Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome


  • This topic is locked This topic is locked
4 replies to this topic

#1 deehre01

deehre01

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 06 January 2015 - 09:48 PM

I appear to have the virus that others have mentioned that runs as google chrome.  Here is my farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by David (administrator) on UNIXTEAM on 06-01-2015 21:38:00
Running from C:\Users\David\Downloads
Loaded Profile: David (Available profiles: David & Sharon & Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Common\8,4,6,80\arr_isrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Array SSL VPN\8,4,6,80\arr_srvs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Pantone & X-Rite) C:\Program Files (x86)\XRite\hueyPRO\hueyPROTray.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files (x86)\Corel\Corel DVD MovieFactory Lenovo Edition\DVD MovieFactory\uImportDVDEx.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe
(Google Inc.) C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2009-12-11] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-17] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [120832 2009-11-06] (Primax Electronics Ltd.)
HKLM\...\Run: [Mouse Suite 98 Daemon] => ICO.EXE
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2013-02-28] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-24] ()
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\Run: [Bdzdmarjw] => regsvr32.exe /s "C:\Users\David\AppData\Local\{06000B67-504E-4FA5-A3BA-F4FDE5AF72E2}\Bdzdmarjw.dll" <===== ATTENTION
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\MountPoints2: {e0941868-8157-11df-b435-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\MountPoints2: {e094186b-8157-11df-b435-806e6f6e6963} - E:\SETUP.EXE /AUTORUN
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bomgar Representative Console [support.helpdesk.louisville.edu].lnk
ShortcutTarget: Bomgar Representative Console [support.helpdesk.louisville.edu].lnk -> C:\Program Files (x86)\Bomgar\Representative\support.helpdesk.louisville.edu\bomgar-rep.exe (Bomgar)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyPROTray.lnk
ShortcutTarget: hueyPROTray.lnk -> C:\Program Files (x86)\XRite\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bomgar Representative Console [support.helpdesk.louisville.edu].lnk
ShortcutTarget: Bomgar Representative Console [support.helpdesk.louisville.edu].lnk -> C:\Program Files (x86)\Bomgar\Representative\support.helpdesk.louisville.edu\bomgar-rep.exe (Bomgar)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyPROTray.lnk
ShortcutTarget: hueyPROTray.lnk -> C:\Program Files (x86)\XRite\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
GroupPolicyUsers\S-1-5-21-2913281196-3413940811-1613610604-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://dehresman.home.insightbb.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {9FABFBF5-C794-407B-A8CC-3A4BA712A224} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {41C64365-B002-4FBE-A0BB-07A84DDF58E5} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> DefaultScope {D9109509-8726-4747-9818-329E3F05B25A} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {41C64365-B002-4FBE-A0BB-07A84DDF58E5} URL =
SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {4AEECE9A-E4B6-4BF8-B8EF-9F83093CC47B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {9FABFBF5-C794-407B-A8CC-3A4BA712A224} URL =
SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {D9109509-8726-4747-9818-329E3F05B25A} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {DFB07B56-8A50-42F1-B896-25881F9B7702} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MXGB_enUS510
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC}
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\David\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\David\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC} https://vpn.louisville.edu/prx/000/http/localhost/client_sec/l3vpn/arr_x.cab
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
DPF: HKLM-x32 {B6648EB8-2460-484F-9255-9654454C4C70} https://vpn.louisville.edu/prx/000/http/localhost/arr_x.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\David\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\David\AppData\Local\Temp\f5tmp\urxhost.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.17.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\xy8aeyug.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-11]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-11]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArraySSL_VPN_Service8.4.6.80; C:\Program Files\Array Networks\Array SSL VPN\8,4,6,80\arr_srvs.exe [313728 2013-12-14] (Array Networks, Inc.)
