Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Software Restriction Policy + other issues


  • This topic is locked This topic is locked
27 replies to this topic

#1 Angela12345

Angela12345

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 05 February 2015 - 02:28 PM

Software Restriction Policy + other issues

This is the computer I use for work.  It is standalone, not connected to any network, and no one else ever works on it or has access to it (which unfortunately means whatever has happened to it, I did myself : (

Windows XP Professional service pack 3

Starting very recently, I noticed the computer was acting strangely, and it increasingly got worse over the last couple/few days.  Here is what I can think of that I have noticed ...
- computer has started running so slowly as to almost not be running at all.  For example, I open Excel and it takes maybe 10 minutes just to open
- got the 'blue screen' for a brief moment then the computer shutdown and restarted.  It was too fast for me to read what it said
- when I try to open Malwarebytes, Ad-Aware, Super AntiSpyware, Avast I get error message "Windows cannot open this program because it has been prevented by a software restriction policy.  For more information, open Event Viewer or contact your system administrator"
- I cannot boot into Safe Mode.  I get as far as the startup screen and after that It gets stuck at the login screen and will not allow me to move the mouse or Enter to log on.  To get out of it, I have to shutdown using the power switch
- when I looked at history in Internet Explorer (view by order visited today) it shows webpages that I have not been to, and new things were showing up when I looked again a few minutes later

The worst thing, is this is my work computer, which is affecting my job.   :(

BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 AM

Posted 05 February 2015 - 02:36 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 05 February 2015 - 02:49 PM

Thanks Jurgen !!

See below


 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Art (administrator) on ARTHOME on 05-02-2015 14:44:32
Running from C:\Documents and Settings\Art\Desktop
Loaded Profiles: Art (Available profiles: Art & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\ZuneBusEnum.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(LENOVO) C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AOL LLC) C:\Program Files\AIM\aim.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(LENOVO) C:\PROGRA~1\Lenovo\NPDIRECT\NPDTRAY.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-14] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LCONTROL] => C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-19] (ATK0101)
HKLM\...\Run: [LFKA] => C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-15] (Lenovo)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [425984 2008-10-27] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [143360 2008-10-27] (Lenovo )
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-09-15] (ALWIL Software)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [158448 2010-01-07] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [mumservice] => C:\Program Files\Motorola\Software Update\mumservice.exe [1066304 2011-06-03] (Motorola)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [{4e1e0e5b-0371-e987-03d0-4b324fed7546}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{4e1e0e5b-0371-e987-03d0-4b324fed7546}\{4e1e0e5b-0371-e987-03d0-4b324fed7546}.exe [376873 2015-02-03] ()
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
HKLM\...\Policies\Explorer\Run: [{4e1e0e5b-0371-e987-03d0-4b324fed7546}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{4e1e0e5b-0371-e987-03d0-4b324fed7546}\{4e1e0e5b-0371-e987-03d0-4b324fed7546}.exe [376873 2015-02-03] ( ())
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [Aim] => C:\Program Files\AIM\aim.exe [3634024 2009-09-16] (AOL LLC)
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-25] (SUPERAntiSpyware)
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [NPDTRAY] => C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE [218400 2008-07-30] (LENOVO)
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [Google Update**.d<*>] => "C:\Documents and Settings\Art\Local Settings\Application Data\Google\Desktop\Install\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [aprxdist] => C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe [109056 2012-10-02] ()
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\RunOnce: [aprxdist] => C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe [109056 2012-10-02] ()
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Policies\Explorer: [Run] "C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe"
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Command Processor: "C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe" <===== ATTENTION!
Startup: C:\Documents and Settings\Art\Start Menu\Programs\Startup\aprxdist.lnk
ShortcutTarget: aprxdist.lnk -> C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe ()
BootExecute: autocheck autochk * lsdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-421417644-672489333-1106248786-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> DefaultScope {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: No Name -> {043C5167-00BB-4324-AF7E-62013FAEDACF} ->  No File
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254368332281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://allregs.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default
FF DefaultSearchEngine: Web Search...
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local;192.168.*.*"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin HKU\S-1-5-21-421417644-672489333-1106248786-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Art\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-30]
FF Extension: Add to Search Bar - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2012-04-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-30]
FF HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009-09-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-08]
CHR Extension: (YouTube) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [90112 2008-10-27] (Lenovo ) [File not signed]
R2 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [217088 2008-10-27] (Lenovo ) [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-09-15] (ALWIL Software)
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed]
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-09-15] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-09-15] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-09-15] (ALWIL Software)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel® Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2013-03-15] (Oracle Corporation)
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-27] (Lavasoft Limited)
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] () [File not signed]
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-10-26] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel® Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [905216 2008-08-20] (Intel® Corporation) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-14] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-09] (Lenovo Group Limited) [File not signed]
R2 ZuneBusEnum; c:\WINDOWS\system32\ZuneBusEnum.exe [58592 2010-01-07] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)
S2 dtsagntsvc; %systemroot%\system32\DfwWebAgent.dll [X]
S2 gtndis5; %systemroot%\system32\SMCB000.dll [X]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]
S2 vet-filt; %systemroot%\system32\MaxtorFrontPanel1.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-09-15] (ALWIL Software)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2008-10-24] (IBM Corp.) [File not signed]
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-09-15] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-09-15] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23152 2009-09-15] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-09-15] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [52368 2009-09-15] (ALWIL Software)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-10-24] () [File not signed]
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
S3 motport; C:\WINDOWS\System32\DRIVERS\motport.sys [24064 2011-03-31] (Motorola)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\A0101X32.sys [5760 2007-08-24] ()
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3632384 2008-08-29] (Intel Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-09-30] (Microsoft Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [14904 2010-07-07] (Secunia)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-04] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-10-26] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-30] () [File not signed]
R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [40832 2010-01-07] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: vet-filt -> C:\Windows\system32\MaxtorFrontPanel1.dll ==> No File.
NETSVC: gtndis5 -> C:\Windows\system32\SMCB000.dll ==> No File.
NETSVC: sentinel -> No Registry Path.
NETSVC: dtsagntsvc -> C:\Windows\system32\DfwWebAgent.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 14:44 - 2015-02-05 14:45 - 00032187 _____ () C:\Documents and Settings\Art\Desktop\FRST.txt
2015-02-05 14:44 - 2015-02-05 14:44 - 00000000 ____D () C:\FRST
2015-02-05 14:42 - 2015-02-05 14:43 - 01123328 _____ (Farbar) C:\Documents and Settings\Art\Desktop\FRST.exe
2015-02-03 15:27 - 2015-02-03 15:27 - 00098304 _____ () C:\WINDOWS\Minidump\Mini020315-01.dmp
2015-01-28 22:33 - 2015-01-28 22:33 - 00000000 ____D () C:\Sun
2015-01-23 13:49 - 2015-02-05 14:15 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{CB390D25-A322-4B68-8B7C-DEAA094BA89F}
2015-01-21 15:17 - 2015-01-21 15:17 - 00019739 _____ () C:\Documents and Settings\Art\Desktop\hs_err_pid27276.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 14:45 - 2013-11-25 14:12 - 00000000 ____D () C:\Documents and Settings\Art\Local Settings\Temp
2015-02-05 14:39 - 2013-11-25 13:19 - 00814156 _____ () C:\WINDOWS\setupapi.log
2015-02-05 14:16 - 2013-11-15 12:09 - 01167274 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-05 14:16 - 2013-11-15 12:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-05 14:16 - 2009-09-30 16:41 - 00000316 _____ () C:\WINDOWS\Tasks\PMTask.job
2015-02-05 14:16 - 2006-04-30 01:56 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-05 14:15 - 2013-11-15 12:09 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-02-05 14:15 - 2011-11-07 11:02 - 00000000 ____D () C:\temp
2015-02-05 14:15 - 2011-01-12 19:34 - 00080788 _____ () C:\aaw7boot.log
2015-02-05 14:15 - 2010-10-10 12:54 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 14:15 - 2009-09-30 16:57 - 00001040 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak
2015-02-05 14:15 - 2006-04-30 02:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 14:10 - 2009-09-30 16:56 - 00000278 ___SH () C:\Documents and Settings\Art\ntuser.ini
2015-02-05 14:10 - 2009-09-30 16:56 - 00000000 ____D () C:\Documents and Settings\Art
2015-02-05 14:10 - 2006-04-30 02:20 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-05 14:09 - 2011-11-02 15:03 - 00000000 ____D () C:\Documents and Settings\Art\My Documents\Outlook Files
2015-02-05 13:58 - 2009-09-30 16:56 - 00000250 _____ () C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2015-02-05 13:51 - 2014-02-06 14:56 - 00000510 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-421417644-672489333-1106248786-1005.job
2015-02-05 13:13 - 2010-10-10 12:54 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 13:12 - 2012-11-08 10:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-05 12:40 - 2012-04-18 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-02-05 12:00 - 2009-09-30 22:25 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-02-05 11:06 - 2011-11-02 14:46 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-02-05 11:04 - 2010-01-24 11:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-05 10:47 - 2011-09-14 09:46 - 00000000 ____D () C:\Documents and Settings\Art\Desktop\ANGELA - WORK
2015-02-04 23:26 - 2012-04-18 09:40 - 01042048 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG
2015-02-04 16:14 - 2006-04-29 19:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-02-04 15:39 - 2012-06-15 14:39 - 00000354 _____ () C:\WINDOWS\Tasks\MotoHelper Routing.job
2015-02-03 22:29 - 2011-08-29 07:58 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-03 15:29 - 2011-04-19 16:56 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2015-02-03 15:29 - 2011-04-19 16:56 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2015-02-03 15:27 - 2009-12-18 23:00 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-03 15:27 - 2009-10-01 21:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-29 18:08 - 2009-10-01 08:57 - 00000437 _____ () C:\WINDOWS\3DHOME.INI
2015-01-29 18:08 - 2009-10-01 08:55 - 00000000 ____D () C:\3dhmedlx
2015-01-28 12:12 - 2012-11-08 10:24 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-28 12:12 - 2011-08-16 22:11 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-22 20:33 - 2011-03-18 18:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-22 16:29 - 2011-10-05 13:43 - 00227328 ___SH () C:\Documents and Settings\Art\Desktop\Thumbs.db
2015-01-20 21:45 - 2013-02-02 11:04 - 00040179 _____ () C:\Documents and Settings\Art\Desktop\drawers.txt
2015-01-15 23:12 - 2012-01-31 16:29 - 00000000 ____D () C:\Documents and Settings\Art\Desktop\ANGELA - PERSONAL
2015-01-07 16:02 - 2010-08-25 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2009-12-27 17:03 - 2012-06-12 18:02 - 0005120 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-22 13:09 - 2011-09-22 13:09 - 0000126 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat
ZeroAccess:
C:\Documents and Settings\Art\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Files to move or delete:
====================
C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe

