Jump to content

tresslers

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by tresslers

  1. Arghhh!!! It found 11 threats! C:\Documents and Settings\User\My Documents\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Documents and Settings\User\My Documents\Downloads\FoxitReader620.0429_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application C:\Program Files\WhiteSmokeTranslator\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted application C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026147.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026148.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026186.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026189.exe probably a variant of Win32/Adware.180Solutions application C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026584.dll a variant of Win32/Adware.HotBar.S application C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026588.EXE Win32/AutoRun.FlyStudio.H worm C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026597.dll a variant of Win32/Adware.OneStep.BQ application C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026664.exe a variant of Win32/Adware.OneStep.BE application
  2. There was an error when trying to uninstall White Smoke Translater. It won't uninstall. Error: Error Launching CheckLockedWsDictFiles.exe Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 5/12/2014Scan Time: 3:23:51 PMLogfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.05.12.08Rootkit Database: v2014.03.27.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: User Scan Type: Threat ScanResult: CompletedObjects Scanned: 290284Time Elapsed: 8 min, 52 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4Scan saved at 3:34:44 PM, on 5/12/2014Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exeC:\Program Files\Lenovo\ATK Hotkey\LFKAS.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Coupons\CouponPrinterService.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exeC:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exeC:\Program Files\Lenovo\ATK Hotkey\LFKA.exeC:\WINDOWS\system32\rundll32.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TeamViewer\Version9\TeamViewer_Service.exec:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\WINDOWS\System32\TPHDEXLG.exeC:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exec:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXEc:\program files\lenovo\system update\suservice.exeC:\Program Files\TeamViewer\Version9\TeamViewer.exeC:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TeamViewer\Version9\tv_w32.exeC:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\Zoom\TpScrex.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exeC:\WINDOWS\vsnp2uvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\WINDOWS\system32\TpShocks.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exeC:\Program Files\ControlCenter4\BrCtrlCntr.exeC:\Program Files\ControlCenter4\BrCcUxSys.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Real\RealPlayer\update\realsched.exeC:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exeC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Documents and Settings\User\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.2.0.38R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.2.0.38R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dllO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /rO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silentO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exeO23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files\Coupons\CouponPrinterService.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exeO23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXEO23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exeO23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exeO23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exeO23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exeO23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exeO23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exeO23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exeO23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exeO23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exeO23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeO23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe --End of file - 13707 bytes Also, don't know if this was just a fluke or not but the fist time I clicked on the Hijak Link you posted, I went to a page that told met that the website was offline and to check for a cached copay of the website. I went back and clicked your link again and it was fine. The internet seems to be slow and websites a couple times are now saying that I am not connected to the internet when I definitely am.
  3. 2007 Microsoft Office system Access Help Adobe Flash Player 10 Plugin Adobe Flash Player 13 ActiveX Adobe Reader 8.2.0 Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Brother MFL-Pro Suite HL-2280DW Business Contact Manager for Outlook 2007 SP2 Camera Center Client Security - Password Manager Conexant HD Audio DirectXInstallService Drag-to-Disc Foxit Cloud Foxit Reader Google Chrome Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP Help Center Heroes of Might and Magic® III Complete Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Integrated Camera Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless WiFi Software InterVideo Register Manager InterVideo WinDVD iTunes Java 6 Update 11 Junk Mail filter update Lenovo Care Lenovo Care Supplement Lenovo Registration Lenovo System Toolbox Lenovo_ATK_Package Malwarebytes Anti-Malware version 2.0.1.1004 Message Center Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mobile Broadband Connect MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser Norton Security Suite On Screen Display Online Data Backup OpenOffice 4.0.1 OrderTrax Presentation Director RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer REALTEK GbE & FE Ethernet PCI-E NIC Driver RealUpgrade 1.1 Rescue and Recovery RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 Roxio Activation Module Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Creator Small Business Edition Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2909210) Security