R2 Array_Utility_Service8.4.6.80; C:\Program Files\Array Networks\Common\8,4,6,80\arr_isrv.exe [407936 2013-12-14] (Array Networks, Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-05-06] (Lenovo.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [266576 2010-03-24] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [228864 2009-11-13] () [File not signed]
S3 SMmonitor; C:\Program Files (x86)\IBM_DS\client\monitor\SMmonitor.exe [69632 2011-11-11] () [File not signed]
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bgdspdrv; C:\Windows\System32\DRIVERS\bgdspdrv.sys [37200 2012-05-21] (Bomgar Corporation)
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [19688 2013-07-23] (F5 Networks, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 pelbtm; C:\Windows\System32\DRIVERS\pelbtm.sys [16384 2007-09-20] (Primax Electronics Ltd.)
R1 pelmoubt; C:\Windows\System32\DRIVERS\pelmoubt.sys [22016 2009-04-23] (Primax Electronics Ltd.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2010-06-26] ()
R3 TN33statbus; C:\Windows\System32\DRIVERS\TN33_MultiFn.sys [57856 2010-02-28] (TOPPAN FORMS CO.,LTD.)
R3 TN33wdffeatured; C:\Windows\System32\DRIVERS\TN33_Pcsc.sys [17408 2010-02-28] (TOPPAN FORMS CO.,LTD.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-05-06] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2012-04-06] (F5 Networks, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 21:38 - 2015-01-06 21:38 - 00026716 _____ () C:\Users\David\Downloads\FRST.txt
2015-01-06 21:36 - 2015-01-06 21:38 - 00000000 ____D () C:\FRST
2015-01-06 21:29 - 2015-01-06 21:29 - 02123776 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-01-06 20:32 - 2015-01-06 20:32 - 00011716 _____ () C:\Users\David\Documents\KY Telco Bank_2014_11_30.zip
2015-01-06 20:23 - 2015-01-06 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-06 20:23 - 2015-01-06 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-06 20:23 - 2015-01-06 20:23 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-06 20:13 - 2015-01-06 20:13 - 01376768 _____ () C:\Users\David\Downloads\7zip920-x64.msi
2015-01-06 20:13 - 2015-01-06 20:13 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-06 19:56 - 2015-01-06 20:11 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-01-06 19:54 - 2015-01-06 19:54 - 01110476 _____ () C:\Users\David\Downloads\7zip920.exe
2014-12-23 08:19 - 2014-12-23 08:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 16:44 - 2014-12-22 21:52 - 00002441 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 16:44 - 2014-12-22 21:52 - 00002441 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 16:44 - 2014-12-10 16:44 - 00002067 ____N () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-10 03:13 - 2014-12-10 03:13 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:04 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 19:10 - 2014-11-21 03:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 19:10 - 2014-11-21 03:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 19:10 - 2014-11-21 03:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 19:10 - 2014-11-21 03:37 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 19:10 - 2014-11-21 03:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 19:10 - 2014-11-21 03:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 19:10 - 2014-11-21 02:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 19:10 - 2014-11-21 02:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 19:10 - 2014-11-21 02:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 19:10 - 2014-11-21 02:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 19:10 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 19:10 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 19:10 - 2014-11-21 02:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 19:10 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 19:10 - 2014-11-21 02:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 19:10 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 19:10 - 2014-11-21 01:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 19:10 - 2014-11-21 01:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 19:10 - 2014-11-21 01:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-09 19:10 - 2014-11-21 00:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-09 19:09 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 19:09 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 19:09 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 19:09 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 19:09 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 19:09 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 19:09 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 19:09 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 19:09 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 19:09 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 19:09 