Some content of TEMP:
====================
C:\Documents and Settings\Art\Local Settings\Temp\fixutil.exe
C:\Documents and Settings\Art\Local Settings\Temp\urepair.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================




 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by Art at 2015-02-05 14:45:44
Running from C:\Documents and Settings\Art\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Watch Live! Anti-Virus (Disabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! antivirus 4.8.1356 [VPS 091129-1] (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Home Architect Deluxe (HKLM\...\3D Home Architect Deluxe 2.2) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.11 - )
Ad-Aware (HKLM\...\{385DD1DD-65AA-408D-8E70-74601C2DB7E6}) (Version: 9.5.0 - Lavasoft Limited)
Adobe Acrobat 6.0 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
avast! Antivirus (HKLM\...\avast!) (Version: 4.8 - Alwil Software)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BrowserXT (HKLM\...\BrowserXT) (Version: 1.0 - MeridianLink)
BrowserXT (Version: 1.0 - MeridianLink) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.54.0.0 - Conexant)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
Encompass360 (HKLM\...\{00F8718D-9F98-4B28-B113-CFEF1CB72EE9}) (Version: 6.8.0 - Ellie Mae, Inc.)
Encompass360 Installation Manager (Version: 6.8.0 - Ellie Mae) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileMind QuickFix (HKLM\...\{92789900-80D0-4B61-B742-7897964A69AB}_is1) (Version: Build 4184 - Metability Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}) (Version: 12.01.1000 - Intel® Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1243 - InterVideo Inc.)
iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 3.00b - )
Lenovo Care Supplement (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 3.00b - )
Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)
Lenovo_ATK_Package (HKLM\...\{055B9AD2-48E1-462E-9992-814123063C46}) (Version: 0.00.04.0 - Lenovo)
Lotus NotesSQL 3.01 driver (HKLM\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version:  - )
Lotus SmartSuite - English (HKLM\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{4E336342-73F3-4D6B-AFDE-2F218B8BCF2F}) (Version: 3.3.0053 - Lenovo)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Motorola Software Update (HKLM\...\{C3FA6AFC-69D1-4369-8864-9652C0F35181}) (Version: 01.16.20 - Motorola)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.13.01 - )
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4957.02 - PC-Doctor, Inc.)
PlayCatan Access Software (HKLM\...\PlayCatan Client) (Version: 3.1022 - Catan GmbH)
Point (HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\2c777a09c05bdfb6) (Version: 1.0.0.370 - Calyx Software)
Point 7.4 SP6 (HKLM\...\{F398D45A-300F-486B-BC4E-6E2066F6DA10}) (Version: 7.4.1343 - Calyx Software)
Point Old Verison Clean up Tool (HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Point Old Verison Clean up Tool) (Version:  - )
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.13.0000 - Realtek)
Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.21.0016.00 - Lenovo Group Limited)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Safari (HKLM\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Secunia PSI (HKLM\...\Secunia PSI) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.15.0017 - Lenovo)
ThinkPad EasyEject Utility  (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.36 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.03 - )
ThinkPad PC Card Power Policy (Version: 1.02 - ) Hidden
ThinkPad Power Management Driver for SL Series (HKLM\...\Power Management Driver) (Version: 1.44 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.48 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.19.5 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 5.12 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 2.00 - ) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Verizon Wireless BroadbandAccess Self Activation (HKLM\...\{3F963A06-7C18-4039-9789-9644B3266AE7}) (Version: 1.3.2 - Smith Micro Software, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
vShare Plugin (HKLM\...\vShare) (Version:  - )
Wallpapers (Version:  - ) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XP Themes (Version: 1.00.0000 - Lenovo) Hidden
Zune (HKLM\...\Zune) (Version: 04.02.0202.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1865\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{C2E742FE-5352-41DF-8B3E-7E38613209DD}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{CB390D25-A322-4B68-8B7C-DEAA094BA89F}\FntCache.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-04-30 01:55 - 2012-04-18 16:23 - 00441872 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-421417644-672489333-1106248786-1005.job => C:\Program Files\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper MUM.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper Routing.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper Update.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE

==================== Loaded Modules (whitelisted) ==============

2008-08-20 18:10 - 2008-08-20 18:10 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-09-30 16:38 - 2007-10-30 13:35 - 00094208 ____R () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
2009-09-30 16:38 - 2008-03-19 23:46 - 00208896 ____R () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
2009-09-30 16:37 - 2007-06-18 18:28 - 00056056 ____N () C:\WINDOWS\system32\DLAAPI_W.DLL
2009-09-30 16:41 - 2008-10-26 11:48 - 00045056 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2009-09-30 16:41 - 2008-10-26 11:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2009-09-30 16:38 - 2007-03-09 18:16 - 00106496 ____R () C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll
2011-12-06 16:00 - 2011-12-06 16:00 - 00214896 ____N () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2011-12-06 16:00 - 2011-12-06 16:00 - 00784240 ____N () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
2008-05-14 18:25 - 2008-05-14 18:25 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2008-05-14 18:08 - 2008-05-14 18:08 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2009-09-30 16:41 - 2008-10-26 11:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
2009-09-30 16:42 - 2008-10-27 11:55 - 00039936 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
2009-09-30 16:42 - 2008-10-27 11:55 - 00036352 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
2008-05-14 18:08 - 2008-05-14 18:08 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll
2009-09-30 16:42 - 2008-10-27 11:55 - 00229376 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
2011-02-06 10:32 - 2011-02-06 10:32 - 00067872 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2003-05-15 01:03 - 2003-05-15 01:03 - 00147456 ____N () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB13040$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-421417644-672489333-1106248786-1005\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-421417644-672489333-1106248786-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Art (S-1-5-21-421417644-672489333-1106248786-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Art
ASPNET (S-1-5-21-421417644-672489333-1106248786-1003 - Limited - Enabled)
Guest (S-1-5-21-421417644-672489333-1106248786-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-421417644-672489333-1106248786-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-421417644-672489333-1106248786-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 11:57:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (02/05/2015 11:00:39 AM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 14.0.7109.5000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (02/05/2015 11:00:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:57:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:57:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:54:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:53:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:48:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/04/2015 03:52:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application EXCEL.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (02/05/2015 02:39:46 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.108 for the Network Card with network address 0022FA43D84C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/05/2015 02:16:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Symwsc service terminated with the following error:
%%126

Error: (02/05/2015 02:16:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (02/05/2015 02:16:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mail2ec service terminated with the following error:
%%126

Error: (02/05/2015 02:16:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mrpostman service terminated with the following error:
%%126

Error: (02/05/2015 02:16:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error:
%%1053

Error: (02/05/2015 02:16:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.

Error: (02/05/2015 02:13:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
ANC
aswSP
aswTdi
Cdrom
Fips
i8042prt
IBMTPCHK
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
TPHKDRV
TPPWRIF
TSMAPIP
tvtumon
WS2IFSL

Error: (02/05/2015 02:13:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (02/05/2015 02:13:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (02/05/2015 11:57:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (02/05/2015 11:00:39 AM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: officelifeboathangoutlook.exe14.0.7109.5000ntdll.dll5.1.2600.6055NILNILNILNILNILNIL

Error: (02/05/2015 11:00:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (02/05/2015 10:57:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:57:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (02/05/2015 10:54:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:53:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:48:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/04/2015 03:52:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE14.0.7109.5000hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P7370 @ 2.00GHz
Percentage of memory in use: 28%
Total physical RAM: 3037.23 MB
Available physical RAM: 2181.02 MB
Total Pagefile: 4922.43 MB
Available Pagefile: 4218.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.11 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:143.04 GB) (Free:25.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6 GB) - (Type=12)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 AM

Posted 05 February 2015 - 03:05 PM

Hi,

windows_xp_logo.jpg Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

warning.gif Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.
Any patches, updates or security releases are ceased for this System.This is just an information for you if not aware.
My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8.


warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   754bytes   6 downloads


Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

Edited by deeprybka, 05 February 2015 - 03:07 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 05 February 2015 - 03:27 PM

Here is the Fixlog.txt

Working on ComboFix now.  Will reply as soon as it is finished running.



 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-02-2015
Ran by Art at 2015-02-05 15:24:51 Run:1
Running from C:\Documents and Settings\Art\Desktop
Loaded Profiles: Art (Available profiles: Art & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\ESET
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.

==== End of Fixlog 15:24:52 ====



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 AM

Posted 05 February 2015 - 03:36 PM

Working on ComboFix now.  Will reply as soon as it is finished running.

