Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Google Chrome keeps redirecting to one click ads


  • This topic is locked This topic is locked
7 replies to this topic

#1 flips712

flips712

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 01 May 2015 - 07:55 PM

Hi,

 

When using Google Chrome I keep randomly getting redirected to websites affiliated with "one click ads", which will momentarily appears in the address bar. This problem only happens when browsing with Google Chrome. My IE browser isn't getting redirected. I'm also unable to open various folders on my C drive and receive the error message "Location is not available. Acess is denied." Thanks in advance for your time and assistance!

 

Pauline

flips712

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
Ran by flips712 (administrator) on FLIPS712-PC on 02-05-2015 16:26:02
Running from C:\Users\flips712\Downloads
Loaded Profiles: flips712 (Available profiles: flips712)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lenovo Group Limited) C:\Windows\System32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
() C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\setup_wm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [59168 2007-11-29] (Lenovo Group Limited)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [66176 2007-03-09] (Lenovo Group Limited)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [172032 2007-03-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2007-11-22] (Lenovo.)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [243248 2007-03-28] (Lenovo Group Ltd.)
HKLM\...\Run: [LenovoOobeOffers] => c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [28672 2007-09-25] (lenovo)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [DiskeeperSystray] => C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [217176 2006-11-15] (Diskeeper Corporation)
HKLM\...\Run: [AwaySch] => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [419112 2007-07-05] (Lenovo)
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [124200 2007-07-05] (Lenovo)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2630968 2007-08-09] (Lenovo Group Limited)
HKLM\...\Run: [DDNIUser] => C:\Program Files\DDNI\SBITS\DDNIUSER.EXE [227816 2007-09-28] (Digital Delivery Networks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2007-03-15] (UPEK Inc.)
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012-06-15]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2654977686-2257692886-1203025146-1002 -> DefaultScope {5367AE86-E29E-4487-9A4A-AFC6D80A1CD2} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2654977686-2257692886-1203025146-1002 -> {5367AE86-E29E-4487-9A4A-AFC6D80A1CD2} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2654977686-2257692886-1203025146-1002 -> {CDA9392B-82A7-4196-9D21-6DEE710DD9CF} URL =
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO: CPwmIEBrowserHelper Object -> {F040E541-A427-4CF7-85D8-75E3E0F476C5} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-09] (Lenovo Group Limited)
Toolbar: HKLM - No Name - {90222687-F593-4738-B738-FBEE9C7B26DF} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-01] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\system32\npdeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\flips712\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @talk.google.com/O1DPlugin -> C:\Users\flips712\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @tools.google.com/Google Update;version=3 -> C:\Users\flips712\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @tools.google.com/Google Update;version=9 -> C:\Users\flips712\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\flips712\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\flips712\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (WOT) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-26]
CHR Extension: (YouTube) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Google Search) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (BetaFish Adblocker) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-26]
CHR Extension: (Adblock Super) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR Extension: (Gmail) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554616 2007-01-05] (Symantec Corporation)
S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
S4 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49248 2007-01-12] (Symantec Corporation)
R2 DDNIOEMService; C:\Program Files\DDNI\SBITS\DDNIOEMService.exe [162280 2007-09-28] (Digital Delivery Networks, Inc.) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-29] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2918008 2007-01-05] (Symantec Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2007-01-12] (Sonic Solutions) [File not signed]
S4 Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2007-01-12] (Sonic Solutions) [File not signed]
S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-04-22] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2007-05-30] (MicroVision Development, Inc.) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174664 2012-06-15] (Symantec Corporation)
S4 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-05] (Symantec Corporation)
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55936 2007-03-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-09] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2007-01-08] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 ISPwdSvc; "C:\Program Files\Norton Internet Security\isPwdSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRTN32.sys [486400 2009-06-22] (Conexant Systems Inc.) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387384 2007-01-10] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\CHDARTN.sys [215040 2007-04-27] (Conexant Systems Inc.)
S3 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys [212280 2006-12-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [11152 2007-03-15] (UPEK Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2012-06-15] (Symantec Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2007-12-06] ()
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2012-06-15] (Lenovo) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.sys [191544 2007-01-09] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 15:59 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-02 15:57 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-02 15:44 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-05-02 15:44 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-05-02 15:44 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-05-02 15:44 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-02 15:42 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-02 15:42 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-02 15:41 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-02 15:40 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-02 15:40 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-02 15:40 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-02 15:33 - 2014-10-09 21:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-02 15:33 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-02 15:33 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-02 15:32 - 2014-12-18 20:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-02 15:22 - 2015-05-02 15:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-02 15:21 - 2015-03-04 22:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-02 15:05 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-02 15:04 - 2015-03-13 22:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-02 15:04 - 2015-03-12 21:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-02 15:04 - 2015-03-12 21:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-02 15:04 - 2015-03-04 22:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-02 15:04 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-02 15:04 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-02 15:04 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-02 15:03 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-02 14:57 - 2015-05-02 14:58 - 00402478 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2015-05-02 14:52 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-02 14:52 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-02 14:48 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-02 14:47 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-02 14:45 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-02 14:45 - 2015-01-15 00:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-02 14:45 - 2014-10-09 21:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-02 14:40 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-02 14:40 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-02 14:40 - 2014-10-02 21:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-02 14:40 - 2014-10-02 21:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-02 14:35 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-02 14:35 - 2014-12-05 23:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-02 14:35 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-02 14:35 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-02 14:34 - 2014-10-17 21:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-02 14:22 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-02 14:22 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-02 14:19 - 2014-12-05 23:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-01 20:40 - 2015-05-02 16:26 - 00021763 _____ () C:\Users\flips712\Downloads\FRST.txt
2015-05-01 20:05 - 2015-05-02 16:26 - 00000000 ____D () C:\FRST
2015-05-01 20:05 - 2015-05-01 20:05 - 00000535 _____ () C:\Users\flips712\Desktop\FRST.exe - Shortcut.lnk
2015-05-01 20:04 - 2015-05-01 20:04 - 01140736 _____ (Farbar) C:\Users\flips712\Downloads\FRST.exe
2015-05-01 19:36 - 2015-05-01 19:36 - 16502728 _____ (Malwarebytes Corp.) C:\Users\flips712\Downloads\mbar-1.09.1.1004 (1).exe
2015-05-01 19:36 - 2015-05-01 19:36 - 00000619 _____ () C:\Users\flips712\Desktop\mbar-1.09.1.1004 (1).exe - Shortcut.lnk
2015-05-01 19:32 - 2015-05-01 19:32 - 00002604 _____ () C:\Users\flips712\Downloads\FSS.txt
2015-05-01 19:30 - 2015-05-01 19:30 - 00415232 _____ (Farbar) C:\Users\flips712\Downloads\FSS.exe
2015-05-01 19:30 - 2015-05-01 19:30 - 00000584 _____ () C:\Users\flips712\Desktop\SecurityCheck.exe - Shortcut.lnk
2015-05-01 19:30 - 2015-05-01 19:30 - 00000528 _____ () C:\Users\flips712\Desktop\FSS.exe - Shortcut.lnk
2015-05-01 19:29 - 2015-05-01 19:29 - 00852630 _____ () C:\Users\flips712\Downloads\SecurityCheck.exe
2015-05-01 19:21 - 2015-05-01 19:35 - 00038912 _____ () C:\Users\flips712\Downloads\Result.txt
2015-05-01 19:18 - 2015-05-01 19:18 - 00402944 _____ (Farbar) C:\Users\flips712\Downloads\MiniToolBox.exe
2015-05-01 19:18 - 2015-05-01 19:18 - 00000574 _____ () C:\Users\flips712\Desktop\MiniToolBox.exe - Shortcut.lnk
2015-04-30 20:06 - 2015-04-30 20:06 - 00115200 _____ () C:\Users\flips712\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-30 02:39 - 2015-04-30 02:42 - 00000373 _____ () C:\Users\flips712\Desktop\NTREGOPT.lnk
2015-04-30 02:39 - 2015-04-30 02:42 - 00000360 _____ () C:\Users\flips712\Desktop\ERUNT.lnk
2015-04-30 02:39 - 2015-04-30 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERDNT
2015-04-30 02:39 - 2015-04-30 02:39 - 00000000 ____D () C:\Program Files\ERUNT
2015-04-30 02:36 - 2015-04-30 02:36 - 00031952 _____ () C:\Users\flips712\Desktop\README.TXT ERDNT.txt
2015-04-30 02:22 - 2015-04-30 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Erunt
2015-04-29 23:37 - 2015-05-02 16:14 - 00392000 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-29 23:37 - 2015-04-29 23:37 - 00000598 _____ () C:\Windows\PFRO.log
2015-04-29 23:35 - 2015-04-29 23:35 - 00000528 _____ () C:\Users\flips712\Desktop\OTC.exe - Shortcut.lnk
2015-04-29 23:01 - 2015-04-29 23:01 - 00000686 _____ () C:\Users\flips712\Desktop\CCleaner.exe - Shortcut.lnk
2015-04-29 23:00 - 2015-04-29 23:02 - 00000000 ____D () C:\Users\flips712\Downloads\CCleaner
2015-04-29 22:23 - 2015-04-29 22:24 - 16873560 _____ () C:\Users\flips712\Downloads\RogueKiller (1).exe
2015-04-29 22:16 - 2015-05-02 16:26 - 00008576 _____ () C:\Windows\system32\TPAPSLOG.LOG
2015-04-29 00:23 - 2015-04-29 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-04-29 00:23 - 2015-04-29 00:23 - 00000000 ____D () C:\Program Files\RogueKiller
2015-04-29 00:10 - 2015-04-29 00:12 - 18877984 _____ (Adlice Software ) C:\Users\flips712\Downloads\setup.exe
2015-04-29 00:05 - 2015-04-29 00:06 - 03836552 _____ (Adlice Software ) C:\Users\flips712\Downloads\Unconfirmed 28313.crdownload
2015-04-29 00:03 - 2015-04-28 06:04 - 02716174 _____ (Thisisu) C:\Users\flips712\Desktop\JRT_NEW.exe
2015-04-28 01:11 - 2015-04-29 02:01 - 00001256 _____ () C:\Users\flips712\Desktop\ComboFix .exe - Shortcut.lnk
2015-04-28 01:10 - 2015-04-28 01:10 - 00000629 _____ () C:\Users\flips712\Desktop\esetsmartinstaller_enu.exe - Shortcut.lnk
2015-04-28 01:09 - 2015-04-28 01:10 - 02347384 _____ (ESET) C:\Users\flips712\Downloads\esetsmartinstaller_enu.exe
2015-04-28 00:56 - 2015-04-28 00:56 - 00000569 _____ () C:\Users\flips712\Desktop\iexplore.exe.lnk
2015-04-27 17:44 - 2015-04-27 17:44 - 02224640 _____ () C:\Users\flips712\Downloads\Unconfirmed 462049.crdownload
2015-04-26 13:14 - 2015-04-30 19:50 - 00001981 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-26 13:14 - 2015-04-26 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-26 12:57 - 2015-04-28 01:18 - 00000000 ____D () C:\Users\flips712\Downloads\FRST-OlderVersion
2015-04-26 12:42 - 2015-04-26 12:42 - 00000000 ____D () C:\Program Files\ESET
2015-04-26 12:28 - 2015-05-01 19:07 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-26 12:27 - 2015-04-26 13:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-26 11:02 - 2015-04-26 11:02 - 00321848 _____ (Malwarebytes Corporation) C:\Users\flips712\Downloads\mbam-clean-2.1.1.1001.exe
2015-04-26 11:02 - 2015-04-26 11:02 - 00000624 _____ () C:\Users\flips712\Desktop\mbam-clean-2.1.1.1001.exe - Shortcut.lnk
2015-04-26 10:57 - 2015-04-26 10:57 - 00791393 _____ (Lars Hederer ) C:\Users\flips712\Downloads\erunt-setup.exe
2015-04-26 10:57 - 2015-04-26 10:57 - 00000574 _____ () C:\Users\flips712\Desktop\erunt-setup.exe - Shortcut.lnk
2015-04-26 10:45 - 2015-04-26 10:45 - 00000564 _____ () C:\Users\flips712\Desktop\rkill (1).exe - Shortcut.lnk
2015-04-26 10:44 - 2015-04-26 10:44 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\flips712\Downloads\rkill (1).exe
2015-04-26 04:53 - 2015-04-26 04:53 - 00000577 _____ () C:\Users\flips712\Desktop\adwcleaner_4.202 - Shortcut.lnk
2015-04-26 04:53 - 2015-04-26 04:53 - 00000564 _____ () C:\Users\flips712\Desktop\HitmanPro - Shortcut.lnk
2015-04-26 04:53 - 2015-04-26 04:53 - 00000528 _____ () C:\Users\flips712\Desktop\JRT - Shortcut.lnk
2015-04-26 04:52 - 2015-04-26 04:52 - 00000577 _____ () C:\Users\flips712\Downloads\adwcleaner_4.202 - Shortcut.lnk
2015-04-26 04:45 - 2015-04-26 04:45 - 00002114 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-04-26 04:45 - 2015-04-26 04:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-04-26 04:22 - 2015-04-26 04:22 - 00001067 _____ () C:\Users\flips712\Desktop\Revo Uninstaller.lnk
2015-04-26 04:22 - 2015-04-26 04:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-26 03:13 - 2015-04-26 03:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\flips712\Downloads\revosetup.exe