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 19:09 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 19:09 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 19:09 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 19:09 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 19:09 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 19:09 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 19:09 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 19:09 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 19:09 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 19:09 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 19:09 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 19:09 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 19:09 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 19:09 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 08:44 - 2014-12-09 08:44 - 00298960 ____N () C:\Windows\Minidump\120914-37112-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 21:25 - 2012-04-04 08:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 21:21 - 2009-07-13 23:45 - 00025184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 21:21 - 2009-07-13 23:45 - 00025184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 21:20 - 2010-06-26 14:41 - 01576973 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 21:14 - 2009-07-14 00:13 - 00806208 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 21:07 - 2010-06-26 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-06 21:07 - 2010-06-26 15:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-06 21:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 21:07 - 2009-07-13 23:51 - 00098610 _____ () C:\Windows\setupact.log
2015-01-06 21:05 - 2014-04-04 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Array Networks
2015-01-06 21:05 - 2014-04-04 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Array Networks
2015-01-06 21:05 - 2014-02-21 18:52 - 00000000 ____D () C:\Program Files\Array Networks
2015-01-06 20:57 - 2011-08-16 21:20 - 00000000 ____D () C:\Users\David\Documents\Outlook Files
2015-01-06 20:08 - 2011-05-23 14:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\Ulead Systems
2015-01-06 20:05 - 2013-01-02 11:41 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-06 20:05 - 2012-09-08 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-06 20:05 - 2012-05-12 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-06 20:05 - 2012-05-12 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-06 19:56 - 2011-12-31 20:42 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913281196-3413940811-1613610604-1003UA.job
2015-01-06 06:29 - 2012-09-23 16:03 - 00000000 ____D () C:\Users\David\AppData\Local\{06000B67-504E-4FA5-A3BA-F4FDE5AF72E2}
2015-01-05 22:56 - 2011-12-31 20:42 - 00000910 ____N () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913281196-3413940811-1613610604-1003Core.job
2015-01-03 15:01 - 2013-01-02 11:41 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-03 15:00 - 2013-01-02 11:41 - 00004230 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-01-02 10:15 - 2010-07-07 01:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2015-01-01 11:40 - 2014-12-04 21:13 - 00077312 ____N () C:\Users\David\Documents\2014 Christmas list.xls
2014-12-23 08:52 - 2010-11-18 08:20 - 00000000 ____D () C:\Users\David\AppData\Roaming\SSH
2014-12-14 03:01 - 2012-05-12 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 03:01 - 2012-05-12 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 03:17 - 2010-06-26 14:32 - 00526454 ____N () C:\Windows\PFRO.log
2014-12-11 12:00 - 2010-06-26 14:38 - 00000000 ____D () C:\swshare
2014-12-10 16:43 - 2010-06-26 14:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-10 16:43 - 2010-06-26 14:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-10 16:43 - 2010-06-26 14:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-10 07:25 - 2012-04-04 08:13 - 00701104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 07:25 - 2012-04-04 08:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 07:25 - 2011-05-13 16:58 - 00071344 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 03:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:13 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:09 - 2013-08-11 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:09 - 2013-06-27 20:12 - 00000000 ____D () C:\Users\Admin
2014-12-10 03:09 - 2011-05-13 17:01 - 00000000 ____D () C:\Users\Sharon
2014-12-10 03:06 - 2011-02-07 20:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 03:06 - 2010-10-28 20:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:06 - 2010-10-28 20:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 08:44 - 2012-03-14 05:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-09 08:43 - 2012-03-14 05:31 - 769882467 ____N () C:\Windows\MEMORY.DMP