 

OK! :thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 05 February 2015 - 04:32 PM

Combofix said it found a rootkit and needed to reboot, so I clicked 'ok'.  Then it ran through all of the stages and produced the log below.

 

 

 

ComboFix 15-02-02.01 - Art 02/05/2015  15:49:10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2586 [GMT -5:00]
Running from: c:\documents and settings\Art\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091129-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Art\LOCALS~1\APPLIC~1\Google\Desktop\Install
c:\docume~1\Art\LOCALS~1\APPLIC~1\Google\Desktop\Install\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\C3C1~1\01C8~1\CFFE~1\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\@
c:\documents and settings\All Users\Application Data\17817380
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe
c:\documents and settings\Art\g2mdlhlpx.exe
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\0103~1\0103~1\CFFE~1\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\@
c:\program files\Google\Desktop\Install\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\0103~1\0103~1\CFFE~1\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\U\00000001.@
c:\program files\Google\Desktop\Install\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\0103~1\0103~1\CFFE~1\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\U\00000002.@
c:\program files\Google\Desktop\Install\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\0103~1\0103~1\CFFE~1\{a8bd7ea8-3c9c-dfa0-1700-2cade8370a9d}\U\80000001.@
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-05 to 2015-02-05  )))))))))))))))))))))))))))))))
.
.
2015-02-05 19:44 . 2015-02-05 20:24 -------- d-----w- C:\FRST
2015-02-03 23:45 . 2015-02-03 23:45 376873 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\{4e1e0e5b-0371-e987-03d0-4b324fed7546}\{4e1e0e5b-0371-e987-03d0-4b324fed7546}.exe
2015-01-29 03:33 . 2015-01-29 03:33 -------- d-----w- C:\Sun
2015-01-23 18:49 . 2015-02-05 20:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CB390D25-A322-4B68-8B7C-DEAA094BA89F}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 20:12 . 2012-11-08 15:24 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 20:12 . 2011-08-17 03:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 150040]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]
"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-10-26 335872]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-10-26 208896]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2011-06-03 1066304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"{4e1e0e5b-0371-e987-03d0-4b324fed7546}"="c:\documents and settings\All Users\Application Data\Microsoft\{4e1e0e5b-0371-e987-03d0-4b324fed7546}\{4e1e0e5b-0371-e987-03d0-4b324fed7546}.exe" [2015-02-03 376873]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Run"= "c:\documents and settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe"
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
 [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/30/2009 10:25 PM 64512]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 6:21 PM 19496]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/30/2009 8:41 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 7:50 AM 46144]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/30/2009 8:41 PM 20560]
R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [9/30/2009 4:38 PM 208896]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 4:00 PM 214896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/30/2009 4:41 PM 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 6:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 7:50 AM 253952]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/30/2009 4:27 PM 110080]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 10:18 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 10:16 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 10:15 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 2:25 PM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [6/15/2012 2:38 PM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/15/2012 2:38 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/15/2012 2:38 PM 24064]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [3/18/2011 6:34 PM 18432]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 9:05 AM 14904]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 10:18 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 10:15 AM 1120752]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - POLICYAGENT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ    vvdsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
vet-filt
gtndis5
sentinel
dtsagntsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-04 03:27 1086280 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:14]
.
2015-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 20:12]
.
2015-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2015-02-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2015-02-05 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-421417644-672489333-1106248786-1005.job
- c:\program files\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-28 16:54]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 13:51]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 13:51]
.
2014-12-02 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2015-02-04 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2014-12-02 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2015-02-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-30 16:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: 1sourcehr.com\service
Trusted Zone: lendersoffice.com\secure
Trusted Zone: usda.gov\usdalinc.sc.egov
FF - ProfilePath - c:\documents and settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2010-08-22 21:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\Art\Start Menu\Programs\Startup\aprxdist.lnk - c:\documents and settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-05 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2015-02-05  16:15:10
ComboFix-quarantined-files.txt  2015-02-05 21:14
ComboFix2.txt  2012-04-18 14:46
.
Pre-Run: 28,324,876,288 bytes free
Post-Run: 29,317,267,456 bytes free
.
- - End Of File - - 9D88E56B8369FF78E44EB5B2C13CE028
B134FE1C885D930BBBBEB6822412E3DB
 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 AM

Posted 05 February 2015 - 04:41 PM

Very good. :)

 

Next steps are:

 

Step 1

 

Download mbar.PNGMalwarebytes Anti-Rootkit to your Desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


mbar.gif

 

 

 

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 05 February 2015 - 04:42 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 05 February 2015 - 05:48 PM

Malwarebytes found 10 items.  I cleaned then rebooted after running it.

See below for all logs.


 

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.05.09
  rootkit: v2015.02.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Art :: ARTHOME [administrator]

2/5/2015 4:52:11 PM
mbar-log-2015-02-05 (16-52-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 383585
Time elapsed: 35 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
c:\documents and settings\all users\application data\{cb390d25-a322-4b68-8b7c-deaa094ba89f}\fntcache.dll (Trojan.FakeMS.ED) -> Delete on reboot. [94499d7d81098bab9012198902ff06fa]

Registry Keys Detected: 2
HKLM\SOFTWARE\CLASSES\CLSID\{C2E742FE-5352-41DF-8B3E-7E38613209DD} (Trojan.FakeMS.ED) -> Delete on reboot. [94499d7d81098bab9012198902ff06fa]
HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{C2E742FE-5352-41DF-8B3E-7E38613209DD} (Trojan.FakeMS.ED) -> Delete on reboot. [94499d7d81098bab9012198902ff06fa]

Registry Values Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{4e1e0e5b-0371-e987-03d0-4b324fed7546} (Trojan.Kovter.CR) -> Data: "C:\Documents and Settings\All Users\Application Data\Microsoft\{4e1e0e5b-0371-e987-03d0-4b324fed7546}\{4e1e0e5b-0371-e987-03d0-4b324fed7546}.exe" -> Delete on reboot. [ce0f0c0e9beff14523580812f80a7c84]
HKU\S-1-5-21-421417644-672489333-1106248786-1005\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE (Trojan.Agent.EV) -> Data: "C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe" -> Delete on reboot. [fbe2f525c0ca6fc746c0366992718977]
HKU\S-1-5-21-421417644-672489333-1106248786-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run (Trojan.Agent) -> Data: "C:\Documents and Settings\Art\Application Data\Microsoft\Windows\IEUpdate\aprxdist.exe" -> Delete on reboot. [6479a6740f7b40f6d793badd22e151af]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\WINDOWS\$NtUninstallKB13040$\1195079115\L (Backdoor.0Access) -> Delete on reboot. [37a63ddd0a8006306d7d7a869769fc04]
C:\WINDOWS\$NtUninstallKB13040$\1195079115\U (Backdoor.0Access) -> Delete on reboot. [cc119783a7e3de58e902b34d69977987]
C:\WINDOWS\$NtUninstallKB13040$\1195079115 (Backdoor.0Access) -> Delete on reboot. [bb220713404abe78787412eea65ae61a]

