Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what it is - work computer, also affecting software needed for work !!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Angela12345

Angela12345

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:22 AM

Posted 13 October 2015 - 05:42 PM

I'm not sure what is going on with this computer.  It's running slowly and doing things that are not normal for it.  For example, the software I use for work is giving me login errors, I am gettting an error with Outlook saying my mailbox has been temporarily moved.  Internet Explorer is running slowly.  Chrome has crashed several times.  My computer restarted itself.  Etc, etc. 

I ran Malwarebytes and it didn't find anything, so I figured someone with a lot more knowledge than me should probably look it over before I go too far.  One thing that may be of note: its a 143GB hard drive with 19.5GB of free space.

Thank you in advance for any help you can give !!!   : )

PS I have tried to upload the addition.txt file, but I cannot tell if it uploaded ?  I tried twice, so if its uploaded twice, I'm sorry !



 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-10-2015
Ran by Art (administrator) on ARTHOME (13-10-2015 18:19:16)
Running from C:\Documents and Settings\Art\Desktop
Loaded Profiles: Art (Available Profiles: Art & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Ellie Mae, Inc.) C:\Program Files\Ellie Mae\SCAppMgr\SCAppMgr.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\ZuneBusEnum.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(LENOVO) C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AOL LLC) C:\Program Files\AIM\aim.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-14] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LCONTROL] => C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-20] (ATK0101)
HKLM\...\Run: [LFKA] => C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-15] (Lenovo)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [425984 2008-10-27] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [143360 2008-10-27] (Lenovo )
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-09-15] (ALWIL Software)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [158448 2010-01-07] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [mumservice] => C:\Program Files\Motorola\Software Update\mumservice.exe [1066304 2011-06-03] (Motorola)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06] ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-08-08] (Lenovo Group Limited)
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [Aim] => C:\Program Files\AIM\aim.exe [3634024 2009-09-16] (AOL LLC)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2015-02-13]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * lsdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187
Tcpip\..\Interfaces\{7832D721-45CF-499E-8F22-2C160CC2BC29}: [DhcpNameServer] 207.69.188.186 207.69.188.187