Files to move or delete:
====================
C:\Users\David\remotedrive_1_BPET26B_14.dll
C:\Users\David\remotedrive_1_BPET50G_10_09_14.dll
C:\Users\David\AppData\Roaming\cache.dat
C:\Users\David\AppData\Roaming\cache.ini


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\adapter_cfg_x64.exe
C:\Users\David\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\David\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\MSN3054.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\ose00001.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 00:41

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:23 PM

Posted 07 January 2015 - 04:38 PM

Hey my friend, :)

Running from C:\Users\David\Downloads

Please move it to your Desktop. For the future please save all tools we use on your Desktop. ;)

Before we proceed I need the Addition Log. Can you give it to me? That would be nice.

There is some malware, but don't worry, we'll fix it.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 deehre01

deehre01
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 07 January 2015 - 05:35 PM

Here's the addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by David at 2015-01-06 21:39:08
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader for ScanSnap ™ 4.1 (HKLM-x32\...\{FB410000-0002-0000-0000-074957833700}) (Version: 8.02.650.72520 - ABBYY)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Array Networks SSL VPN Client 8,4,6,80 (Array Networks) (HKLM-x32\...\Array SSL VPN8,4,6,80) (Version: 8,4,6,80 - Array Networks)
BIG-IP Edge Client Components (HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\F5 Networks Client Components) (Version: 70.2013.0724.0020 - F5 Networks, Inc.)
Bomgar Display Driver (HKLM-x32\...\{E166EA80-47A4-4DFE-B1D5-0EFA517DDDD3}) (Version: 2.0.518 - Bomgar Corporation)
Bomgar Representative Console 14.1.3 [support.helpdesk.louisville.edu] (HKLM-x32\...\Bomgar Representative Console [support.helpdesk.louisville.edu]) (Version: 14.1.3 - Bomgar Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}) (Version: 2.0.0.36 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L40 - PFU)
CardMinder V4.1 (x32 Version: 4.1.40.1 - PFU) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11062.3 - Cisco Consumer Products LLC)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 4.4 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.4.0.4848 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Kentucky 2013 (HKLM-x32\...\{6884FBCF-02ED-489B-AD1B-5E28AE05AC9D}) (Version: 1.13.3101 - HRB Technology, LLC.)
hueyPRO for Lenovo (Version 1.2.4) (HKLM-x32\...\huey_is1) (Version:  - Pantone & X-Rite)
IBM DS Storage Manager Host Software version 10.77.x5.28 (HKLM-x32\...\IBM System Storage DS Storage Manager 10) (Version: 10.77.x5.28 - IBM Corporation)
IBM Tivoli Storage Manager Client (HKLM\...\{83B5A1A3-654F-4E2D-82D3-809BF3CA40CF}) (Version: 06.02.0100 - IBM)
Integrated Camera Driver Installer Package Ver.1.1.0.19 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.19 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.184 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.184 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.30 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version:  - Lenovo)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NVIDIA 3D Vision Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.1.0.0 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.10.00 - )
OneClickdigital Media Manager (HKLM-x32\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
ProPresenter (HKLM-x32\...\{417909C2-E336-435E-8E92-99E1BABAFD4B}) (Version: 4.0.7 - Renewed Vision)
ProtecTIER Manager (HKLM\...\ProtecTIER Manager) (Version: 3.3.3.0 - IBM)
ProtecTIER Manager (HKLM-x32\...\ProtecTIER Manager) (Version: 2.1.0.0 - IBM)
PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Scan2PDF 1.6 (HKLM-x32\...\Scan2PDF_is1) (Version:  - Koma-Code)
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L30 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L61 - PFU)
ScanSnap Organizer (x32 Version: 4.1.30.16 - PFU LIMITED) Hidden
ScanSnap Organizer (x32 Version: 4.1.61.1 - PFU LIMITED) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shepherd's Staff 2014 (HKLM-x32\...\{461EAC0D-C8C4-4D57-A589-4C817B52612E}) (Version: 8.1 - Concordia Publishing House)
Shepherd's Staff 2014 (x32 Version: 8.1 - Concordia Publishing House) Hidden
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0030 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.21 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.12.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.62 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.41 - Lenovo)
TN33 PCSC Driver Stack 1.0 (HKLM\...\TN33PCSCDriver_is1) (Version: 0.0.2.0 - TOPPAN FORMS)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.3045 - VMware, Inc.)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
W Photo Studio (HKLM-x32\...\{CBF3C503-946E-45EA-B347-EACC41781989}) (Version: 1.0.0.143 - Walgreens)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel (e1kexpress) Net  (12/10/2009 11.5.10.0) (HKLM\...\D458D719D6B055DC5E3DF88140ADE887B29FB396) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows Driver Package - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/22/2010 15.0.18.0) (HKLM\...\50BEEEA1F00D30E432867EA15672212B3FB5740E) (Version: 04/22/2010 15.0.18.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
XIV Storage Management Version 2.4.4 (HKLM-x32\...\XIVGUI_10.x.x_is1) (Version:  - )
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001_Classes\CLSID\{20CB8E44-1A2F-42C7-9994-D64D3798A14F}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\F5InstP64.dll (F5 Networks, Inc.)