Files Detected: 4
c:\documents and settings\all users\application data\{cb390d25-a322-4b68-8b7c-deaa094ba89f}\fntcache.dll (Trojan.FakeMS.ED) -> Delete on reboot. [94499d7d81098bab9012198902ff06fa]
C:\Documents and Settings\All Users\Application Data\Microsoft\{4e1e0e5b-0371-e987-03d0-4b324fed7546}\{4e1e0e5b-0371-e987-03d0-4b324fed7546}.exe (Trojan.Kovter.CR) -> Delete on reboot. [ce0f0c0e9beff14523580812f80a7c84]
C:\WINDOWS\Installer\{92E51A3C-FFDE-470E-A742-4F51B2AA562E}\dbghelp62.dll (Trojan.Vawtrack) -> Delete on reboot. [5f7edc3e6c1e70c6c103c5df9a6b7b85]
C:\WINDOWS\$NtUninstallKB13040$\1195079115\L\hvmonmrs (Backdoor.0Access) -> Delete on reboot. [eaf37aa0c9c1d561f9eb9a6617e9ec14]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 3184762880, free: 2184646656

Downloaded database version: v2015.02.05.09
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     02/05/2015 16:51:29
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
Lbd.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Apsx86.sys
ApsHM86.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\A0101X32.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\zumbus.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\CHDAU32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\tvtumon.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\drivers\TSMAPIP.SYS
\SystemRoot\System32\drivers\Tppwrif.sys
\SystemRoot\system32\DRIVERS\TPHKDRV.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\drivers\ANC.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\system32\DRIVERS\WudfPf.sys
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\System32\drivers\pmemnt.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\DOCUME~1\Art\LOCALS~1\Temp\catchme.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.02.05.09
  rootkit: v2015.02.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ada3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ada35f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ada3810, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff8ada3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8adae498, DeviceName: \Device\0000007f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8adc5028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ED1F86F7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 299981682
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 299997184  Numsec = 12580864