Update for Windows Internet Explorer 8 (KB2909921) Security Update for Windows Internet Explorer 8 (KB2925418) Security Update for Windows Internet Explorer 8 (KB2936068) Security Update for Windows Internet Explorer 8 (KB2964358) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834903-v2) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB2916036) Security Update for Windows XP (KB2922229) Security Update for Windows XP (KB2929961) Security Update for Windows XP (KB2930275) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI Skype™ 6.3 Sonic CinePlayer Decoder Pack Sonic Icons for Lenovo swMSM System Update TeamViewer 9 ThinkPad EasyEject Utility ThinkPad FullScreen Magnifier ThinkPad Hotkey Features Setup ThinkPad PC Card Power Policy ThinkPad Power Management Driver for SL Series ThinkPad Power Manager ThinkPad UltraNav Driver ThinkPad UltraNav Utility ThinkVantage Active Protection System ThinkVantage Fingerprint Software 5.8 ThinkVantage Technologies Welcome Message Un-Rar for Windows 9.22beta Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2904266) Update for Windows XP (KB2934207) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Verizon Wireless BroadbandAccess Self Activation Wallpapers WebFldrs XP WhiteSmokeTranslator Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Connect Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation XML Paper Specification Shared Components Pack 1.0 XP Themes
  4. ComboFix 14-05-07.03 - User 05/09/2014 13:22:20.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1911 [GMT -6:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\Thumbs.db c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-04-09 to 2014-05-09 ))))))))))))))))))))))))))))))) . . 2014-05-09 13:29 . 2014-05-09 13:29 -------- d-----w- c:\windows\ERUNT 2014-05-09 13:15 . 2010-08-30 14:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-05-09 13:12 . 2014-05-09 13:17 -------- d-----w- C:\AdwCleaner 2014-05-08 21:38 . 2014-05-08 21:41 -------- d-----w- C:\FRST 2014-05-08 12:30 . 2014-05-09 19:18 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2014-05-08 12:29 . 2014-04-03 15:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-08 12:29 . 2014-04-03 15:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-08 11:54 . 2014-05-08 11:54 -------- d-----w- c:\windows\system32\Client Security Solution 2014-04-22 20:39 . 2014-04-22 20:39 -------- d-----w- c:\documents and settings\dub_cm_auto 2014-04-21 01:02 . 2013-10-17 15:32 19448 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-28 21:34 . 2012-07-13 15:40 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-28 21:34 . 2012-07-13 15:40 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-19 23:12 . 2014-03-19 23:12 469488 ----a-w- c:\windows\system32\cpnprt2wswin32.cid 2014-03-18 14:45 . 2014-03-18 14:45 465280 ----a-w- c:\windows\system32\cpnprt2win32.cid 2014-03-06 17:59 . 2008-07-21 22:50 920064 ----a-w- c:\windows\system32\wininet.dll 2014-03-06 17:59 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll 2014-03-06 17:59 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-03-06 17:59 . 2008-07-21 22:49 18944 ------w- c:\windows\system32\corpol.dll 2014-03-06 00:46 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec 2014-03-04 04:18 . 2014-04-03 16:14 936152 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symefa.sys 2014-03-03 04:54 . 2014-03-03 04:54 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2014-02-26 01:59 . 2014-03-28 02:07 13312 ------w- c:\windows\system32\xp_eos.exe 2014-02-18 01:32 . 2014-04-03 16:14 423256 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdi.sys 2014-02-18 01:32 . 2014-04-03 16:14 384728 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdiv.sys 2014-02-18 01:32 . 2014-04-03 16:14 447704 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symnets.sys 2014-02-13 01:59 . 2014-04-03 16:14 664280 ----a-w- c:\windows\system32\drivers\N360\1502000.026\srtsp.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 150040] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 136600] "LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824] "LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-10-26 335872] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-10-26 208896] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-06-25 00:31 95496 ------w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:BrotherNetwork Scanner . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1502000.026\symds.sys [4/3/2014 10:14 AM 367704] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1502000.026\symefa.sys [4/3/2014 10:14 AM 936152] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 5:21 PM 19496] R1 BHDrvx86;BHDrvx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [4/15/2014 2:22 PM 1098968] R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360\1502000.026\ccsetx86.sys [4/3/2014 10:13 AM 127064] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1502000.026\ironx86.sys [4/3/2014 10:13 AM 206936] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 6:50 PM 46144] R2 CouponPrinterService;Coupon Printer Service;c:\program files\Coupons\CouponPrinterService.exe [2/13/2014 4:56 PM 152560] R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [3/25/2014 5:48 AM 239680] R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [8/20/2009 3:39 PM 208896] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/8/2014 6:29 AM 1809720] R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/8/2014 6:29 AM 857912] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\21.2.0.38\n360.exe [4/3/2014 10:13 AM 265040] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/20/2009 3:42 PM 94208] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 6:07 PM 12560] R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [3/3/2014 12:38 PM 4972864] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 4:34 PM 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 6:50 PM 360448] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/2/2014 10:55 PM 108120] R3 IDSxpx86;IDSxpx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSXpx86.sys [5/8/2014 8:19 PM 383120] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/20/2009 3:26 PM 110080] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/8/2014 6:29 AM 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [5/8/2014 6:30 AM 107736] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 9:18 AM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 9:16 AM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 9:15 AM 166384] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/1/2013 1:11 PM 161384] S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [3/21/2014 11:10 AM 266240] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 9:18 AM 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 9:15 AM 1120752] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-29 23:12 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 21:35] . 