==================== Restore Points  =========================

21-12-2014 01:32:56 Windows Update
24-12-2014 03:29:55 Windows Update
28-12-2014 01:32:49 Windows Update
31-12-2014 03:28:51 Windows Update
04-01-2015 01:32:49 Windows Update
06-01-2015 20:18:07 Installed 7-Zip 9.20 (x64 edition)
06-01-2015 20:23:07 Installed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-11-13 14:15 - 2013-11-14 15:35 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0574CC08-9055-41BD-94D7-1DCEE4CB6816} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {49A0E851-C1CF-4572-8637-4F3E3695339A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {4A0A0958-B25F-4686-8A89-A7C91A3A63C6} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {4C56C2F3-D56A-4A9C-BD84-C51F1BA8D735} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {587AF2A6-8809-400D-9A0C-FAD47E55CA64} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-05-06] (Lenovo Group Limited)
Task: {64869D00-6F5C-4B3E-A240-D13690FB2987} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {75FD4A9B-084D-464D-A061-B10693D7418C} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {810B8D98-0F6B-44F6-89F8-DF6F6A862E98} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2913281196-3413940811-1613610604-1003Core => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-17] (Facebook Inc.)
Task: {93FEA46C-9CAA-4FE6-84FC-04F2B10373A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A5320BF1-4B3E-4C2A-BCCD-FF008B86F914} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B44FF07D-F046-421D-AF4B-A5D4A29891F2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2913281196-3413940811-1613610604-1003UA => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-17] (Facebook Inc.)
Task: {C7DB0D3B-332A-46E5-B97C-2B5B3C8EB7C4} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {D6074C27-9A52-422D-84A4-9FF1F8EA3FCA} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {F9E90BA0-46CF-4945-A236-76B8DC52CD30} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913281196-3413940811-1613610604-1003Core.job => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2913281196-3413940811-1613610604-1003UA.job => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-04-13 16:47 - 2013-01-10 16:36 - 00087328 ____N () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-03-05 11:21 - 2010-03-05 11:21 - 01501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-04-05 09:40 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2011-06-28 12:41 - 2005-03-12 00:07 - 00087040 ____N () C:\Windows\System32\pdfcmnnt.dll
2009-12-08 09:14 - 2009-12-08 09:14 - 06810728 ____N () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2010-11-03 16:45 - 2009-11-13 01:54 - 00228864 ____R () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2010-11-03 16:45 - 2009-11-12 21:20 - 00038912 ____R () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 ____N () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 ____N () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-26 14:36 - 2010-05-06 13:21 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-11-03 16:45 - 2008-11-27 03:16 - 00018432 ____R () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2011-06-13 19:37 - 2011-06-13 19:37 - 00173344 ____N () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2009-05-28 00:09 - 2009-05-28 00:09 - 00049976 ____N () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2008-10-03 14:27 - 2008-10-03 14:27 - 00366592 ____N () C:\Program Files (x86)\Corel\Corel DVD MovieFactory Lenovo Edition\DVD MovieFactory\uImportDVDEx.exe
2010-04-22 18:26 - 2010-04-22 18:26 - 00020480 ____N () C:\Program Files (x86)\Lenovo\Access Connections\ACNewBiosHelper.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-06 06:29 - 2015-01-05 21:48 - 00247808 _____ () C:\Users\David\AppData\Local\{06000B67-504E-4FA5-A3BA-F4FDE5AF72E2}\Bdzdmarjw.dll
2013-03-12 15:59 - 2008-11-12 14:32 - 00014848 ____N () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2008-11-10 18:12 - 2008-11-10 18:12 - 00246272 ____N () C:\Program Files (x86)\Corel\Corel DVD MovieFactory Lenovo Edition\DVD MovieFactory\uImportDVDUI.dll
2006-09-22 14:16 - 2006-09-22 14:16 - 00020480 ____N () C:\Program Files (x86)\Corel\Corel DVD MovieFactory Lenovo Edition\DVD MovieFactory\uvipl.dll
2008-09-24 12:41 - 2008-09-24 12:41 - 00010752 ____N () C:\Program Files (x86)\Corel\Corel DVD MovieFactory Lenovo Edition\DVD MovieFactory\uImportDVDUIFrame.dll
2006-09-22 14:16 - 2006-09-22 14:16 - 00688128 ____N () C:\Program Files (x86)\Corel\Corel DVD MovieFactory Lenovo Edition\DVD MovieFactory\uviplA6.DLL
2014-12-23 08:19 - 2014-12-23 08:19 - 03758192 ____N () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____N () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 ____N () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-10 07:25 - 2014-12-10 07:25 - 16841392 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2015-01-05 22:05 - 2015-01-06 20:58 - 00718152 _____ () C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\36.0.1985.143\libglesv2.dll
2015-01-05 22:05 - 2015-01-06 20:58 - 00126280 _____ () C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\36.0.1985.143\libegl.dll
2015-01-05 22:05 - 2015-01-06 20:58 - 08537928 _____ () C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\36.0.1985.143\pdf.dll
2015-01-05 22:05 - 2015-01-06 20:58 - 00353096 _____ () C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2015-01-05 22:05 - 2015-01-06 20:58 - 01732936 _____ () C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\36.0.1985.143\ffmpegsumo.dll
2015-01-05 22:05 - 2015-01-06 20:58 - 14669128 _____ () C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\David\Documents\Test of _forward.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2913281196-3413940811-1613610604-1005 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2913281196-3413940811-1613610604-500 - Administrator - Disabled)
David (S-1-5-21-2913281196-3413940811-1613610604-1001 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-2913281196-3413940811-1613610604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2913281196-3413940811-1613610604-1009 - Limited - Enabled)
Sharon (S-1-5-21-2913281196-3413940811-1613610604-1003 - Limited - Enabled) => C:\Users\Sharon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2015 08:57:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: The RPC server is too busy to complete this operation.

