SafeGuard® File Encryption;c:\windows\system32\SGN_MasterServicen.exe [8/6/2011 11:59 AM 49152]
R2 SGN_LogSystem;SafeGuard® Log Service;c:\windows\system32\SGN_MasterServicen.exe [8/6/2011 11:59 AM 49152]
R2 SGN_Sem;SafeGuard® System Event Manager;c:\windows\system32\SGN_MasterServicen.exe [8/6/2011 11:59 AM 49152]
R2 SGN_Trans;SafeGuard® Transport Service;c:\windows\system32\SGN_MasterServicen.exe [8/6/2011 11:59 AM 49152]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [5/30/2011 7:21 PM 11976]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sprint\Sprint SmartView\SwiCardDetect.exe [9/22/2010 3:49 PM 226672]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [5/3/2013 1:46 PM 115696]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/3/2013 1:46 PM 126512]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [6/19/2012 2:12 PM 645088]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [9/11/2012 7:08 PM 270080]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [11/10/2011 12:52 AM 46080]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\Netwxn00.sys [6/10/2013 6:46 PM 10281088]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [7/12/2007 8:18 PM 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [7/24/2007 2:19 PM 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [7/13/2007 10:00 PM 11360]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [5/3/2013 1:52 PM 39280]
S2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [7/4/2006 7:24 PM 674304]
S2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [7/4/2006 7:26 PM 50688]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 3:30 PM 1691480]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [3/20/2012 9:56 AM 365568]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [3/20/2012 9:56 AM 52736]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/25/2013 10:38 AM 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/25/2013 10:38 AM 103680]
S3 DFGUSB2;DFG/USB2-lt;c:\windows\system32\drivers\dfg_usb2-lt.sys [5/23/2013 2:19 PM 65024]
S3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [4/28/2010 1:03 PM 56392]
S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [4/28/2010 1:03 PM 164552]
S3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [4/28/2010 1:03 PM 164552]
S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [5/4/2010 12:50 PM 105544]
S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [4/28/2010 1:03 PM 164552]
S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [4/28/2010 1:03 PM 164552]
S3 EapSgnSvc;EAP signing service;c:\program files\Common Files\Wlan SDK\EapSgnSvc.exe [7/6/2011 9:12 AM 156560]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [12/10/2012 2:26 PM 627744]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 12:18 PM 20256]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/24/2014 9:05 AM 53208]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/3/2013 2:15 PM 92192]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 2:40 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 2:43 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [5/25/2007 3:26 PM 22360]
S3 nicanpkw;NI-CAN Driver;c:\windows\system32\drivers\nicanpkw.sys [5/23/2013 1:54 PM 11336]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [7/15/2007 7:44 PM 11352]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [7/14/2007 12:38 AM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [7/19/2007 5:06 AM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [7/24/2007 9:37 PM 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [7/24/2007 9:37 PM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [7/15/2007 8:31 PM 11352]
S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 6:20 PM 11552]
S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [7/25/2007 12:01 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [7/18/2007 12:47 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/21/2007 2:19 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/21/2007 2:19 AM 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [7/13/2007 10:01 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [7/19/2007 3:49 PM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [7/18/2007 11:11 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [7/18/2007 11:12 PM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 2:45 PM 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [7/19/2007 4:32 AM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [7/17/2007 2:27 AM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [7/16/2007 2:52 PM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [7/19/2007 4:32 AM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [7/24/2007 9:37 PM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [7/15/2007 6:48 PM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [7/15/2007 7:50 PM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [7/17/2007 6:18 AM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [7/19/2007 12:15 AM 11360]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 1:48 PM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 1:56 PM 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [7/24/2007 9:37 PM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [7/24/2007 9:38 PM 11336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/6/2013 7:56 PM 27064]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
S3 SMSIWLAN5;SMSIWLAN5 NDIS Protocol Driver;c:\progra~1\Sprint\SPRINT~1\SMSIWLAN5.SYS [3/1/2011 12:32 PM 32408]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/9/2013 8:56 PM 13464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NIPALK
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-03 13:44 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-03 19:42]