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> DefaultScope {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-15] (Oracle Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-13] (Lenovo Group Limited)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-15] (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254368332281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://allregs.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF NetworkProxy: "no_proxies_on", "*.local;192.168.*.*"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-03-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2010-09-25] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin HKU\S-1-5-21-421417644-672489333-1106248786-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Art\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-05-07] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010-06-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-08-29] (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-30]
FF Extension: Add to Search Bar - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2012-04-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-01]
FF HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009-09-30]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-10-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-06-19] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [90112 2008-10-27] (Lenovo ) [File not signed]
R2 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [217088 2008-10-27] (Lenovo ) [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-09-15] (ALWIL Software)
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed]
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-09-15] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-09-15] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-09-15] (ALWIL Software)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel® Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2013-03-15] (Oracle Corporation)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-27] (Lavasoft Limited)
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-20] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-10-26] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel® Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [905216 2008-08-20] (Intel® Corporation) [File not signed]
R2 SCAppMgr; C:\Program Files\Ellie Mae\SCAppMgr\SCAppMgr.exe [59392 2013-05-26] (Ellie Mae, Inc.) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-14] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-09] (Lenovo Group Limited) [File not signed]
R2 ZuneBusEnum; c:\WINDOWS\system32\ZuneBusEnum.exe [58592 2010-01-07] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-09-15] (ALWIL Software)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2008-10-24] (IBM Corp.) [File not signed]
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-09-15] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-09-15] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23152 2009-09-15] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-09-15] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [52368 2009-09-15] (ALWIL Software)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-10-24] () [File not signed]
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 motport; C:\WINDOWS\System32\DRIVERS\motport.sys [24064 2011-03-31] (Motorola)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\A0101X32.sys [5760 2007-08-24] ()
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3632384 2008-08-29] (Intel Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-09-30] (Microsoft Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [14904 2010-07-07] (Secunia)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-04] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-10-26] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-30] () [File not signed]
R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [40832 2010-01-07] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Art\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 18:19 - 2015-10-13 18:19 - 00029807 _____ C:\Documents and Settings\Art\Desktop\FRST.txt
2015-10-13 18:15 - 2015-10-13 18:15 - 01699840 _____ (Farbar) C:\Documents and Settings\Art\Desktop\FRST.exe
2015-10-03 16:53 - 2015-10-05 13:08 - 00000932 _____ C:\Documents and Settings\Art\Desktop\Snowshoe - Marcella.txt
2015-10-03 15:04 - 2015-10-06 19:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-29 17:35 - 2015-09-29 17:35 - 00040924 __RSH C:\Documents and Settings\All Users\ntuser.pol
2015-09-29 17:33 - 2015-09-29 17:33 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2015-09-29 17:26 - 2015-09-29 17:26 - 00098304 _____ C:\WINDOWS\Minidump\Mini092915-02.dmp
2015-09-29 15:03 - 2015-09-29 15:03 - 00098304 _____ C:\WINDOWS\Minidump\Mini092915-01.dmp
2015-09-23 10:09 - 2015-09-23 10:09 - 00003115 _____ C:\Documents and Settings\Art\Desktop\Encompass signature source.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 18:19 - 2015-02-05 17:15 - 00000000 ____D C:\Documents and Settings\Art\Local Settings\temp
2015-10-13 18:19 - 2015-02-05 15:44 - 00000000 ____D C:\FRST
2015-10-13 18:15 - 2011-11-02 16:03 - 00000000 ____D C:\Documents and Settings\Art\My Documents\Outlook Files
2015-10-13 18:12 - 2012-11-08 11:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-13 17:58 - 2009-09-30 17:56 - 00000250 _____ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2015-10-13 17:50 - 2015-05-31 12:40 - 00000606 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-421417644-672489333-1106248786-1005.job
2015-10-13 17:44 - 2015-02-05 18:33 - 00116288 _____ C:\WINDOWS\system32\TPAPSLOG.LOG
2015-10-13 17:39 - 2014-02-06 15:56 - 00000510 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-421417644-672489333-1106248786-1005.job
2015-10-13 17:34 - 2010-10-10 13:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-13 16:38 - 2013-11-25 14:19 - 01040076 _____ C:\WINDOWS\setupapi.log
2015-10-13 16:35 - 2015-02-13 09:41 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-13 16:35 - 2011-11-07 12:02 - 00000000 ____D C:\temp
2015-10-13 16:35 - 2010-10-10 13:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 16:35 - 2009-09-30 17:41 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job
2015-10-13 16:35 - 2006-04-30 03:20 - 00032366 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-13 16:35 - 2006-04-30 02:56 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-13 16:34 - 2013-11-15 13:09 - 01178331 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-13 16:33 - 2011-04-19 17:56 - 00000064 _____ C:\WINDOWS\system32\rp_stats.dat
2015-10-13 16:33 - 2011-04-19 17:56 - 00000044 _____ C:\WINDOWS\system32\rp_rules.dat
2015-10-13 16:32 - 2013-11-15 13:09 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-10-13 16:32 - 2013-11-15 13:09 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-13 16:32 - 2012-08-07 13:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-13 16:32 - 2011-01-12 20:34 - 00084820 _____ C:\aaw7boot.log
2015-10-13 16:32 - 2009-09-30 23:25 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-10-13 16:32 - 2009-09-30 17:57 - 00008320 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak
2015-10-13 16:32 - 2006-04-30 03:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-13 16:28 - 2011-11-02 15:46 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-10-13 16:27 - 2009-09-30 17:56 - 00000278 ___SH C:\Documents and Settings\Art\ntuser.ini
2015-10-13 16:27 - 2009-09-30 17:56 - 00000000 ____D C:\Documents and Settings\Art
2015-10-13 15:39 - 2012-06-15 15:39 - 00000354 _____ C:\WINDOWS\Tasks\MotoHelper Routing.job
2015-10-13 15:34 - 2009-10-01 09:57 - 00000513 _____ C:\WINDOWS\3DHOME.INI
2015-10-13 15:34 - 2009-10-01 09:55 - 00000000 ____D C:\3dhmedlx
2015-10-13 14:30 - 2011-09-14 10:46 - 00000000 ____D C:\Documents and Settings\Art\Desktop\ANGELA - WORK
2015-10-05 14:45 - 2006-04-29 20:25 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-05 13:13 - 2015-02-07 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-10-05 13:13 - 2009-09-30 22:43 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-10-05 12:29 - 2011-11-02 15:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-10-05 12:29 - 2006-04-29 20:04 - 00663858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-05 12:14 - 2013-07-16 17:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-03 18:16 - 2015-02-07 14:18 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-03 18:15 - 2015-06-19 13:03 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-03 18:15 - 2015-02-07 14:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-03 18:15 - 2015-02-07 14:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-03 17:50 - 2012-01-31 17:29 - 00000000 ____D C:\Documents and Settings\Art\Desktop\ANGELA - PERSONAL
2015-09-29 17:33 - 2015-02-13 10:09 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-09-29 17:33 - 2009-09-30 22:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2015-09-29 17:26 - 2009-12-19 00:00 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-29 09:35 - 2011-08-29 08:58 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-09-24 20:33 - 2011-03-18 19:34 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-09-24 11:00 - 2011-11-10 17:38 - 00056560 _____ C:\Documents and Settings\Art\Application Data\GDIPFONTCACHEV1.DAT
2015-09-23 09:14 - 2012-11-08 11:24 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-23 09:14 - 2011-08-16 23:11 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2009-12-27 18:03 - 2012-06-12 19:02 - 0005120 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-22 14:09 - 2011-09-22 14:09 - 0000126 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Art\Local Settings\temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\jre-8u40-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\jre-8u45-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\MotoHelper_2.0.53_Driver_5.2.0.exe
C:\Documents and Settings\Art\Local Settings\temp\Motorola_Software_Update_01.16.20_PROD_Only.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 18 October 2015 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/593321 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:22 AM