Error: (01/06/2015 08:01:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ntwfemfvcw.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: uokqaqa.dll, version: 0.0.0.0, time stamp: 0x54aab37d
Exception code: 0xc0000005
Fault offset: 0x000140fb
Faulting process id: 0x10ac
Faulting application start time: 0xNtwfemfvcw.exe0
Faulting application path: Ntwfemfvcw.exe1
Faulting module path: Ntwfemfvcw.exe2
Report Id: Ntwfemfvcw.exe3

Error: (01/06/2015 01:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ntwfemfvcw.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: uokqaqa.dll, version: 0.0.0.0, time stamp: 0x54aab37d
Exception code: 0xc0000005
Fault offset: 0x000140fb
Faulting process id: 0x4288
Faulting application start time: 0xNtwfemfvcw.exe0
Faulting application path: Ntwfemfvcw.exe1
Faulting module path: Ntwfemfvcw.exe2
Report Id: Ntwfemfvcw.exe3

Error: (01/06/2015 01:06:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/E0AB059420725493056062023670F7CD2EFC6666.crt> with error: This operation returned because the timeout period expired.
.

Error: (01/03/2015 03:00:59 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (13152) Asapi: (15:00:59:9960)(13152) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>CC1A6AE202C9D030</RequestId><HostId>a0LRp1MOegJqvrUF1roT6+Qjng3nuurbW+EpzGDgbfHBTU0qEhRVZ3qFe+0IG6IJ</HostId></Error>

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: The RPC server is too busy to complete this operation.

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: The RPC server is too busy to complete this operation.

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: The RPC server is too busy to complete this operation.

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: The RPC server is too busy to complete this operation.

Error: (12/22/2014 09:51:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: UnixTeam)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (01/06/2015 09:14:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/06/2015 09:03:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/06/2015 08:55:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SeaPort service failed to start due to the following error:
%%1053

Error: (01/06/2015 08:55:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.

Error: (01/06/2015 08:54:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error:
%%1053

Error: (01/06/2015 08:54:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Registry Service service to connect.

Error: (01/06/2015 08:52:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (01/06/2015 08:52:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (01/06/2015 08:16:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/06/2015 08:11:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/06/2015 08:57:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: The RPC server is too busy to complete this operation.

Error: (01/06/2015 08:01:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ntwfemfvcw.exe36.0.1985.14353e2e515uokqaqa.dll0.0.0.054aab37dc0000005000140fb10ac01d02a14bae594b7C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exeC:\Users\David\AppData\LocalLow\uokqaqa.dlla501559c-9608-11e4-9548-78dd08ad1212

Error: (01/06/2015 01:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ntwfemfvcw.exe36.0.1985.14353e2e515uokqaqa.dll0.0.0.054aab37dc0000005000140fb428801d029e078f50f73C:\Users\David\AppData\LocalLow\VPN\Xidwjqjjbqdy\mocflcbdxu\Ntwfemfvcw.exeC:\Users\David\AppData\LocalLow\uokqaqa.dllc89a73ba-95d3-11e4-9548-78dd08ad1212

Error: (01/06/2015 01:06:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/E0AB059420725493056062023670F7CD2EFC6666.crtThis operation returned because the timeout period expired.