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Infected: c:\documents and settings\all users\application data\{cb390d25-a322-4b68-8b7c-deaa094ba89f}\fntcache.dll --> [Trojan.FakeMS.ED]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{C2E742FE-5352-41DF-8B3E-7E38613209DD} --> [Trojan.FakeMS.ED]
Infected: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{C2E742FE-5352-41DF-8B3E-7E38613209DD} --> [Trojan.FakeMS.ED]
Infected: c:\documents and settings\all users\application data\{cb390d25-a322-4b68-8b7c-deaa094ba89f}\fntcache.dll --> [Trojan.FakeMS.ED]
Infected: C:\Documents and Settings\All Users\Application Data\Microsoft\{4e1e0e5b-0371-e987-03d0-4b324fed7546}\{4e1e0e5b-0371-e987-03d0-4b324fed7546}.exe --> [Trojan.Kovter.CR]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{4e1e0e5b-0371-e987-03d0-4b324fed7546} --> [Trojan.Kovter.CR]
Infected: C:\WINDOWS\Installer\{92E51A3C-FFDE-470E-A742-4F51B2AA562E}\dbghelp62.dll --> [Trojan.Vawtrack]
Infected: C:\WINDOWS\$NtUninstallKB13040$\1195079115\L\hvmonmrs --> [Backdoor.0Access]
Infected: HKU\S-1-5-21-421417644-672489333-1106248786-1005\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE --> [Trojan.Agent.EV]
Infected: HKU\S-1-5-21-421417644-672489333-1106248786-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run --> [Trojan.Agent]
Infected: C:\WINDOWS\$NtUninstallKB13040$\1195079115\L --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB13040$\1195079115\U --> [Backdoor.0Access]
Infected: C:\WINDOWS\$NtUninstallKB13040$\1195079115 --> [Backdoor.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Art (administrator) on ARTHOME on 05-02-2015 17:44:16
Running from C:\Documents and Settings\Art\Desktop
Loaded Profiles: Art (Available profiles: Art & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\ZuneBusEnum.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wiaacmgr.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(LENOVO) C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-14] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LCONTROL] => C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-19] (ATK0101)
HKLM\...\Run: [LFKA] => C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-15] (Lenovo)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [425984 2008-10-27] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [143360 2008-10-27] (Lenovo )
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-09-15] (ALWIL Software)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [158448 2010-01-07] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [mumservice] => C:\Program Files\Motorola\Software Update\mumservice.exe [1066304 2011-06-03] (Motorola)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
BootExecute: autocheck autochk * lsdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-421417644-672489333-1106248786-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> DefaultScope {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254368332281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://allregs.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default
FF DefaultSearchEngine: Web Search...
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", "*.local;192.168.*.*"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin HKU\S-1-5-21-421417644-672489333-1106248786-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Art\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-30]
FF Extension: Add to Search Bar - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2012-04-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-30]
FF HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009-09-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-08]
CHR Extension: (YouTube) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [90112 2008-10-27] (Lenovo ) [File not signed]
R2 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [217088 2008-10-27] (Lenovo ) [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-09-15] (ALWIL Software)
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed]
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-09-15] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-09-15] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-09-15] (ALWIL Software)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel® Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2013-03-15] (Oracle Corporation)
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-27] (Lavasoft Limited)
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] () [File not signed]
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-10-26] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel® Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [905216 2008-08-20] (Intel® Corporation) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-14] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-09] (Lenovo Group Limited) [File not signed]
R2 ZuneBusEnum; c:\WINDOWS\system32\ZuneBusEnum.exe [58592 2010-01-07] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)
S2 dtsagntsvc; %systemroot%\system32\DfwWebAgent.dll [X]
S2 gtndis5; %systemroot%\system32\SMCB000.dll [X]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]
S2 vet-filt; %systemroot%\system32\MaxtorFrontPanel1.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-09-15] (ALWIL Software)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2008-10-24] (IBM Corp.) [File not signed]
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-09-15] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-09-15] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23152 2009-09-15] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-09-15] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [52368 2009-09-15] (ALWIL Software)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-10-24] () [File not signed]
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
S3 motport; C:\WINDOWS\System32\DRIVERS\motport.sys [24064 2011-03-31] (Motorola)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\A0101X32.sys [5760 2007-08-24] ()
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3632384 2008-08-29] (Intel Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-09-30] (Microsoft Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [14904 2010-07-07] (Secunia)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-04] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-10-26] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-30] () [File not signed]
R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [40832 2010-01-07] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Art\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: vet-filt -> C:\Windows\system32\MaxtorFrontPanel1.dll ==> No File.
NETSVC: gtndis5 -> C:\Windows\system32\SMCB000.dll ==> No File.
NETSVC: sentinel -> No Registry Path.
NETSVC: dtsagntsvc -> C:\Windows\system32\DfwWebAgent.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 17:33 - 2015-02-05 17:36 - 00000128 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG
2015-02-05 16:51 - 2015-02-05 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-02-05 16:51 - 2015-02-05 16:51 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 16:50 - 2015-02-05 16:50 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-05 16:49 - 2015-02-05 17:30 - 00000000 ____D () C:\Documents and Settings\Art\Desktop\mbar
2015-02-05 16:48 - 2015-02-05 16:48 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Art\Desktop\mbar-1.08.3.1004.exe
2015-02-05 16:26 - 2015-02-05 16:26 - 00000000 ____D () C:\WINDOWS\pss
2015-02-05 16:15 - 2015-02-05 17:44 - 00000000 ____D () C:\Documents and Settings\Art\Local Settings\temp
2015-02-05 16:15 - 2015-02-05 16:15 - 00015449 _____ () C:\ComboFix.txt
2015-02-05 16:15 - 2015-02-05 16:15 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-05 16:15 - 2015-02-05 16:15 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-02-05 16:15 - 2015-02-05 16:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-02-05 14:45 - 2015-02-05 14:46 - 00030489 _____ () C:\Documents and Settings\Art\Desktop\Addition.txt
2015-02-05 14:44 - 2015-02-05 17:44 - 00028666 _____ () C:\Documents and Settings\Art\Desktop\FRST.txt
2015-02-05 14:44 - 2015-02-05 17:44 - 00000000 ____D () C:\FRST
2015-02-05 14:42 - 2015-02-05 14:43 - 01123328 _____ (Farbar) C:\Documents and Settings\Art\Desktop\FRST.exe
2015-02-03 15:27 - 2015-02-03 15:27 - 00098304 _____ () C:\WINDOWS\Minidump\Mini020315-01.dmp
2015-01-28 22:33 - 2015-01-28 22:33 - 00000000 ____D () C:\Sun