2015-04-26 03:10 - 2015-04-26 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 02:56 - 2015-05-01 20:43 - 00040683 _____ () C:\Users\flips712\Downloads\Addition.txt
2015-04-25 17:40 - 2015-04-25 17:40 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-25 17:08 - 2015-04-26 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-25 17:08 - 2015-04-25 17:08 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 17:08 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 17:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-25 17:06 - 2015-04-25 17:06 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\flips712\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-25 11:04 - 2015-04-25 11:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-25 10:13 - 2015-04-25 10:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FLIPS712-PC-Windows-Vista-™-Business-(32-bit).dat
2015-04-25 10:13 - 2015-04-25 10:13 - 00000000 ____D () C:\RegBackup
2015-04-25 10:04 - 2015-04-29 22:21 - 00000000 ____D () C:\AdwCleaner
2015-04-25 10:01 - 2015-04-25 10:03 - 10109856 _____ (SurfRight B.V.) C:\Users\flips712\Downloads\HitmanPro.exe
2015-04-25 09:58 - 2015-04-25 09:58 - 02686590 _____ (Thisisu) C:\Users\flips712\Downloads\JRT.exe
2015-04-25 09:57 - 2015-04-25 09:57 - 02224640 _____ () C:\Users\flips712\Downloads\adwcleaner_4.202.exe
2015-04-25 09:39 - 2015-05-01 19:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 09:38 - 2015-05-01 19:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 09:38 - 2015-04-25 09:38 - 16502728 _____ (Malwarebytes Corp.) C:\Users\flips712\Downloads\mbar-1.09.1.1004.exe
2015-04-21 17:34 - 2015-04-21 17:34 - 00000000 ____D () C:\Users\flips712\AppData\Roaming\Mozilla
2015-04-19 13:38 - 2015-04-19 13:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
2015-04-19 13:38 - 2015-04-19 13:38 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-04-19 13:34 - 2015-04-19 13:34 - 04171576 _____ (Broadcom Corporation.) C:\Users\flips712\Downloads\SetupBtwDownloadSE (1).exe
2015-04-19 13:34 - 2015-04-19 13:34 - 00347816 _____ (Microsoft Corporation) C:\Users\flips712\Downloads\MicrosoftFixit.Devices.Run (1).exe
2015-04-19 13:30 - 2015-04-19 13:30 - 04171576 _____ (Broadcom Corporation.) C:\Users\flips712\Downloads\SetupBtwDownloadSE.exe
2015-04-15 00:31 - 2015-04-15 00:31 - 00880208 _____ (Google Inc.) C:\Users\flips712\Downloads\GoogleVoiceAndVideoSetup.exe
2015-04-14 18:37 - 2015-03-09 19:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 18:37 - 2015-03-09 19:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 18:37 - 2015-03-09 18:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 18:37 - 2015-03-09 18:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 18:37 - 2015-03-09 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 18:37 - 2015-03-09 18:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 18:37 - 2015-03-09 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 18:37 - 2015-03-09 18:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 18:36 - 2015-03-09 19:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 18:36 - 2015-03-09 19:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 18:36 - 2015-03-09 18:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 18:36 - 2015-03-09 18:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 16:27 - 2012-06-15 04:54 - 07009280 _____ () C:\Users\Public\Documents\AccConnAdvanced.html
2015-05-02 16:23 - 2012-12-23 01:02 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 16:23 - 2012-06-15 04:01 - 01581943 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 16:23 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 16:23 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 16:23 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-02 16:23 - 2006-11-02 06:33 - 00759570 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-02 16:15 - 2007-07-27 02:37 - 00025269 _____ () C:\Windows\system32\PROCDB.INI
2015-05-02 16:15 - 2007-07-27 02:37 - 00000380 _____ () C:\Windows\system32\IPSCtrl.INI
2015-05-02 16:15 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 16:11 - 2012-07-06 12:18 - 00000368 _____ () C:\Windows\Tasks\WpsUpdateTask_flips712.job
2015-05-02 16:07 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-02 16:06 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-02 16:00 - 2006-11-02 09:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-02 15:50 - 2012-12-23 01:02 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 15:50 - 2012-06-15 15:13 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2654977686-2257692886-1203025146-1002UA.job
2015-05-02 02:53 - 2013-05-17 00:03 - 10485680 _____ () C:\Users\Public\Documents\Archive_AccConnAdvanced.html
2015-05-02 00:02 - 2012-06-15 15:13 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2654977686-2257692886-1203025146-1002Core.job
2015-05-01 20:31 - 2012-06-18 22:25 - 00000000 ____D () C:\Users\flips712\AppData\Local\Adobe
2015-05-01 20:17 - 2012-07-03 04:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-01 20:17 - 2012-07-03 04:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-01 20:08 - 2012-10-13 21:52 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-01 20:08 - 2012-10-13 21:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-01 20:05 - 2013-10-04 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-01 20:05 - 2013-10-04 09:10 - 00000000 ____D () C:\Users\flips712\Desktop\mbar
2015-04-30 02:40 - 2012-06-16 23:01 - 00000000 ____D () C:\Windows\erdnt
2015-04-30 02:17 - 2012-06-16 03:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-30 02:17 - 2012-06-16 03:12 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-04-29 23:36 - 2012-06-17 03:58 - 00042756 _____ () C:\Users\Public\Documents\AcSvc.dmp
2015-04-29 23:35 - 2012-06-16 23:02 - 00000000 ____D () C:\Qoobox
2015-04-29 23:14 - 2008-02-05 16:53 - 00000000 ____D () C:\Windows\Panther
2015-04-29 23:13 - 2012-09-03 22:16 - 00000000 ____D () C:\Windows\Minidump
2015-04-29 11:07 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2015-04-29 11:07 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2015-04-29 11:03 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-29 02:22 - 2006-11-02 06:22 - 41156608 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 38010880 _____ () C:\Windows\system32\config\COMPON~1.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-04-26 13:15 - 2012-06-15 15:13 - 00000000 ____D () C:\Users\flips712\AppData\Local\Google
2015-04-26 13:13 - 2012-06-15 04:55 - 00000000 ____D () C:\Program Files\Google
2015-04-26 12:23 - 2012-06-15 15:38 - 00002032 _____ () C:\Users\flips712\AppData\Local\d3d9caps.dat
2015-04-26 08:57 - 2012-06-15 05:02 - 00001732 _____ () C:\tvtpktfilter.dat
2015-04-26 08:57 - 2012-06-15 04:29 - 00000000 ____D () C:\SWSHARE
2015-04-26 04:48 - 2013-05-21 22:47 - 00008304 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2015-04-26 04:45 - 2012-06-15 06:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-04-26 04:28 - 2012-06-15 15:38 - 00000959 _____ () C:\Users\flips712\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-25 17:08 - 2013-10-04 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-25 10:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2015-04-19 13:35 - 2015-03-19 18:32 - 05177344 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2015-04-19 13:35 - 2015-03-19 18:32 - 00262144 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2015-04-19 13:35 - 2015-03-19 18:32 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2015-04-17 22:23 - 2013-06-28 16:08 - 00000000 ____D () C:\Users\flips712\Desktop\mov