Posted 20 October 2015 - 02:52 PM

Yes I still need help.

I do not have a Windows CD available
 
See below for new log
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by Art (administrator) on ARTHOME (20-10-2015 15:39:04)
Running from C:\Documents and Settings\Art\Desktop
Loaded Profiles: Art (Available Profiles: Art & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Ellie Mae, Inc.) C:\Program Files\Ellie Mae\SCAppMgr\SCAppMgr.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\ZuneBusEnum.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(LENOVO) C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AOL LLC) C:\Program Files\AIM\aim.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
(Zoom Video Communications, Inc. and RingCentral Inc.) C:\Documents and Settings\Art\Application Data\RingCentralMeetings\bin\RingCentralMeetings.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Zoom Video Communications, Inc. and RingCentral Inc.) C:\Documents and Settings\Art\Application Data\RingCentralMeetings\bin\RingCentralMeetings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-14] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] => C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LCONTROL] => C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-20] (ATK0101)
HKLM\...\Run: [LFKA] => C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-15] (Lenovo)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [blog] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [425984 2008-10-27] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [143360 2008-10-27] (Lenovo )
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-09-15] (ALWIL Software)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [158448 2010-01-07] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [mumservice] => C:\Program Files\Motorola\Software Update\mumservice.exe [1066304 2011-06-03] (Motorola)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
Winlogon\Notify\ACNotify:
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06] ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-08-08] (Lenovo Group Limited)
HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Run: [Aim] => C:\Program Files\AIM\aim.exe [3634024 2009-09-16] (AOL LLC)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2015-02-13]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * lsdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187
Tcpip\..\Interfaces\{7832D721-45CF-499E-8F22-2C160CC2BC29}: [DhcpNameServer] 207.69.188.186 207.69.188.187