2015-01-23 13:49 - 2015-02-05 17:32 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{CB390D25-A322-4B68-8B7C-DEAA094BA89F}
2015-01-21 15:17 - 2015-01-21 15:17 - 00019739 _____ () C:\Documents and Settings\Art\Desktop\hs_err_pid27276.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 17:42 - 2013-11-25 13:19 - 00824175 _____ () C:\WINDOWS\setupapi.log
2015-02-05 17:36 - 2013-11-15 12:09 - 01427732 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-05 17:33 - 2013-11-15 12:09 - 00000343 _____ () C:\WINDOWS\wiadebug.log
2015-02-05 17:33 - 2013-11-15 12:09 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-02-05 17:33 - 2011-11-07 11:02 - 00000000 ____D () C:\temp
2015-02-05 17:33 - 2010-10-10 12:54 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 17:33 - 2009-09-30 16:56 - 00000000 ____D () C:\Documents and Settings\Art
2015-02-05 17:33 - 2009-09-30 16:41 - 00000316 _____ () C:\WINDOWS\Tasks\PMTask.job
2015-02-05 17:33 - 2006-04-30 02:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 17:33 - 2006-04-30 01:56 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-05 17:32 - 2013-10-09 17:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2015-02-05 17:32 - 2011-01-12 19:34 - 00081236 _____ () C:\aaw7boot.log
2015-02-05 17:32 - 2009-09-30 16:57 - 00002080 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak
2015-02-05 17:31 - 2009-09-30 16:56 - 00000278 ___SH () C:\Documents and Settings\Art\ntuser.ini
2015-02-05 17:31 - 2006-04-30 02:20 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-05 17:30 - 2006-04-29 11:57 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB13040$
2015-02-05 17:13 - 2012-11-08 10:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-05 17:13 - 2010-10-10 12:54 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 17:12 - 2012-11-08 10:24 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 17:12 - 2011-08-16 22:11 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-05 17:12 - 2006-04-29 19:20 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-05 16:58 - 2009-09-30 16:56 - 00000250 _____ () C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2015-02-05 16:51 - 2014-02-06 14:56 - 00000510 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-421417644-672489333-1106248786-1005.job
2015-02-05 16:49 - 2011-08-29 08:03 - 00000000 ____D () C:\Documents and Settings\Art\Desktop\PROTECT & Fix Software
2015-02-05 16:15 - 2012-04-17 10:17 - 00000000 ____D () C:\Qoobox
2015-02-05 16:11 - 2006-04-30 01:56 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-05 15:36 - 2006-04-29 19:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-02-05 15:35 - 2010-01-24 11:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-05 15:27 - 2011-11-02 15:03 - 00000000 ____D () C:\Documents and Settings\Art\My Documents\Outlook Files
2015-02-05 12:00 - 2009-09-30 22:25 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-02-05 11:06 - 2011-11-02 14:46 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-02-05 10:47 - 2011-09-14 09:46 - 00000000 ____D () C:\Documents and Settings\Art\Desktop\ANGELA - WORK
2015-02-04 15:39 - 2012-06-15 14:39 - 00000354 _____ () C:\WINDOWS\Tasks\MotoHelper Routing.job
2015-02-03 22:29 - 2011-08-29 07:58 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-03 15:29 - 2011-04-19 16:56 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2015-02-03 15:29 - 2011-04-19 16:56 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2015-02-03 15:27 - 2009-12-18 23:00 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-03 15:27 - 2009-10-01 21:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-29 18:08 - 2009-10-01 08:57 - 00000437 _____ () C:\WINDOWS\3DHOME.INI
2015-01-29 18:08 - 2009-10-01 08:55 - 00000000 ____D () C:\3dhmedlx
2015-01-22 20:33 - 2011-03-18 18:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-22 16:29 - 2011-10-05 13:43 - 00227328 ___SH () C:\Documents and Settings\Art\Desktop\Thumbs.db
2015-01-20 21:45 - 2013-02-02 11:04 - 00040179 _____ () C:\Documents and Settings\Art\Desktop\drawers.txt
2015-01-15 23:12 - 2012-01-31 16:29 - 00000000 ____D () C:\Documents and Settings\Art\Desktop\ANGELA - PERSONAL
2015-01-07 16:02 - 2010-08-25 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2009-12-27 17:03 - 2012-06-12 18:02 - 0005120 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-22 13:09 - 2011-09-22 13:09 - 0000126 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by Art at 2015-02-05 17:45:14
Running from C:\Documents and Settings\Art\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Watch Live! Anti-Virus (Disabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! antivirus 4.8.1356 [VPS 091129-1] (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Home Architect Deluxe (HKLM\...\3D Home Architect Deluxe 2.2) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.11 - )
Ad-Aware (HKLM\...\{385DD1DD-65AA-408D-8E70-74601C2DB7E6}) (Version: 9.5.0 - Lavasoft Limited)
Adobe Acrobat 6.0 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
avast! Antivirus (HKLM\...\avast!) (Version: 4.8 - Alwil Software)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BrowserXT (HKLM\...\BrowserXT) (Version: 1.0 - MeridianLink)
BrowserXT (Version: 1.0 - MeridianLink) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.54.0.0 - Conexant)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
Encompass360 (HKLM\...\{00F8718D-9F98-4B28-B113-CFEF1CB72EE9}) (Version: 6.8.0 - Ellie Mae, Inc.)
Encompass360 Installation Manager (Version: 6.8.0 - Ellie Mae) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileMind QuickFix (HKLM\...\{92789900-80D0-4B61-B742-7897964A69AB}_is1) (Version: Build 4184 - Metability Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}) (Version: 12.01.1000 - Intel® Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1243 - InterVideo Inc.)
iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 3.00b - )
Lenovo Care Supplement (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 3.00b - )
Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)
Lenovo_ATK_Package (HKLM\...\{055B9AD2-48E1-462E-9992-814123063C46}) (Version: 0.00.04.0 - Lenovo)
Lotus NotesSQL 3.01 driver (HKLM\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version:  - )
Lotus SmartSuite - English (HKLM\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{4E336342-73F3-4D6B-AFDE-2F218B8BCF2F}) (Version: 3.3.0053 - Lenovo)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Motorola Software Update (HKLM\...\{C3FA6AFC-69D1-4369-8864-9652C0F35181}) (Version: 01.16.20 - Motorola)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.13.01 - )
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4957.02 - PC-Doctor, Inc.)
PlayCatan Access Software (HKLM\...\PlayCatan Client) (Version: 3.1022 - Catan GmbH)
Point (HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\2c777a09c05bdfb6) (Version: 1.0.0.370 - Calyx Software)
Point 7.4 SP6 (HKLM\...\{F398D45A-300F-486B-BC4E-6E2066F6DA10}) (Version: 7.4.1343 - Calyx Software)
Point Old Verison Clean up Tool (HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Point Old Verison Clean up Tool) (Version:  - )
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.13.0000 - Realtek)
Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.21.0016.00 - Lenovo Group Limited)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Safari (HKLM\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Secunia PSI (HKLM\...\Secunia PSI) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.15.0017 - Lenovo)
ThinkPad EasyEject Utility  (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.36 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.03 - )
ThinkPad PC Card Power Policy (Version: 1.02 - ) Hidden
ThinkPad Power Management Driver for SL Series (HKLM\...\Power Management Driver) (Version: 1.44 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.48 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.19.5 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 5.12 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 2.00 - ) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Verizon Wireless BroadbandAccess Self Activation (HKLM\...\{3F963A06-7C18-4039-9789-9644B3266AE7}) (Version: 1.3.2 - Smith Micro Software, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
vShare Plugin (HKLM\...\vShare) (Version:  - )
Wallpapers (Version:  - ) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XP Themes (Version: 1.00.0000 - Lenovo) Hidden
Zune (HKLM\...\Zune) (Version: 04.02.0202.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1865\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