==================== Files in the root of some directories =======

2012-06-15 15:38 - 2015-04-26 12:23 - 0002032 _____ () C:\Users\flips712\AppData\Local\d3d9caps.dat
2012-06-18 02:04 - 2013-09-08 09:46 - 0038400 _____ () C:\Users\flips712\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 22:47 - 2015-04-26 04:48 - 0008304 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2013-12-27 14:58 - 2013-12-27 14:58 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\flips712\AppData\Local\temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-02 16:21

==================== End Of Log ============================

Attached Files


Edited by flips712, 02 May 2015 - 03:37 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 06 May 2015 - 08:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575000 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 flips712

flips712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 06 May 2015 - 11:36 PM

Hi,

 

Yes I still need help. In addition to experience the redirects while using Google Chrome, I've also acquired the Yahoo Toolbar. I managed to temporarily disable it in Chrome by resetting the default settings. I look forward to your help. Thanks!

 

Pauline 

flips712

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by flips712 (administrator) on FLIPS712-PC on 07-05-2015 00:22:25
Running from C:\Users\flips712\Downloads
Loaded Profiles: flips712 (Available profiles: flips712)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Windows\System32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
() C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\enrollbtn.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [59168 2007-11-29] (Lenovo Group Limited)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [66176 2007-03-09] (Lenovo Group Limited)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [172032 2007-03-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2007-11-22] (Lenovo.)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [243248 2007-03-28] (Lenovo Group Ltd.)
HKLM\...\Run: [LenovoOobeOffers] => c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [28672 2007-09-25] (lenovo)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [DiskeeperSystray] => C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [217176 2006-11-15] (Diskeeper Corporation)
HKLM\...\Run: [AwaySch] => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [419112 2007-07-05] (Lenovo)
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [124200 2007-07-05] (Lenovo)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2630968 2007-08-09] (Lenovo Group Limited)
HKLM\...\Run: [DDNIUser] => C:\Program Files\DDNI\SBITS\DDNIUSER.EXE [227816 2007-09-28] (Digital Delivery Networks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2007-03-15] (UPEK Inc.)
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012-06-15]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2654977686-2257692886-1203025146-1002 -> DefaultScope {5367AE86-E29E-4487-9A4A-AFC6D80A1CD2} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2654977686-2257692886-1203025146-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2654977686-2257692886-1203025146-1002 -> {5367AE86-E29E-4487-9A4A-AFC6D80A1CD2} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2654977686-2257692886-1203025146-1002 -> {CDA9392B-82A7-4196-9D21-6DEE710DD9CF} URL = 
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO: CPwmIEBrowserHelper Object -> {F040E541-A427-4CF7-85D8-75E3E0F476C5} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-09] (Lenovo Group Limited)
Toolbar: HKLM - No Name - {90222687-F593-4738-B738-FBEE9C7B26DF} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-01] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\system32\npdeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\flips712\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @talk.google.com/O1DPlugin -> C:\Users\flips712\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @tools.google.com/Google Update;version=3 -> C:\Users\flips712\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2654977686-2257692886-1203025146-1002: @tools.google.com/Google Update;version=9 -> C:\Users\flips712\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\flips712\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\flips712\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-16]
 