Error: (01/03/2015 03:00:59 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (13152) Asapi: (15:00:59:9960)(13152) libTonopahClient.UploadManager - Error -- 920 uploadPacket() S3 returned an error(AccessDenied: Invalid according to Policy: Policy expired.) http(403): <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy expired.</Message><RequestId>CC1A6AE202C9D030</RequestId><HostId>a0LRp1MOegJqvrUF1roT6+Qjng3nuurbW+EpzGDgbfHBTU0qEhRVZ3qFe+0IG6IJ</HostId></Error>

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: The RPC server is too busy to complete this operation.

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: The RPC server is too busy to complete this operation.

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: The RPC server is too busy to complete this operation.

Error: (12/29/2014 04:28:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: The RPC server is too busy to complete this operation.

Error: (12/22/2014 09:51:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: UnixTeam)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 820 @ 1.73GHz
Percentage of memory in use: 41%
Total physical RAM: 8123.53 MB
Available physical RAM: 4729.31 MB
Total Pagefile: 16245.24 MB
Available Pagefile: 12239.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:206.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (My Passport) (Fixed) (Total:1397.23 GB) (Free:496.91 GB) NTFS
Drive e: (MACF131106) (CDROM) (Total:0.41 GB) (Free:0 GB) UDF
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AFFD1DA9)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.2 GB) (Disk ID: 0006B3B4)
Partition 1: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:23 PM

Posted 07 January 2015 - 05:45 PM

Great. :)


First,
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Run: [Mouse Suite 98 Daemon] => ICO.EXE
    HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\Run: [Bdzdmarjw] => regsvr32.exe /s "C:\Users\David\AppData\Local\{06000B67-504E-4FA5-A3BA-F4FDE5AF72E2}\Bdzdmarjw.dll" <===== ATTENTION
    HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\MountPoints2: {e0941868-8157-11df-b435-806e6f6e6963} - Q:\LenovoQDrive.exe
    HKU\S-1-5-21-2913281196-3413940811-1613610604-1001\...\MountPoints2: {e094186b-8157-11df-b435-806e6f6e6963} - E:\SETUP.EXE /AUTORUN
    GroupPolicyUsers\S-1-5-21-2913281196-3413940811-1613610604-1003\User: Group Policy restriction detected <======= ATTENTION
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {41C64365-B002-4FBE-A0BB-07A84DDF58E5} URL =
    SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> {9FABFBF5-C794-407B-A8CC-3A4BA712A224} URL =
    Toolbar: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKU\S-1-5-21-2913281196-3413940811-1613610604-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    FF NetworkProxy: "type", 0
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    C:\Users\David\remotedrive_1_BPET26B_14.dll
    C:\Users\David\remotedrive_1_BPET50G_10_09_14.dll
    C:\Users\David\AppData\Roaming\cache.dat
    C:\Users\David\AppData\Roaming\cache.ini
    AlternateDataStreams: C:\Users\David\Documents\Test of _forward.eml:OECustomProperty
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Next,
    Please download Malwarebytes' Anti-Malware from Here or Here
    • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
    • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
      MBAM1_zps65d773c0.png
    • If an update is found, it will download and install the latest updates automatically:
      MBAM2_zps52e3211b.png
    • Now select the Settings tab, and check the box next to Scan for rootkits:
      MBAM3_zps83324155.png
    • Go back to the Dashboard tab, and click the Scan Now button:
      MBAM4_zpse3cd4a79.png
    • The scan may take some time to finish,so please be patient.
      MBAM5_zps36d7537b.png
    • When the scan is complete, it will show you the results. (This one is clean):
      MBAM65_zpsb0aa143c.png
    • Make sure that everything is checked, and click Quarantine All (or similar).
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
      MBAM7_zps782405f0.png
    • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
      MBAM9_zps1f87702b.png
    • Choose the latest Scan Log, and click on the View button:
      MBAM10_zps5a48f689.png
    • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
      MBAM8_zpsad402941.png
    • Copy & Paste the entire contents of the report log in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

    Next,
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:23 PM

Posted 11 January 2015 - 08:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users