.
2014-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-03 13:41]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-03 13:41]
.
2014-09-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2013-06-05 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = about:blank
uInternet Settings,ProxyServer = http=wwwgate.ti.com:80;https=wwwgate.ti.com:81;ftp=wwwgate.ti.com:80;gopher=wwwgate.ti.com:80;socks=wwwgate.ti.com:80
uInternet Settings,ProxyOverride = *ti.com;*.local;<local>
TCP: DhcpNameServer = 192.168.1.254
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxp://csdaltnsprod1.intra.cymer.com/Altiris/NS/NSCap/Bin/Win32/x86/AeXClientBootstrap.cab
DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxps://cysm.cymer.com/Altiris/NS/NSCap/Bin/Win32/x86/AltirisNSConsole.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn1.cymer.com/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-ACNotify - ACNotify.dll
SafeBoot-mbamchameleon
SafeBoot-McAfeeEngineService
AddRemove-TSplus Portable RDP 5.2 client - c:\program files\TSplus RDP 5 portable client\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-04 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"C04D0E48E8DE2B84382DC411BA42F6A4"="c:\\Program Files\\Sprint\\Sprint SmartView\\EapSgnCli.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\privman32.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\windows\system32\SGSSOGinaExtension.dll
c:\windows\system32\AOLocalCache.dll
c:\windows\system32\SGMBASEN.dll
c:\windows\system32\SGMSBASEN.dll
c:\windows\system32\SGLocalCacheEnginen.dll
c:\windows\system32\SGMXMLN.dll
c:\windows\system32\CEGAES2N.DLL
c:\windows\system32\CEGAESN.DLL
c:\windows\system32\CEEIDEN.DLL
c:\windows\system32\CEHMACN.DLL
c:\windows\system32\CESHAN.DLL
c:\windows\system32\CERNDN.DLL
c:\windows\system32\CEIDEN.DLL
c:\windows\system32\CEDES3N.DLL
c:\windows\system32\CEDESN.DLL
c:\windows\system32\SGSSOMonitorDll.dll
c:\windows\system32\sgssomonhook.DLL
c:\windows\system32\SGM_SMProtectn.dll
.
- - - - - - - > 'lsass.exe'(1408)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(8492)
c:\windows\system32\WININET.dll
c:\windows\system32\privman32.dll
c:\program files\Sophos\SafeGuard Enterprise\FileEncryption\feshellx.dll
c:\windows\system32\SGMCachesn.dll
c:\windows\system32\SGMBASEN.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\SGMXMLN.dll
c:\windows\system32\SGMSBASEN.dll
c:\windows\system32\SGLocalCacheEnginen.dll
c:\windows\system32\SGMEntitiesn.dll
c:\windows\system32\CEGAES2N.DLL
c:\windows\system32\CEGAESN.DLL
c:\windows\system32\CEEIDEN.DLL
c:\windows\system32\CEHMACN.DLL
c:\windows\system32\CESHAN.DLL
c:\windows\system32\CERNDN.DLL
c:\windows\system32\CEIDEN.DLL
c:\windows\system32\CEDES3N.DLL
c:\windows\system32\CEDESN.DLL
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\sgn_beshellextn.dll
c:\windows\system32\SPTBASEN.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\program files\Altiris\Altiris Agent\AeXAgentUIHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\RTHDCPL.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Sprint\Sprint SmartView\RcAppSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Java\jre6\launch4j-tmp\MoboManager.exe
c:\program files\TechSmith\Snagit 10\TSCHelp.exe
c:\program files\TechSmith\Snagit 10\SnagPriv.exe
c:\program files\Sprint\Sprint SmartView\bmctl.exe
c:\program files\TechSmith\Snagit 10\snagiteditor.exe
c:\program files\Mobolize CacheFront\MoboProcessWatcher.exe
c:\program files\Java\jre6\launch4j-tmp\MoboIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\SysTrack\LsiAgent\Utilities\LsiUser.exe
c:\documents and settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
c:\documents and settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
c:\documents and settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
.
**************************************************************************
.
Completion time: 2014-09-04  19:22:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-05 00:21
.
Pre-Run: 383,646,404,608 bytes free
Post-Run: 383,586,435,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8576CF20A1693865CDAA6AD421D617FB
 

Attached File  ComboFix.txt   37.12KB   0 downloads

 

Also I re installed Chrome as it was removed earlier and performed the reset as instructed.

 

It looks like nothing has changed for the better.  Everything is still the same.

 

Thanks,

 

Tom

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 AM

Posted 05 September 2014 - 08:26 AM

Open notepad and copy/paste the text in the quote box below into it:
 
KillAll::

File::
c:\documents and settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
c:\documents and settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe
c:\documents and settings\C01248\Local Settings\Application Data\SupporterNoteworthy\NavigatorJoint\browser.exe

Folder::
c:\documents and settings\C01248

ClearJavaCache::

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

How is the computer running now?

#7 twcron

twcron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 08 September 2014 - 02:33 PM

Hi Nasdaq,

I ran the ComboFix fix script as requested.

Unfortunately during the reboot my HDD started thrashing and eventually crapped the proverbial bed.  It (HDD) does not power up at all.

I tried pulling it out to use as an external drive via USB adaptor.  Same result...No power.

 

It would appear I will need to replace the HDD and reload everything.  Bummer!

 

Thanks very much for your excellent help/support!

 

Regards,

 

Tom



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 AM

Posted 09 September 2014 - 07:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users