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-421417644-672489333-1106248786-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> DefaultScope {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> {EBA87795-C526-49F7-9063-BE97E64D3B9F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-15] (Oracle Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-13] (Lenovo Group Limited)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-15] (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-421417644-672489333-1106248786-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254368332281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://allregs.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF NetworkProxy: "no_proxies_on", "*.local;192.168.*.*"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-19] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-03-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2010-09-25] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin HKU\S-1-5-21-421417644-672489333-1106248786-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Art\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-05-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-421417644-672489333-1106248786-1005: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Documents and Settings\Art\Application Data\RingCentralMeetings\bin\nprcmsplugin.dll [2015-05-18] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010-06-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-08-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-08-29] (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-30] [not signed]
FF Extension: Add to Search Bar - C:\Documents and Settings\Art\Application Data\Mozilla\Firefox\Profiles\2nvmnti6.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2012-04-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-01] [not signed]
FF HKU\S-1-5-21-421417644-672489333-1106248786-1005\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009-09-30] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-10-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Art\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-06-19] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [90112 2008-10-27] (Lenovo ) [File not signed]
R2 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [217088 2008-10-27] (Lenovo ) [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-09-15] (ALWIL Software)
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () [File not signed]
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-09-15] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-09-15] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-09-15] (ALWIL Software)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel® Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2013-03-15] (Oracle Corporation)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-27] (Lavasoft Limited)
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-20] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-10-26] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel® Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [905216 2008-08-20] (Intel® Corporation) [File not signed]
R2 SCAppMgr; C:\Program Files\Ellie Mae\SCAppMgr\SCAppMgr.exe [59392 2013-05-26] (Ellie Mae, Inc.) [File not signed]
R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-14] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-14] (Lenovo Group Limited) [File not signed]
R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-09] (Lenovo Group Limited) [File not signed]
R2 ZuneBusEnum; c:\WINDOWS\system32\ZuneBusEnum.exe [58592 2010-01-07] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-09-15] (ALWIL Software)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2008-10-24] (IBM Corp.) [File not signed]
R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-09-15] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-09-15] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23152 2009-09-15] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-09-15] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [52368 2009-09-15] (ALWIL Software)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-10-24] () [File not signed]
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 motport; C:\WINDOWS\System32\DRIVERS\motport.sys [24064 2011-03-31] (Motorola)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\A0101X32.sys [5760 2007-08-24] ()
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3632384 2008-08-29] (Intel Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-09-30] (Microsoft Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [14904 2010-07-07] (Secunia)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-04] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-10-26] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-30] () [File not signed]
R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [40832 2010-01-07] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Art\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-20 15:01 - 2015-10-20 15:01 - 00000000 ____D C:\Documents and Settings\Art\Desktop\FRST-OlderVersion
2015-10-15 10:33 - 2015-10-15 10:33 - 00002017 _____ C:\Documents and Settings\Art\Desktop\RingCentral Meetings.lnk
2015-10-15 10:33 - 2015-10-15 10:33 - 00000000 ____D C:\Documents and Settings\Art\Start Menu\Programs\RingCentral Meetings
2015-10-15 10:32 - 2015-10-18 16:04 - 00000000 ____D C:\Documents and Settings\Art\Application Data\RingCentralMeetings
2015-10-14 18:26 - 2015-10-15 10:15 - 00000428 _____ C:\Documents and Settings\Art\Desktop\Subaru Car Quote.txt
2015-10-14 15:39 - 2015-10-19 21:34 - 00010400 _____ C:\WINDOWS\system32\ICAutoUpdate.log
2015-10-13 18:20 - 2015-10-13 18:27 - 00034182 _____ C:\Documents and Settings\Art\Desktop\Addition.txt
2015-10-13 18:19 - 2015-10-20 15:39 - 00033029 _____ C:\Documents and Settings\Art\Desktop\FRST.txt
2015-10-13 18:15 - 2015-10-20 15:11 - 01700864 _____ (Farbar) C:\Documents and Settings\Art\Desktop\FRST.exe
2015-10-03 16:53 - 2015-10-05 13:08 - 00000932 _____ C:\Documents and Settings\Art\Desktop\Snowshoe - Marcella.txt
2015-10-03 15:04 - 2015-10-16 09:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-29 17:35 - 2015-09-29 17:35 - 00040924 __RSH C:\Documents and Settings\All Users\ntuser.pol
2015-09-29 17:33 - 2015-09-29 17:33 - 00000761 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
2015-09-29 17:26 - 2015-09-29 17:26 - 00098304 _____ C:\WINDOWS\Minidump\Mini092915-02.dmp
2015-09-29 15:03 - 2015-09-29 15:03 - 00098304 _____ C:\WINDOWS\Minidump\Mini092915-01.dmp
2015-09-23 10:09 - 2015-09-23 10:09 - 00003115 _____ C:\Documents and Settings\Art\Desktop\Encompass signature source.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-20 15:40 - 2015-02-05 17:15 - 00000000 ____D C:\Documents and Settings\Art\Local Settings\temp
2015-10-20 15:39 - 2015-02-05 15:44 - 00000000 ____D C:\FRST
2015-10-20 15:39 - 2014-02-06 15:56 - 00000510 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-421417644-672489333-1106248786-1005.job
2015-10-20 15:39 - 2012-06-15 15:39 - 00000354 _____ C:\WINDOWS\Tasks\MotoHelper Routing.job
2015-10-20 15:35 - 2011-11-02 16:03 - 00000000 ____D C:\Documents and Settings\Art\My Documents\Outlook Files
2015-10-20 15:34 - 2010-10-10 13:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-20 15:12 - 2012-11-08 11:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-20 14:58 - 2009-09-30 17:56 - 00000250 _____ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2015-10-20 14:05 - 2013-11-15 13:09 - 01434891 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-20 13:50 - 2015-05-31 12:40 - 00000606 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-421417644-672489333-1106248786-1005.job
2015-10-20 13:39 - 2006-04-30 03:20 - 00032512 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-19 21:34 - 2010-10-10 13:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-19 18:13 - 2012-11-08 11:24 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-19 18:13 - 2011-08-16 23:11 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-18 23:03 - 2015-02-05 18:33 - 00116608 _____ C:\WINDOWS\system32\TPAPSLOG.LOG
2015-10-18 18:24 - 2009-10-01 09:55 - 00000000 ____D C:\3dhmedlx
2015-10-18 18:20 - 2009-10-01 09:57 - 00000491 _____ C:\WINDOWS\3DHOME.INI
2015-10-18 18:05 - 2013-11-25 14:19 - 01044650 _____ C:\WINDOWS\setupapi.log
2015-10-16 16:09 - 2012-01-31 17:29 - 00000000 ____D C:\Documents and Settings\Art\Desktop\ANGELA - PERSONAL
2015-10-16 09:40 - 2011-08-29 08:58 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-15 11:57 - 2009-09-30 23:25 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-10-13 16:35 - 2015-02-13 09:41 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-13 16:35 - 2011-11-07 12:02 - 00000000 ____D C:\temp
2015-10-13 16:35 - 2009-09-30 17:41 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job
2015-10-13 16:35 - 2006-04-30 02:56 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-13 16:33 - 2011-04-19 17:56 - 00000064 _____ C:\WINDOWS\system32\rp_stats.dat
2015-10-13 16:33 - 2011-04-19 17:56 - 00000044 _____ C:\WINDOWS\system32\rp_rules.dat
2015-10-13 16:32 - 2013-11-15 13:09 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-10-13 16:32 - 2013-11-15 13:09 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-13 16:32 - 2012-08-07 13:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-13 16:32 - 2011-01-12 20:34 - 00084820 _____ C:\aaw7boot.log
2015-10-13 16:32 - 2009-09-30 17:57 - 00008320 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak
2015-10-13 16:32 - 2006-04-30 03:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-13 16:28 - 2011-11-02 15:46 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-10-13 16:27 - 2009-09-30 17:56 - 00000278 ___SH C:\Documents and Settings\Art\ntuser.ini
2015-10-13 16:27 - 2009-09-30 17:56 - 00000000 ____D C:\Documents and Settings\Art
2015-10-13 14:30 - 2011-09-14 10:46 - 00000000 ____D C:\Documents and Settings\Art\Desktop\ANGELA - WORK
2015-10-05 14:45 - 2006-04-29 20:25 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-05 13:13 - 2015-02-07 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-10-05 13:13 - 2009-09-30 22:43 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-10-05 12:29 - 2011-11-02 15:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-10-05 12:29 - 2006-04-29 20:04 - 00663858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-05 12:14 - 2013-07-16 17:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-03 18:16 - 2015-02-07 14:18 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-03 18:15 - 2015-06-19 13:03 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-03 18:15 - 2015-02-07 14:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-03 18:15 - 2015-02-07 14:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 17:33 - 2015-02-13 10:09 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-09-29 17:33 - 2009-09-30 22:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2015-09-29 17:26 - 2009-12-19 00:00 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-24 20:33 - 2011-03-18 19:34 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-09-24 11:00 - 2011-11-10 17:38 - 00056560 _____ C:\Documents and Settings\Art\Application Data\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2009-12-27 18:03 - 2012-06-12 19:02 - 0005120 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-22 14:09 - 2011-09-22 14:09 - 0000126 ____N () C:\Documents and Settings\Art\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Art\Local Settings\temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\jre-8u40-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\jre-8u45-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Art\Local Settings\temp\MotoHelper_2.0.53_Driver_5.2.0.exe
C:\Documents and Settings\Art\Local Settings\temp\Motorola_Software_Update_01.16.20_PROD_Only.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 21 October 2015 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
S3 catchme; \??\C:\DOCUME~1\Art\LOCALS~1\Temp\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