2014-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01] . 2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01] . 2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job - c:\windows\system32\xp_eos.exe [2014-03-28 01:59] . 2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - c:\windows\system32\xp_eos.exe [2014-03-28 01:59] . 2012-03-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] . 2014-05-09 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-20 16:48] . 2014-05-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13] . 2014-04-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13] . 2014-05-09 c:\windows\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 208.67.222.123 208.67.220.123 75.75.76.76 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-05-09 13:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.2.0.38\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360\1502000.026\SYMTDI.SYS" "TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.2.0.38" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1084) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\qlbase.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\Lenovo\HOTKEY\tphklock.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\vti.dll c:\windows\system32\igfxdev.dll c:\program files\Lenovo\HOTKEY\notifyf2.dll . - - - - - - - > 'lsass.exe'(1140) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll . Completion time: 2014-05-09 13:31:30 ComboFix-quarantined-files.txt 2014-05-09 19:31 ComboFix2.txt 2014-05-09 18:13 . Pre-Run: 111,356,891,136 bytes free Post-Run: 111,344,742,400 bytes free . - - End Of File - - C68CC9E260CD169E27033D2E33FDC77D ECA0DF36C8CD373AF8F175D564247B9A All seems to be running normal at this point
  5. ComboFix 14-05-07.03 - User 05/09/2014 11:58:56.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2025 [GMT -6:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\0ec271b4b9a95533052afe00bebe9792_c c:\windows\system32\d6e27ed1.exe c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_AVPsys . . ((((((((((((((((((((((((( Files Created from 2014-04-09 to 2014-05-09 ))))))))))))))))))))))))))))))) . . 2014-05-09 13:29 . 2014-05-09 13:29 -------- d-----w- c:\windows\ERUNT 2014-05-09 13:15 . 2010-08-30 14:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-05-09 13:12 . 2014-05-09 13:17 -------- d-----w- C:\AdwCleaner 2014-05-08 21:38 . 2014-05-08 21:41 -------- d-----w- C:\FRST 2014-05-08 12:30 . 2014-05-09 17:46 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2014-05-08 12:29 . 2014-04-03 15:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-08 12:29 . 2014-04-03 15:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-08 11:54 . 2014-05-08 11:54 -------- d-----w- c:\windows\system32\Client Security Solution 2014-04-22 20:39 . 2014-04-22 20:39 -------- d-----w- c:\documents and settings\dub_cm_auto 2014-04-21 01:02 . 2013-10-17 15:32 19448 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-28 21:34 . 2012-07-13 15:40 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-28 21:34 . 2012-07-13 15:40 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-19 23:12 . 2014-03-19 23:12 469488 ----a-w- c:\windows\system32\cpnprt2wswin32.cid 2014-03-18 14:45 . 2014-03-18 14:45 465280 ----a-w- c:\windows\system32\cpnprt2win32.cid 2014-03-06 17:59 . 2008-07-21 22:50 920064 ----a-w- c:\windows\system32\wininet.dll 2014-03-06 17:59 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll 2014-03-06 17:59 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-03-06 17:59 . 2008-07-21 22:49 18944 ------w- c:\windows\system32\corpol.dll 2014-03-06 00:46 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec 2014-03-04 04:18 . 2014-04-03 16:14 936152 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symefa.sys 2014-03-03 04:54 . 2014-03-03 04:54 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2014-02-26 01:59 . 2014-03-28 02:07 13312 ------w- c:\windows\system32\xp_eos.exe 2014-02-18 01:32 . 2014-04-03 16:14 423256 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdi.sys 2014-02-18 01:32 . 2014-04-03 16:14 384728 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdiv.sys 2014-02-18 01:32 . 2014-04-03 16:14 447704 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symnets.sys 2014-02-13 01:59 . 2014-04-03 16:14 664280 ----a-w- c:\windows\system32\drivers\N360\1502000.026\srtsp.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 150040] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 136600] "LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824] "LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-10-26 335872] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-10-26 208896] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-06-25 00:31 95496 ------w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:BrotherNetwork Scanner . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1502000.026\symds.sys [4/3/2014 10:14 AM 367704] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1502000.026\symefa.sys [4/3/2014 10:14 AM 936152] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 5:21 PM 19496] R1 BHDrvx86;BHDrvx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [4/15/2014 2:22 PM 1098968] R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360\1502000.026\ccsetx86.sys [4/3/2014 10:13 AM 127064] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1502000.026\ironx86.sys [4/3/2014 10:13 AM 206936] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 6:50 PM 46144] R2 CouponPrinterService;Coupon Printer Service;c:\program files\Coupons\CouponPrinterService.exe [2/13/2014 4:56 PM 152560] R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [3/25/2014 5:48 AM 239680] R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [8/20/2009 3:39 PM 208896] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\21.2.0.38\n360.exe [4/3/2014 10:13 AM 265040] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/20/2009 3:42 PM 94208] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 6:07 PM 12560] R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [3/3/2014 12:38 PM 4972864] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 4:34 PM 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 6:50 PM 360448] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/2/2014 10:55 PM 108120] R3 IDSxpx86;IDSxpx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSXpx86.sys [5/8/2014 8:19 PM 383120] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/20/2009 3:26 PM 110080] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/8/2014 6:29 AM 23256] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/8/2014 6:29 AM 857912] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 9:18 AM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 9:16 AM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 9:15 AM 166384] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/1/2013 1:11 PM 161384] S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [3/21/2014 11:10 AM 266240] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [5/8/2014 6:30 AM 107736] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 9:18 AM 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 9:15 AM 1120752] S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/8/2014 6:29 AM 1809720] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-29 23:12 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 21:35] . 2014-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01] . 2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01] . 2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job - c:\windows\system32\xp_eos.exe [2014-03-28 01:59] . 2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - c:\windows\system32\xp_eos.exe [2014-03-28 01:59] . 2012-03-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] . 2014-05-09 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-20 16:48] . 2014-05-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13] . 2014-04-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13] . 2014-05-09 c:\windows\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 208.67.222.123 208.67.220.123 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files\Coupons\uninstall.exe AddRemove-d6e27ed1 - c:\windows\system32\d6e27ed1.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-05-09 12:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.2.0.38\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360\1502000.026\SYMTDI.SYS" "TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.2.0.38" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1084) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\qlbase.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\Lenovo\HOTKEY\tphklock.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\vti.dll . - - - - - - - > 'lsass.exe'(1140) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll . - - - - - - - > 'explorer.exe'(3040) c:\windows\system32\WININET.dll c:\program files\TeamViewer\Version9\tv_w32.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\windows\system32\rundll32.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\lenovo\system update\suservice.exe c:\program files\TeamViewer\Version9\TeamViewer.exe c:\windows\system32\wscntfy.exe c:\program files\TeamViewer\Version9\tv_w32.exe . ************************************************************************** . Completion time: 2014-05-09 12:13:46 - machine was rebooted ComboFix-quarantined-files.txt 2014-05-09 18:13 . Pre-Run: 111,252,606,976 bytes free Post-Run: 111,352,000,512 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 9906077D8D961751B30C5FDD0E9F487F ECA0DF36C8CD373AF8F175D564247B9A everything seems to be operating much better, no more of the original errors
  6. # AdwCleaner v3.207 - Report created 09/05/2014 at 07:17:23 # Updated 05/05/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : User - PAYNELAPTOP # Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\BasicScan Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Deleted : C:\Program Files\BasicScan ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKLM\Software\BasicScan Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BasicScan Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicScan ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v34.0.1847.131 [ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3292 octets] - [09/05/2014 07:12:52] AdwCleaner[s0].txt - [3273 octets] - [09/05/2014 07:17:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3333 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by User on Fri 05/09/2014 at 7:30:11.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\blekkotb_005" Failed to delete: [Folder] "C:\Program Files\coupons" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 05/09/2014 at 7:42:42.25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The computer is no longer redirecting webpages, seems to be running quicker. However, I can't attest to the constant disconnect and reconnecting of the internet connection yet, it sometimes will go a couple hours without doing that and then start doing it quite a bit.
  7. Was there something else I was supposed to do?