==================== Restore Points  =========================

05-02-2015 15:36:23 System Checkpoint
05-02-2015 17:30:24 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-04-30 01:55 - 2015-02-05 16:11 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-421417644-672489333-1106248786-1005.job => C:\Program Files\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper MUM.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper Routing.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\MotoHelper Update.job => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE

==================== Loaded Modules (whitelisted) ==============

2008-08-20 18:10 - 2008-08-20 18:10 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-09-30 16:38 - 2007-10-30 13:35 - 00094208 ____R () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
2009-09-30 16:38 - 2008-03-19 23:46 - 00208896 ____R () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
2009-09-30 16:37 - 2007-06-18 18:28 - 00056056 ____N () C:\WINDOWS\system32\DLAAPI_W.DLL
2009-09-30 16:41 - 2008-10-26 11:48 - 00045056 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2009-09-30 16:41 - 2008-10-26 11:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2009-09-30 16:38 - 2007-03-09 18:16 - 00106496 ____R () C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll
2011-12-06 16:00 - 2011-12-06 16:00 - 00214896 ____N () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2008-05-14 18:25 - 2008-05-14 18:25 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2008-05-14 18:08 - 2008-05-14 18:08 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2009-09-30 16:41 - 2008-10-26 11:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
2011-12-06 16:00 - 2011-12-06 16:00 - 00784240 ____N () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
2009-09-30 16:42 - 2008-10-27 11:55 - 00039936 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
2009-09-30 16:42 - 2008-10-27 11:55 - 00036352 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
2008-05-14 18:08 - 2008-05-14 18:08 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll
2009-09-30 16:42 - 2008-10-27 11:55 - 00229376 ____N () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
2011-02-06 10:32 - 2011-02-06 10:32 - 00067872 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2003-05-15 01:03 - 2003-05-15 01:03 - 00147456 ____N () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB13040$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31995016.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31995016.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-421417644-672489333-1106248786-1005\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-421417644-672489333-1106248786-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Art (S-1-5-21-421417644-672489333-1106248786-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Art
ASPNET (S-1-5-21-421417644-672489333-1106248786-1003 - Limited - Enabled)
Guest (S-1-5-21-421417644-672489333-1106248786-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-421417644-672489333-1106248786-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-421417644-672489333-1106248786-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 11:57:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (02/05/2015 11:00:39 AM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 14.0.7109.5000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (02/05/2015 11:00:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:57:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:57:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:54:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:53:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 10:48:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/04/2015 03:52:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application EXCEL.EXE, version 14.0.7109.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (02/05/2015 05:33:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Symwsc service terminated with the following error:
%%126

Error: (02/05/2015 05:33:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (02/05/2015 05:33:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mail2ec service terminated with the following error:
%%126

Error: (02/05/2015 05:33:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mrpostman service terminated with the following error:
%%126

Error: (02/05/2015 05:33:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error:
%%1053

Error: (02/05/2015 05:33:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.