===

How is the computer running now?

#5 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:22 AM

Posted 21 October 2015 - 12:53 PM

Hi Nasdaq, Thank you for your help !!  I have completed all of the steps above.  See below for the log.

The only thing I did not do was ...
Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.

The software we use for work is web based in IE, so I didn't want to make any changes to the settings that would/could affect it.  I have taken a screenshot of the IE settings of the full settings list.  I can attach or paste it if you want to look it over and see if there are any specific settings I should change ?

The computer does seem to be running much better.  I will know for sure once I work on it for a while.   :)

I'm thrilled and amazed that it doesn't look like I had any malware/spyware/trojans/viruses ?  Thanks !



Fix result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by Art (2015-10-21 12:11:04) Run:3
Running from C:\Documents and Settings\Art\Desktop
Loaded Profiles: Art (Available Profiles: Art & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
S3 catchme; \??\C:\DOCUME~1\Art\LOCALS~1\Temp\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Art\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

End
*****************

Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll => not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
catchme => service removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}" => key removed successfully.
"HKU\S-1-5-21-421417644-672489333-1106248786-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}" => key removed successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully..
EmptyTemp: => 1.8 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:18:19 ====
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 22 October 2015 - 08:14 AM

If IE works the way you want then do not change and of the settings.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 28 October 2015 - 10:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users