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014 Ran by User (administrator) on PAYNELAPTOP on 08-05-2014 15:38:33 Running from C:\Documents and Settings\User\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe (Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE (Sonix) C:\WINDOWS\vsnp2uvc.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Lenovo.) C:\WINDOWS\system32\TpShocks.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-10] (Synaptics, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-10] (Synaptics, Inc.) HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-08-20] (Sun Microsystems, Inc.) HKLM\...\Run: [LCONTROL] => C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-19] (ATK0101) HKLM\...\Run: [LFKA] => C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-15] (Lenovo) HKLM\...\Run: [PWRMGRTR] => C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [335872 2008-10-26] (Lenovo Group Limited) HKLM\...\Run: [bLOG] => C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2008-10-26] () HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited) Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) HKLM\...\Policies\Explorer\Run: [] => 1 No File HKLM\...\Policies\Explorer: [NofolderOptions] 0 HKU\.DEFAULT\...\RunOnce: [] - [X] HKU\.DEFAULT\...\Policies\system: [EnableLUA] 1 HKU\.DEFAULT\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-19\...\RunOnce: [] - [X] HKU\S-1-5-19\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-19\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-20\...\RunOnce: [] - [X] HKU\S-1-5-20\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-20\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.) HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\Policies\system: [EnableLUA] 1 HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\MountPoints2: {8e031a5e-5bd0-11e1-8feb-0026c641469c} - E:\kgji.exe HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\MountPoints2: {c52a57cf-89ab-11e1-9000-0026c641469c} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Pathways.exe Lsa: [Notification Packages] scecli psqlpwd ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=n360&pvid=21.1.0.18 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18 SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=2012041803774501921E2FD643648965&q={searchTerms} BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-02] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WhiteSmokeTranslator\WCaptureMoz FF Extension: WordCaptureX - C:\Program Files\WhiteSmokeTranslator\WCaptureMoz [2012-02-20] Chrome: ======= CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-21] CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-21] CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-02] CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02] CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-21] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WhiteSmokeTranslator [2012-02-20] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-03] ========================== Services (Whitelisted) ================= R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.) R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-08-20] (Sun Microsystems, Inc.) R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] () R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 N360; C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation) R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-10-26] () R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions) S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions) R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation) S2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-26] (Lenovo Group Limited) R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-11-24] () R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-11-24] (Lenovo Group Limited) S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] () S3 AVPsys; C:\WINDOWS\system32\drivers\cdaudio.sys [18688 2001-08-17] (Microsoft Corporation) R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation) R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-04-25] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-03-02] (Symantec Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.) R3 IDSxpx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140507.001\IDSxpx86.sys [383120 2014-03-26] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-08] (Malwarebytes Corporation) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\A0101X32.sys [5760 2007-08-24] () R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140508.001\NAVENG.SYS [93272 2014-04-25] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140508.001\NAVEX15.SYS [1612376 2014-04-25] (Symantec Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-03-04] (Intel Corporation) R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-08-20] (Microsoft Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation) R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [12560 2008-06-24] (UPEK Inc.) R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [9632128 2007-10-01] () R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation) R0 SymDS; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-03-02] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation) R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation) R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited) R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-10-26] () R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-30] () U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-08 15:38 - 2014-05-08 15:38 - 00000000 ____D () C:\FRST 2014-05-08 06:30 - 2014-05-08 15:32 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-08 06:29 - 2014-05-08 06:29 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-08 06:29 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-05-08 06:29 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-05-08 05:54 - 2014-05-08 05:54 - 00000000 ____D () C:\WINDOWS\system32\Client Security Solution 2014-05-03 06:59 - 2014-05-03 07:01 - 00005824 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-04-30 20:18 - 2014-04-30 20:18 - 00009481 _____ () C:\Documents and Settings\User\Desktop\KATIE DOC.odt 2014-04-23 10:05 - 2014-05-07 16:06 - 00003647 _____ () C:\Documents and Settings\User\Desktop\to do list.txt 2014-04-22 14:39 - 2014-04-22 14:39 - 00000000 ____D () C:\Documents and Settings\dub_cm_auto 2014-04-22 14:39 - 2014-04-22 08:13 - 03729920 _____ (Symantec Corporation) C:\Documents and Settings\dub_cm_auto\Application Data\NPE.exe 2014-04-20 19:02 - 2014-04-20 19:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9 2014-04-17 09:58 - 2014-04-17 09:58 - 00987136 _____ () C:\Documents and Settings\User\My Documents\OrderTrax - 20140417.mdb 2014-04-16 08:46 - 2014-04-16 08:46 - 00005291 _____ () C:\Documents and Settings\User\Desktop\red.htm 2014-04-12 08:26 - 2010-07-05 07:15 - 00017272 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll 2014-04-10 06:07 - 2014-04-10 06:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-09 19:37 - 2014-04-09 19:38 - 00011877 