Error: (02/05/2015 04:02:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/05/2015 03:49:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/05/2015 03:48:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/05/2015 03:48:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Symwsc service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (02/05/2015 11:57:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (02/05/2015 11:00:39 AM) (Source: Microsoft Office 14) (EventID: 5000) (User: )
Description: officelifeboathangoutlook.exe14.0.7109.5000ntdll.dll5.1.2600.6055NILNILNILNILNILNIL

Error: (02/05/2015 11:00:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (02/05/2015 10:57:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:57:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (02/05/2015 10:54:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:53:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.5000hungapp0.0.0.000000000

Error: (02/05/2015 10:48:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/04/2015 03:52:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE14.0.7109.5000hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P7370 @ 2.00GHz
Percentage of memory in use: 23%
Total physical RAM: 3037.23 MB
Available physical RAM: 2326.5 MB
Total Pagefile: 4922.2 MB
Available Pagefile: 4362.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.57 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:143.04 GB) (Free:27.22 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6 GB) - (Type=12)

==================== End Of Log ============================

 

 

 



 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 AM

Posted 05 February 2015 - 06:02 PM

Ok, now I need some night sleep. I will post further instructions asap. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 05 February 2015 - 06:04 PM

I hope you sleep well.  I will talk with you when you are back.  Thank you for your help so far !!


Edited by Angela12345, 05 February 2015 - 06:05 PM.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 AM

Posted 06 February 2015 - 09:43 AM

Hi,
 
please uninstall: Download Updater

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2
Update to newest version: Download and install mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Edited by deeprybka, 06 February 2015 - 09:45 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 06 February 2015 - 12:28 PM

Thanks Jurgen ! I am going to be working on this as quickly as possible. Although I have several appointments today, so my response will probably be after you have gone to bed tonight because of the time difference.

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 AM

Posted 06 February 2015 - 12:34 PM

Thanks Jurgen ! I am going to be working on this as quickly as possible. Although I have several appointments today, so my response will probably be after you have gone to bed tonight because of the time difference.

:lol: most likely...But usually I reply within a few hours.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 PM

Posted 07 February 2015 - 02:02 PM

Uninstalled the Download Updater using Add/Remove Programs

Here are the logs . . .

 

 

 

# AdwCleaner v4.110 - Logfile created 07/02/2015 at 13:08:10
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Art - ARTHOME
# Running from : C:\Documents and Settings\Art\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\vShare
Folder Deleted : C:\Documents and Settings\Art\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Art\Application Data\vShare
File Deleted : C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKCU\Software\eddfbfbdabecefaedct
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v23.0.1 (en-US)

[2nvmnti6.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search...");
[2nvmnti6.default\prefs.js] - Line Deleted : user_pref("extensions.enabledItems", "jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,vshare@toolbar:1.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23");
[2nvmnti6.default\prefs.js] - Line Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false);
[2nvmnti6.default\prefs.js] - Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v40.0.2214.111

[C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://homesweetfurniture.com/catalogsearch/result/?q={searchTerms}
[C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.roomstogo.com/atgsearch/atgSearchResults.jsp?_dyncharset=UTF-8&_dynSessConf=-8929731376644377407&questionSaved=&catIdSaved=&qfh_docSort=relevance&_D%3Aqfh_docSort=+&qfh_docSortOrder=descending&_D%3Aqfh_docSortOrder=+&qfh_multiSearchSession=true&_D%3Aqfh_multiSearchSession=+&qfh_saveRequest=true&_D%3Aqfh_saveRequest=+&qfh_pageSize=5000&_D%3Aqfh_pageSize=+&srchSiteIds=rtgAdults&_D%3AsrchSiteIds=+&srchSiteIds=rtgKids&_D%3AsrchSiteIds=+&aRoom=%3Cand%3E%0D%0A%3Cstrprop+name%3D%22ancestorCategories.%24repositoryId%22+op%3D%22equal%22%3E9700000%3C%2Fstrprop%3E%0D%0A%3Cor%3E%0D%0A%3Cprop+name%3D%22startDate%22+op%3D%22equal%22+type%3D%22date%22%3E0%3C%2Fprop%3E%0D%0A%3Cprop+name%3D%22startDate%22+op%3D%22lesseq%22+type%3D%22integer%22%3E1350000000%3C%2Fprop%3E%0D%0A%3C%2For%3E%0D%0A%3Cor%3E%0D%0A%3Cprop+name%3D%22endDate%22+op%3D%22equal%22+type%3D%22date%22%3E0%3C%2Fprop%3E%0D%0A%3Cprop+name%3D%22endDate%22+op%3D%22greatereq%22+type%3D%22integer%22%3E1349913600%3C%2Fprop%3E%0D%0A%3C%2For%3E%0D%0A%3Cprop+name%3D%22region.regionName%22+op%3D%22equal%22+type%3D%22string%22%3EFL%3C%2Fprop%3E%0D%0A%3Cprop+name%3D%22productType%22+op%3D%22equal%22+type%3D%22enum%22%3E1%3C%2Fprop%3E%0D%0A%3Cor%3E%0D%0A%3Cprop+name%3D%22tvVendorCode%22+op%3D%22equal%22+type%3D%22string%22%3EBBUY%3C%2Fprop%3E%0D%0A%3Cprop+name%3D%22tvVendorCode%22+op%3D%22equal%22+type%3D%22string%22%3E9999%3C%2Fprop%3E%0D%0A%3C%2For%3E%0D%0A%3Cnumprop+name%3D%22availableFlag%22+op%3D%22equal%22%3E1.0%3C%2Fnumprop%3E%0D%0A%3C%2Fand%3E%0D%0A&_D%3AaRoom=+&type=1&searchExecByFormSubmit=true&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.successURL=&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.successURL=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search=++&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.question={searchTerms}&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.question=+&_DARGS=%2Fatgsearch%2Fgadgets%2FatgSearch.jsp.sform
[C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8233 bytes] - [07/02/2015 12:26:47]
AdwCleaner[S0].txt - [8310 bytes] - [07/02/2015 13:08:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8369  bytes] ##########

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/7/2015
Scan Time: 1:21:30 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.07.06
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Art

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385124
Time Elapsed: 37 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users