Chrome: 
=======
CHR HomePage: Default -> https://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (WOT) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-26]
CHR Extension: (YouTube) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Adblock Plus) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-04]
CHR Extension: (Google Search) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (AdBlock) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-26]
CHR Extension: (Adblock Super) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR Extension: (Gmail) - C:\Users\flips712\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554616 2007-01-05] (Symantec Corporation)
S4 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
S4 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
S4 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49248 2007-01-12] (Symantec Corporation)
R2 DDNIOEMService; C:\Program Files\DDNI\SBITS\DDNIOEMService.exe [162280 2007-09-28] (Digital Delivery Networks, Inc.) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-29] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2918008 2007-01-05] (Symantec Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2007-01-12] (Sonic Solutions) [File not signed]
S4 Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2007-01-12] (Sonic Solutions) [File not signed]
S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-04-22] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2007-05-30] (MicroVision Development, Inc.) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174664 2012-06-15] (Symantec Corporation)
S4 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-05] (Symantec Corporation)
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55936 2007-03-02] ()
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722232 2007-08-09] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2007-01-08] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 ISPwdSvc; "C:\Program Files\Norton Internet Security\isPwdSvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRTN32.sys [486400 2009-06-22] (Conexant Systems Inc.) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387384 2007-01-10] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\CHDARTN.sys [215040 2007-04-27] (Conexant Systems Inc.)
S3 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys [212280 2006-12-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [11152 2007-03-15] (UPEK Inc.)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2012-06-15] (Symantec Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2007-12-06] ()
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2012-06-15] (Lenovo) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.sys [191544 2007-01-09] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-04 00:24 - 2015-05-04 00:24 - 00725223 _____ () C:\Users\flips712\Desktop\bookmarks_5_4_15.html
2015-05-03 19:33 - 2015-05-03 19:33 - 00000000 __SHD () C:\Users\flips712\Desktop\%USERPROFILE%
2015-05-03 19:32 - 2015-05-03 19:32 - 00000000 __SHD () C:\Users\flips712\Desktop\%APPDATA%
2015-05-03 18:54 - 2015-05-03 18:54 - 00000000 ____D () C:\Users\flips712\AppData\Local\Pro_PC_Cleaner
2015-05-03 18:53 - 2015-05-03 19:05 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2015-05-03 18:53 - 2015-05-03 18:54 - 00000000 ____D () C:\Users\flips712\Documents\ProPCCleaner
2015-05-03 13:51 - 2015-05-03 13:51 - 02204160 _____ () C:\Users\flips712\Downloads\adwcleaner_4.203.exe
2015-05-03 13:50 - 2015-05-03 13:50 - 02224640 _____ () C:\Users\flips712\Downloads\adwcleaner_4.202.exe
2015-05-03 13:44 - 2015-05-04 19:26 - 00002232 _____ () C:\Users\flips712\Desktop\Rkill.txt
2015-05-02 16:36 - 2015-05-02 16:36 - 00038598 _____ () C:\Users\flips712\Desktop\Addition.txt
2015-05-02 15:59 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-02 15:57 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-02 15:44 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-05-02 15:44 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-05-02 15:44 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-05-02 15:44 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-02 15:42 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-02 15:42 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-02 15:41 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-02 15:40 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-02 15:40 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-02 15:40 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-05-02 15:33 - 2014-10-09 21:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-02 15:33 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-02 15:33 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-02 15:32 - 2014-12-18 20:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-02 15:22 - 2015-05-02 15:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-02 15:21 - 2015-03-04 22:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-02 15:05 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-02 15:04 - 2015-03-13 22:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-02 15:04 - 2015-03-12 21:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-02 15:04 - 2015-03-12 21:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-02 15:04 - 2015-03-04 22:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-02 15:04 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-02 15:04 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-02 15:04 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-02 15:03 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-02 14:57 - 2015-05-02 14:58 - 00402478 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2015-05-02 14:52 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-02 14:52 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-02 14:48 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-02 14:47 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-02 14:45 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-02 14:45 - 2015-01-15 00:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-02 14:45 - 2014-10-09 21:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-02 14:40 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-02 14:40 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-02 14:40 - 2014-10-02 21:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-02 14:40 - 2014-10-02 21:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-02 14:35 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-02 14:35 - 2014-12-05 23:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-02 14:35 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-02 14:35 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-02 14:34 - 2014-10-17 21:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-02 14:22 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-02 14:22 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-05-02 14:19 - 2014-12-05 23:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-01 20:40 - 2015-05-07 00:24 - 00022376 _____ () C:\Users\flips712\Downloads\FRST.txt