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-08 22:53 - 2013-11-26 22:50 - 1766719965 _____ () C:\Documents and Settings\User\Desktop\The Hunger Games.m4v 2014-04-08 22:35 - 2013-11-26 22:50 - 2006441843 _____ () C:\Documents and Settings\User\Desktop\INVICTUS.m4v 2014-04-08 22:34 - 2013-11-26 22:50 - 1032583867 _____ () C:\Documents and Settings\User\Desktop\I_AM_LEGEND.m4v 2014-04-08 22:29 - 2006-10-29 23:13 - 480017513 _____ () C:\Documents and Settings\User\Desktop\Signs.mp4 2014-04-08 22:11 - 2014-04-10 06:07 - 00014115 _____ () C:\WINDOWS\KB2922229.log ==================== One Month Modified Files and Folders ======= 2014-05-08 15:38 - 2014-05-08 15:38 - 00000000 ____D () C:\FRST 2014-05-08 15:37 - 2009-08-20 15:29 - 00823296 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG 2014-05-08 15:34 - 2012-07-13 09:40 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-08 15:33 - 2014-03-03 09:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype 2014-05-08 15:33 - 2012-02-21 21:02 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job 2014-05-08 15:32 - 2014-05-08 06:30 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-08 13:12 - 2014-03-03 16:01 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-08 12:50 - 2009-08-20 15:42 - 00000316 _____ () C:\WINDOWS\Tasks\PMTask.job 2014-05-08 12:47 - 2008-07-21 16:01 - 01201390 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-08 12:46 - 2014-03-31 06:47 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-05-08 12:46 - 2014-03-16 07:55 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job 2014-05-08 12:46 - 2014-03-03 16:01 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-08 12:46 - 2008-07-21 16:50 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-08 12:45 - 2008-07-21 08:58 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-05-08 12:45 - 2008-07-21 08:58 - 00000048 _____ () C:\WINDOWS\wiaservc.log 2014-05-08 12:44 - 2008-07-21 16:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-08 12:43 - 2009-12-24 05:40 - 00001040 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak 2014-05-08 12:42 - 2009-12-24 05:39 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini 2014-05-08 12:42 - 2008-07-21 16:05 - 00032492 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-08 06:57 - 2014-03-02 14:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$ 2014-05-08 06:57 - 2012-08-20 12:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UpdaterService 2014-05-08 06:29 - 2014-05-08 06:29 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-08 05:54 - 2014-05-08 05:54 - 00000000 ____D () C:\WINDOWS\system32\Client Security Solution 2014-05-07 16:06 - 2014-04-23 10:05 - 00003647 _____ () C:\Documents and Settings\User\Desktop\to do list.txt 2014-05-07 10:43 - 2014-03-03 23:32 - 00000459 _____ () C:\Documents and Settings\User\Desktop\copay.txt 2014-05-07 07:04 - 2014-03-04 15:46 - 00011212 _____ () C:\Documents and Settings\User\Desktop\Notes and charges.odt 2014-05-06 13:37 - 2014-03-05 17:56 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-05-03 07:01 - 2014-05-03 06:59 - 00005824 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-05-03 07:01 - 2009-08-20 15:07 - 00154331 _____ () C:\WINDOWS\updspapi.log 2014-05-03 07:01 - 2008-07-21 08:55 - 01674972 _____ () C:\WINDOWS\iis6.log 2014-05-03 07:01 - 2008-07-21 08:55 - 01532517 _____ () C:\WINDOWS\FaxSetup.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00741948 _____ () C:\WINDOWS\ocgen.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00709409 _____ () C:\WINDOWS\tsoc.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00520162 _____ () C:\WINDOWS\comsetup.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00468178 _____ () C:\WINDOWS\msmqinst.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00313658 _____ () C:\WINDOWS\ntdtcsetup.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00269208 _____ () C:\WINDOWS\netfxocm.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00106048 _____ () C:\WINDOWS\MedCtrOC.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00085017 _____ () C:\WINDOWS\ocmsn.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00077800 _____ () C:\WINDOWS\tabletoc.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00076885 _____ () C:\WINDOWS\msgsocm.log 2014-05-03 07:01 - 2008-07-21 08:55 - 00001355 _____ () C:\WINDOWS\imsins.log 2014-05-02 16:03 - 2014-03-08 20:21 - 00042479 _____ () C:\Documents and Settings\User\Desktop\Mad Money 2014.ods 2014-04-30 20:18 - 2014-04-30 20:18 - 00009481 _____ () C:\Documents and Settings\User\Desktop\KATIE DOC.odt 2014-04-30 02:13 - 2008-07-21 16:49 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-04-30 02:13 - 2007-08-13 19:54 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-04-29 17:15 - 2014-03-03 16:03 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-04-29 11:39 - 2012-07-11 14:33 - 00526789 _____ () C:\WINDOWS\setupapi.log 2014-04-28 15:34 - 2012-07-13 09:40 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-28 15:34 - 2012-07-13 09:40 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-28 14:48 - 2014-03-24 07:59 - 00002367 _____ () C:\Documents and Settings\All Users\Desktop\Klarion OrderTrax.lnk 2014-04-26 08:42 - 2009-08-20 15:21 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2014-04-25 15:53 - 2009-08-20 15:42 - 00089832 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-04-25 06:07 - 2008-07-21 08:55 - 00341832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-22 14:39 - 2014-04-22 14:39 - 00000000 ____D () C:\Documents and Settings\dub_cm_auto 2014-04-22 08:13 - 2014-04-22 14:39 - 03729920 _____ (Symantec Corporation) C:\Documents and Settings\dub_cm_auto\Application Data\NPE.exe 2014-04-21 15:39 - 2014-03-25 05:49 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Foxit Software 2014-04-21 09:32 - 2014-03-03 09:33 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk 2014-04-20 19:02 - 2014-04-20 19:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9 2014-04-20 19:02 - 2014-03-28 12:54 - 00002030 _____ () C:\WINDOWS\system32\TeamViewer9_Hooks.log 2014-04-20 19:02 - 2014-03-03 12:38 - 00000822 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk 2014-04-17 09:58 - 2014-04-17 09:58 - 00987136 _____ () C:\Documents and Settings\User\My Documents\OrderTrax - 20140417.mdb 2014-04-16 