2015-05-01 20:05 - 2015-05-07 00:22 - 00000000 ____D () C:\FRST
2015-05-01 20:05 - 2015-05-01 20:05 - 00000535 _____ () C:\Users\flips712\Desktop\FRST.exe - Shortcut.lnk
2015-05-01 20:04 - 2015-05-07 00:22 - 01141248 _____ (Farbar) C:\Users\flips712\Downloads\FRST.exe
2015-05-01 19:36 - 2015-05-01 19:36 - 16502728 _____ (Malwarebytes Corp.) C:\Users\flips712\Downloads\mbar-1.09.1.1004 (1).exe
2015-05-01 19:36 - 2015-05-01 19:36 - 00000619 _____ () C:\Users\flips712\Desktop\mbar-1.09.1.1004 (1).exe - Shortcut.lnk
2015-05-01 19:32 - 2015-05-01 19:32 - 00002604 _____ () C:\Users\flips712\Downloads\FSS.txt
2015-05-01 19:30 - 2015-05-01 19:30 - 00415232 _____ (Farbar) C:\Users\flips712\Downloads\FSS.exe
2015-05-01 19:30 - 2015-05-01 19:30 - 00000584 _____ () C:\Users\flips712\Desktop\SecurityCheck.exe - Shortcut.lnk
2015-05-01 19:30 - 2015-05-01 19:30 - 00000528 _____ () C:\Users\flips712\Desktop\FSS.exe - Shortcut.lnk
2015-05-01 19:29 - 2015-05-01 19:29 - 00852630 _____ () C:\Users\flips712\Downloads\SecurityCheck.exe
2015-05-01 19:21 - 2015-05-01 19:35 - 00038912 _____ () C:\Users\flips712\Downloads\Result.txt
2015-05-01 19:18 - 2015-05-01 19:18 - 00402944 _____ (Farbar) C:\Users\flips712\Downloads\MiniToolBox.exe
2015-05-01 19:18 - 2015-05-01 19:18 - 00000574 _____ () C:\Users\flips712\Desktop\MiniToolBox.exe - Shortcut.lnk
2015-04-30 20:06 - 2015-04-30 20:06 - 00115200 _____ () C:\Users\flips712\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-30 02:39 - 2015-04-30 02:42 - 00000373 _____ () C:\Users\flips712\Desktop\NTREGOPT.lnk
2015-04-30 02:39 - 2015-04-30 02:42 - 00000360 _____ () C:\Users\flips712\Desktop\ERUNT.lnk
2015-04-30 02:39 - 2015-04-30 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERDNT
2015-04-30 02:39 - 2015-04-30 02:39 - 00000000 ____D () C:\Program Files\ERUNT
2015-04-30 02:36 - 2015-04-30 02:36 - 00031952 _____ () C:\Users\flips712\Desktop\README.TXT ERDNT.txt
2015-04-30 02:22 - 2015-04-30 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Erunt
2015-04-29 23:37 - 2015-05-07 00:15 - 00001936 _____ () C:\Windows\PFRO.log
2015-04-29 23:37 - 2015-05-02 16:14 - 00392000 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-29 23:35 - 2015-04-29 23:35 - 00000528 _____ () C:\Users\flips712\Desktop\OTC.exe - Shortcut.lnk
2015-04-29 23:01 - 2015-04-29 23:01 - 00000686 _____ () C:\Users\flips712\Desktop\CCleaner.exe - Shortcut.lnk
2015-04-29 23:00 - 2015-04-29 23:02 - 00000000 ____D () C:\Users\flips712\Downloads\CCleaner
2015-04-29 22:23 - 2015-04-29 22:24 - 16873560 _____ () C:\Users\flips712\Downloads\RogueKiller (1).exe
2015-04-29 22:16 - 2015-05-07 00:22 - 00021248 _____ () C:\Windows\system32\TPAPSLOG.LOG
2015-04-29 00:23 - 2015-04-29 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-04-29 00:23 - 2015-04-29 00:23 - 00000000 ____D () C:\Program Files\RogueKiller
2015-04-29 00:10 - 2015-04-29 00:12 - 18877984 _____ (Adlice Software ) C:\Users\flips712\Downloads\setup.exe
2015-04-29 00:05 - 2015-04-29 00:06 - 03836552 _____ (Adlice Software ) C:\Users\flips712\Downloads\Unconfirmed 28313.crdownload
2015-04-29 00:03 - 2015-04-28 06:04 - 02716174 _____ (Thisisu) C:\Users\flips712\Desktop\JRT_NEW.exe
2015-04-28 01:11 - 2015-04-29 02:01 - 00001256 _____ () C:\Users\flips712\Desktop\ComboFix .exe - Shortcut.lnk
2015-04-28 01:10 - 2015-04-28 01:10 - 00000629 _____ () C:\Users\flips712\Desktop\esetsmartinstaller_enu.exe - Shortcut.lnk
2015-04-28 01:09 - 2015-04-28 01:10 - 02347384 _____ (ESET) C:\Users\flips712\Downloads\esetsmartinstaller_enu.exe
2015-04-27 17:44 - 2015-04-27 17:44 - 02224640 _____ () C:\Users\flips712\Downloads\Unconfirmed 462049.crdownload
2015-04-26 13:14 - 2015-04-30 19:50 - 00001981 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-26 13:14 - 2015-04-26 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-26 12:57 - 2015-05-07 00:22 - 00000000 ____D () C:\Users\flips712\Downloads\FRST-OlderVersion
2015-04-26 12:42 - 2015-04-26 12:42 - 00000000 ____D () C:\Program Files\ESET
2015-04-26 12:28 - 2015-05-01 19:07 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-26 12:27 - 2015-04-26 13:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-26 11:02 - 2015-04-26 11:02 - 00321848 _____ (Malwarebytes Corporation) C:\Users\flips712\Downloads\mbam-clean-2.1.1.1001.exe
2015-04-26 11:02 - 2015-04-26 11:02 - 00000624 _____ () C:\Users\flips712\Desktop\mbam-clean-2.1.1.1001.exe - Shortcut.lnk
2015-04-26 10:57 - 2015-04-26 10:57 - 00791393 _____ (Lars Hederer ) C:\Users\flips712\Downloads\erunt-setup.exe
2015-04-26 10:57 - 2015-04-26 10:57 - 00000574 _____ () C:\Users\flips712\Desktop\erunt-setup.exe - Shortcut.lnk
2015-04-26 10:45 - 2015-04-26 10:45 - 00000564 _____ () C:\Users\flips712\Desktop\rkill (1).exe - Shortcut.lnk
2015-04-26 10:44 - 2015-04-26 10:44 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\flips712\Downloads\rkill (1).exe
2015-04-26 04:53 - 2015-04-26 04:53 - 00000577 _____ () C:\Users\flips712\Desktop\adwcleaner_4.202 - Shortcut.lnk
2015-04-26 04:53 - 2015-04-26 04:53 - 00000564 _____ () C:\Users\flips712\Desktop\HitmanPro - Shortcut.lnk
2015-04-26 04:53 - 2015-04-26 04:53 - 00000528 _____ () C:\Users\flips712\Desktop\JRT - Shortcut.lnk
2015-04-26 04:52 - 2015-04-26 04:52 - 00000577 _____ () C:\Users\flips712\Downloads\adwcleaner_4.202 - Shortcut.lnk
2015-04-26 04:45 - 2015-04-26 04:45 - 00002114 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-04-26 04:45 - 2015-04-26 04:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-04-26 04:22 - 2015-04-26 04:22 - 00001067 _____ () C:\Users\flips712\Desktop\Revo Uninstaller.lnk
2015-04-26 04:22 - 2015-04-26 04:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-26 03:13 - 2015-04-26 03:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\flips712\Downloads\revosetup.exe
2015-04-26 03:10 - 2015-04-26 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 02:56 - 2015-05-02 16:28 - 00038598 _____ () C:\Users\flips712\Downloads\Addition.txt
2015-04-25 17:40 - 2015-04-25 17:40 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-25 17:08 - 2015-04-26 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-25 17:08 - 2015-04-25 17:08 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 17:08 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-25 17:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-25 17:06 - 2015-04-25 17:06 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\flips712\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-25 11:04 - 2015-04-25 11:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-25 10:13 - 2015-04-25 10:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FLIPS712-PC-Windows-Vista-™-Business-(32-bit).dat
2015-04-25 10:13 - 2015-04-25 10:13 - 00000000 ____D () C:\RegBackup
2015-04-25 10:04 - 2015-05-03 13:54 - 00000000 ____D () C:\AdwCleaner
2015-04-25 10:01 - 2015-04-25 10:03 - 10109856 _____ (SurfRight B.V.) C:\Users\flips712\Downloads\HitmanPro.exe
2015-04-25 09:58 - 2015-04-25 09:58 - 02686590 _____ (Thisisu) C:\Users\flips712\Downloads\JRT.exe
2015-04-25 09:39 - 2015-05-01 19:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 09:38 - 2015-05-01 19:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-25 09:38 - 2015-04-25 09:38 - 16502728 _____ (Malwarebytes Corp.) C:\Users\flips712\Downloads\mbar-1.09.1.1004.exe
2015-04-21 17:34 - 2015-04-21 17:34 - 00000000 ____D () C:\Users\flips712\AppData\Roaming\Mozilla
2015-04-19 13:38 - 2015-04-19 13:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
2015-04-19 13:38 - 2015-04-19 13:38 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-04-19 13:34 - 2015-04-19 13:34 - 04171576 _____ (Broadcom Corporation.) C:\Users\flips712\Downloads\SetupBtwDownloadSE (1).exe
2015-04-19 13:34 - 2015-04-19 13:34 - 00347816 _____ (Microsoft Corporation) C:\Users\flips712\Downloads\MicrosoftFixit.Devices.Run (1).exe
2015-04-19 13:30 - 2015-04-19 13:30 - 04171576 _____ (Broadcom Corporation.) C:\Users\flips712\Downloads\SetupBtwDownloadSE.exe
2015-04-15 00:31 - 2015-04-15 00:31 - 00880208 _____ (Google Inc.) C:\Users\flips712\Downloads\GoogleVoiceAndVideoSetup.exe
2015-04-14 18:37 - 2015-03-09 19:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 18:37 - 2015-03-09 19:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 18:37 - 2015-03-09 18:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 18:37 - 2015-03-09 18:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 18:37 - 2015-03-09 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 18:37 - 2015-03-09 18:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 18:37 - 2015-03-09 18:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 18:37 - 2015-03-09 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 18:37 - 2015-03-09 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 18:37 - 2015-03-09 18:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 18:36 - 2015-03-09 19:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 18:36 - 2015-03-09 19:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 18:36 - 2015-03-09 18:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 18:36 - 2015-03-09 18:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-07 00:25 - 2012-06-15 04:54 - 04863637 _____ () C:\Users\Public\Documents\AccConnAdvanced.html
2015-05-07 00:23 - 2012-06-15 04:01 - 01674746 _____ () C:\Windows\WindowsUpdate.log
2015-05-07 00:20 - 2012-12-23 01:02 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 00:16 - 2007-07-27 02:37 - 00025269 _____ () C:\Windows\system32\PROCDB.INI
2015-05-07 00:15 - 2012-06-15 15:38 - 00000000 ____D () C:\Users\flips712
2015-05-07 00:15 - 2007-07-27 02:37 - 00000380 _____ () C:\Windows\system32\IPSCtrl.INI
2015-05-07 00:15 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 00:15 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 00:15 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-07 00:14 - 2006-11-02 09:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-07 00:13 - 2012-06-15 15:13 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2654977686-2257692886-1203025146-1002Core.job
2015-05-07 00:11 - 2012-12-23 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-07 00:11 - 2012-12-23 01:02 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 00:11 - 2012-07-06 12:18 - 00000368 _____ () C:\Windows\Tasks\WpsUpdateTask_flips712.job
2015-05-07 00:09 - 2012-06-15 15:13 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2654977686-2257692886-1203025146-1002UA.job
2015-05-06 03:56 - 2013-05-17 00:03 - 10485673 _____ () C:\Users\Public\Documents\Archive_AccConnAdvanced.html
2015-05-03 19:30 - 2013-06-28 16:08 - 00000000 ____D () C:\Users\flips712\Desktop\mov
2015-05-02 17:04 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-02 16:33 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2015-05-02 16:23 - 2006-11-02 06:33 - 00759570 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-02 16:07 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-02 16:06 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-01 20:31 - 2012-06-18 22:25 - 00000000 ____D () C:\Users\flips712\AppData\Local\Adobe
2015-05-01 20:17 - 2012-07-03 04:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-01 20:17 - 2012-07-03 04:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-01 20:08 - 2012-10-13 21:52 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-01 20:08 - 2012-10-13 21:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-01 20:05 - 2013-10-04 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-01 20:05 - 2013-10-04 09:10 - 00000000 ____D () C:\Users\flips712\Desktop\mbar
2015-04-30 02:40 - 2012-06-16 23:01 - 00000000 ____D () C:\Windows\erdnt
2015-04-30 02:17 - 2012-06-16 03:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-30 02:17 - 2012-06-16 03:12 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-04-29 23:36 - 2012-06-17 03:58 - 00042756 _____ () C:\Users\Public\Documents\AcSvc.dmp
2015-04-29 23:35 - 2012-06-16 23:02 - 00000000 ____D () C:\Qoobox
2015-04-29 23:14 - 2008-02-05 16:53 - 00000000 ____D () C:\Windows\Panther
2015-04-29 23:13 - 2012-09-03 22:16 - 00000000 ____D () C:\Windows\Minidump
2015-04-29 11:07 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2015-04-29 11:07 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2015-04-29 11:03 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-29 02:22 - 2006-11-02 06:22 - 41156608 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 38010880 _____ () C:\Windows\system32\config\COMPON~1.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-04-29 02:22 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-04-26 13:15 - 2012-06-15 15:13 - 00000000 ____D () C:\Users\flips712\AppData\Local\Google
2015-04-26 13:13 - 2012-06-15 04:55 - 00000000 ____D () C:\Program Files\Google
2015-04-26 12:23 - 2012-06-15 15:38 - 00002032 _____ () C:\Users\flips712\AppData\Local\d3d9caps.dat
2015-04-26 08:57 - 2012-06-15 05:02 - 00001732 _____ () C:\tvtpktfilter.dat
2015-04-26 08:57 - 2012-06-15 04:29 - 00000000 ____D () C:\SWSHARE
2015-04-26 04:48 - 2013-05-21 22:47 - 00008304 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2015-04-26 04:45 - 2012-06-15 06:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-04-26 04:28 - 2012-06-15 15:38 - 00000959 _____ () C:\Users\flips712\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-25 17:08 - 2013-10-04 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 13:35 - 2015-03-19 18:32 - 05177344 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2015-04-19 13:35 - 2015-03-19 18:32 - 00262144 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2015-04-19 13:35 - 2015-03-19 18:32 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
 