08:46 - 2014-04-16 08:46 - 00005291 _____ () C:\Documents and Settings\User\Desktop\red.htm 2014-04-12 09:32 - 2008-07-21 15:59 - 00107437 ____C () C:\WINDOWS\wmsetup.log 2014-04-12 08:33 - 2009-08-20 15:29 - 00022816 ____C () C:\WINDOWS\spupdsvc.log 2014-04-12 08:27 - 2012-02-20 08:47 - 00000789 _____ () C:\Documents and Settings\User\Desktop\Windows Media Player.lnk 2014-04-12 08:27 - 2009-12-24 05:39 - 00000795 _____ () C:\Documents and Settings\User\Start Menu\Programs\Windows Media Player.lnk 2014-04-12 08:26 - 2014-03-16 08:22 - 00013367 _____ () C:\WINDOWS\MSCompPackV1.log 2014-04-12 08:26 - 2014-03-16 08:21 - 00033144 _____ () C:\WINDOWS\wmp11.log 2014-04-12 08:26 - 2008-07-21 16:02 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb 2014-04-12 08:26 - 2008-07-21 16:02 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb 2014-04-12 08:25 - 2014-03-16 08:20 - 00055010 _____ () C:\WINDOWS\WMFDist11.log 2014-04-12 08:25 - 2014-03-16 08:20 - 00015172 _____ () C:\WINDOWS\Wudf01000Inst.log 2014-04-12 07:11 - 2014-03-05 18:02 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Apple Computer 2014-04-10 06:08 - 2009-08-20 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-04-10 06:07 - 2014-04-10 06:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$ 2014-04-10 06:07 - 2014-04-08 22:11 - 00014115 _____ () C:\WINDOWS\KB2922229.log 2014-04-10 06:07 - 2008-07-21 08:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-04-10 06:03 - 2014-03-03 08:33 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-09 19:39 - 2012-02-19 15:23 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-09 19:38 - 2014-04-09 19:37 - 00011877 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-04-09 19:38 - 2012-02-19 15:53 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-04-08 22:34 - 2014-03-16 07:55 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job 2014-04-08 22:28 - 2014-03-05 17:36 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Feb2014 Some content of TEMP: ==================== C:\Documents and Settings\User\Local Settings\Temp\Foxit Reader Updater.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-05-2014 Ran by User at 2014-05-08 15:39:28 Running from C:\Documents and Settings\User\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Security Suite (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ==================== Installed Programs ====================== 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: - ) Adobe Flash Player 10 Plugin (HKLM\...\{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}) (Version: 10.0.12.36 - Adobe Systems, Inc.) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader 8.2.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.29 - Lenovo) Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.54.0.0 - Conexant) Contextual Tool Extrafind (HKLM\...\d6e27ed1) (Version: - ) <==== ATTENTION Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) DirectXInstallService (Version: 9.0.2 - Roxio) Hidden Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions) Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation) Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems) Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - ) Heroes of Might and Magic® III Complete (HKLM\...\Heroes of Might and Magic® III) (Version: - ) Integrated Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.35003.0 - Sonix) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation) InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1243 - InterVideo Inc.) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 3.00b - ) Lenovo Care Supplement (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 3.00b - ) Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies) Lenovo System Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5122.07 - PC-Doctor, Inc.) Lenovo_ATK_Package (HKLM\...\{055B9AD2-48E1-462E-9992-814123063C46}) (Version: 0.00.04.0 - Lenovo) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - ) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Broadband Connect (HKLM\...\{11733061-B36C-472D-BC43-EB67A912C897}) (Version: 3.4.0059 - Lenovo) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation) Norton Security Suite (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.13.01 - ) Online Data Backup (HKLM\...\{4C018129-1793-48D2-B82C-6FA71C96B476}) (Version: 1.00.0001 - lenovo) OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) OrderTrax (HKLM\...\{F596354D-56BC-11D5-970D-004005615399}) (Version: 3.2.5 - Klarion) Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - ) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.13.0000 - Realtek) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.21.0030.00 - Lenovo Group Limited) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - ) Roxio Activation Module (Version: 1.0 - Roxio) Hidden Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden Roxio Central Core (Version: 3.7.0 - Roxio) Hidden Roxio Central Data (Version: 3.7.0 - Roxio) Hidden Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio) Roxio Creator Small Business Edition (Version: 10.1.177 - Roxio) Hidden Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.15.0017 - Lenovo) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer) ThinkPad EasyEject Utility (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.36 - ) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.03 - ) ThinkPad PC Card Power Policy (Version: 1.02 - ) Hidden ThinkPad Power Management Driver for SL Series (HKLM\...\Power Management Driver) (Version: 1.44 - ) ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.48 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.19.5 - ) ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - ) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo) ThinkVantage Fingerprint Software 5.8 (HKLM\...\{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}) (Version: 5.8.2.4462 - UPEK Inc.) ThinkVantage Technologies Welcome Message (Version: 2.00 - ) Hidden Un-Rar for Windows 9.22beta (HKLM\...\Un-Rar for Windows) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Verizon Wireless BroadbandAccess Self Activation (HKLM\...\{3F963A06-7C18-4039-9789-9644B3266AE7}) (Version: 1.3.2 - Smith Micro Software, Inc.) Wallpapers (Version: - ) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WhiteSmokeTranslator (HKLM\...