==================== Files in the root of some directories =======
 
2012-06-15 15:38 - 2015-04-26 12:23 - 0002032 _____ () C:\Users\flips712\AppData\Local\d3d9caps.dat
2012-06-18 02:04 - 2013-09-08 09:46 - 0038400 _____ () C:\Users\flips712\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 22:47 - 2015-04-26 04:48 - 0008304 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2013-12-27 14:58 - 2013-12-27 14:58 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some content of TEMP:
====================
C:\Users\flips712\AppData\Local\temp\dllnt_dump.dll
C:\Users\flips712\AppData\Local\temp\Quarantine.exe
C:\Users\flips712\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-07 00:25
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 08 May 2015 - 07:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {90222687-F593-4738-B738-FBEE9C7B26DF} -  No File
S4 ISPwdSvc; "C:\Program Files\Norton Internet Security\isPwdSvc.exe" [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {0EE73702-955C-4967-BD00-EE0334CCAE46} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {CFEE9CA4-6AE0-4874-A4AA-807398A8235B} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:96D0C06F
C:\Program Files\Pro PC Cleaner

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 flips712

flips712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 08 May 2015 - 07:00 PM

Hello,

 

Thank you for your time and help. It's greatly appreciated. I followed your directions. Here is the log you requested below. The computer seems to be running ok since running the tool and restarting it. Please let me know if I need to do anything further. Thanks!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by flips712 at 2015-05-08 19:46:37 Run:1
Running from C:\Users\flips712\Downloads
Loaded Profiles: flips712 (Available profiles: flips712)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {90222687-F593-4738-B738-FBEE9C7B26DF} -  No File
S4 ISPwdSvc; "C:\Program Files\Norton Internet Security\isPwdSvc.exe" [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {0EE73702-955C-4967-BD00-EE0334CCAE46} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {CFEE9CA4-6AE0-4874-A4AA-807398A8235B} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:96D0C06F
C:\Program Files\Pro PC Cleaner
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2654977686-2257692886-1203025146-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} => value deleted successfully.
HKCR\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF} => Key not found. 
ISPwdSvc => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EE73702-955C-4967-BD00-EE0334CCAE46}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EE73702-955C-4967-BD00-EE0334CCAE46}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFEE9CA4-6AE0-4874-A4AA-807398A8235B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFEE9CA4-6AE0-4874-A4AA-807398A8235B}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":96D0C06F" ADS removed successfully.
"C:\Program Files\Pro PC Cleaner" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:46:59 ====
 
Thank you,
Pauline 

Edited by flips712, 08 May 2015 - 09:04 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 09 May 2015 - 06:12 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 flips712

flips712
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 09 May 2015 - 10:06 AM

Thanks so much for your help Nasdaq!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 10 May 2015 - 07:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users