\WhiteSmokeTranslator) (Version: 1.00.6033.12731 - WhiteSmoke) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Connect (Version: - Microsoft Corporation) Hidden Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden XP Themes (Version: 1.00.0000 - Lenovo) Hidden ==================== Restore Points ========================= 02-03-2014 19:55:38 Software Distribution Service 3.0 03-03-2014 02:40:01 Removed Bing Bar 03-03-2014 04:16:17 Removed Steam 03-03-2014 14:17:22 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2008-07-21 16:49 - 2008-04-14 06:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PCDR5\pcdr5cuiw32.exe Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2008-09-23 20:20 - 2006-09-06 01:37 - 00034344 ____N () C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2009-02-27 07:51 - 2009-02-27 07:51 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL 2009-08-20 15:39 - 2007-10-30 12:35 - 00094208 ____R () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe 2009-08-20 15:39 - 2008-03-19 22:46 - 00208896 ____R () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe 2014-04-20 19:02 - 2013-10-17 09:32 - 00019448 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2009-08-20 15:37 - 2007-06-18 17:28 - 00056056 ____N () C:\WINDOWS\system32\DLAAPI_W.DLL 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-03-21 11:09 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2008-07-21 16:50 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2008-11-24 16:34 - 2008-11-24 16:34 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe 2008-11-24 16:28 - 2008-11-24 16:28 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll 2009-08-20 15:42 - 2008-10-26 10:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE 2009-08-20 15:42 - 2008-10-26 10:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL 2009-08-20 15:42 - 2008-10-26 10:48 - 00045056 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL 2009-08-20 15:39 - 2007-03-09 17:16 - 00106496 ____R () C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll 2008-07-21 16:49 - 2008-04-14 06:00 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll 2008-07-21 16:49 - 2008-04-14 06:00 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll 2009-08-20 15:39 - 2008-02-25 18:01 - 00061440 ____R () C:\WINDOWS\system32\AABATT.dll 2008-07-21 16:50 - 2008-04-14 06:00 - 00192512 ____C () C:\WINDOWS\system32\qcap.dll 2008-11-24 16:28 - 2008-11-24 16:28 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll 2014-04-29 17:15 - 2014-04-23 18:33 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll 2014-04-29 17:15 - 2014-04-23 18:33 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll 2014-04-29 17:15 - 2014-04-23 18:33 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll 2014-04-29 17:15 - 2014-04-23 18:33 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/08/2014 01:47:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 1425782 Error: (05/08/2014 01:47:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 1425782 Error: (05/08/2014 01:47:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/08/2014 01:23:25 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/06/2014 04:01:13 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 8390 Error: (05/06/2014 04:01:13 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 8390 Error: (05/06/2014 04:01:13 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/06/2014 04:01:09 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 5156 Error: (05/06/2014 04:01:09 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 5156 Error: (05/06/2014 04:01:09 PM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (05/08/2014 01:47:30 PM) (Source: Service Control Manager) (User: ) (EventID: 7011) Description: Timeout (30000 milliseconds) waiting for a transaction response from the TeamViewer9 service. Error: (05/08/2014 00:46:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7011) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: The System Update service failed to start due to the following error: %%1053 Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Timeout (30000 milliseconds) waiting for the System Update service to connect. Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The System Restore Service service terminated with the following error: %%2 Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: The SessionLauncher service failed to start due to the following error: %%3 Error: (05/08/2014 00:44:37 PM) (Source: SRService) (User: ) (EventID: 104) Description: The System Restore initialization process failed. Error: (05/08/2014 07:00:00 AM) (Source: Service Control Manager) (User: ) (EventID: 7026) Description: The following boot-start or system-start driver(s) failed to load: Pcmcia Error: (05/08/2014 06:59:43 AM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The System Restore Service service terminated with the following error: %%2 Error: (05/08/2014 06:59:43 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: The SessionLauncher service failed to start due to the following error: %%3 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 3037.23 MB Available physical RAM: 1773.41 MB Total Pagefile: 4921.18 MB Available Pagefile: 3522.05 MB Total Virtual: 2047.88 MB Available Virtual: 1942.35 MB ==================== Drives ================================ Drive c: (Preload) (Fixed) (Total:227.18 GB) (Free:102.17 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: 777AA0E1) Partition 1: (Active) - (Size=227 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=6 GB) - (Type=12) ==================== End Of Log ============================
  9. I first noticed an issue a week ago that when I opened a new tab it came up with a random search page witha ds all over it. I did some research and found I had "conduit.search" bug which I thought I removed. It stopped doing that but has started to do other things. My internet connects and reconnects within 1 minute several times a day. Also, when I type in a web address in chrome it will mostly say unable to connect, even when internet is on. I have found 3 things suspicious. belkkotb Search.conduit Anti-phishing domain advisor I can't get them completely removed on my own. Please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.