Jump to content

Browser Redirect Virus


Recommended Posts

I first noticed an issue a week ago that when I opened a new tab it came up with a random search page witha ds all over it.  I did some research and found I had "conduit.search" bug which I thought I removed.  It stopped doing that but has started to do other things.  My internet connects and reconnects within 1 minute several times a day.  Also, when I type in a web address in chrome it will mostly say unable to connect, even when internet is on.  I have found 3 things suspicious.  

 

belkkotb

Search.conduit

Anti-phishing domain advisor

 

I can't get them completely removed on my own.  Please help.

Link to post
Share on other sites

  • Staff

Hello tresslers

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014

Ran by User (administrator) on PAYNELAPTOP on 08-05-2014 15:38:33

Running from C:\Documents and Settings\User\My Documents\Downloads

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe

() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe

(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\n360.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe

(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe

(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE

(Sonix) C:\WINDOWS\vsnp2uvc.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Lenovo.) C:\WINDOWS\system32\TpShocks.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Lenovo Group Limited) C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.EXE

(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe

(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-10] (Synaptics, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-10] (Synaptics, Inc.)

HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-08-20] (Sun Microsystems, Inc.)

HKLM\...\Run: [LCONTROL] => C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-19] (ATK0101)

HKLM\...\Run: [LFKA] => C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-15] (Lenovo)

HKLM\...\Run: [PWRMGRTR] => C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [335872 2008-10-26] (Lenovo Group Limited)

HKLM\...\Run: [bLOG] => C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2008-10-26] ()

HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-13] (Lenovo Group Limited)

Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)

Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)

HKLM\...\Policies\Explorer\Run: [] => 1 No File

HKLM\...\Policies\Explorer: [NofolderOptions] 0

HKU\.DEFAULT\...\RunOnce: [] - [X]

HKU\.DEFAULT\...\Policies\system: [EnableLUA] 1

HKU\.DEFAULT\...\Policies\Explorer: [NofolderOptions] 0

HKU\S-1-5-19\...\RunOnce: [] - [X]

HKU\S-1-5-19\...\Policies\system: [EnableLUA] 1

HKU\S-1-5-19\...\Policies\Explorer: [NofolderOptions] 0

HKU\S-1-5-20\...\RunOnce: [] - [X]

HKU\S-1-5-20\...\Policies\system: [EnableLUA] 1

HKU\S-1-5-20\...\Policies\Explorer: [NofolderOptions] 0

HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)

HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\Policies\system: [EnableLUA] 1

HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\Policies\Explorer: [NofolderOptions] 0

HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\MountPoints2: {8e031a5e-5bd0-11e1-8feb-0026c641469c} - E:\kgji.exe

HKU\S-1-5-21-109567894-1623751081-2236090892-1008\...\MountPoints2: {c52a57cf-89ab-11e1-9000-0026c641469c} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Pathways.exe

Lsa: [Notification Packages] scecli psqlpwd

 

==================== Internet (Whitelisted) ====================

 


HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/


SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=2012041803774501921E2FD643648965&q={searchTerms}

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab




DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123 75.75.76.76

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-20]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-02]

FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\

FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WhiteSmokeTranslator\WCaptureMoz

FF Extension: WordCaptureX - C:\Program Files\WhiteSmokeTranslator\WCaptureMoz [2012-02-20]

 

Chrome: 

=======

CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-21]

CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-21]

CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-02]

CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]

CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-21]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WhiteSmokeTranslator [2012-02-20]

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-03]

 

========================== Services (Whitelisted) =================

 

R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] ()

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)

R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)

R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-08-20] (Sun Microsystems, Inc.)

R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-19] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 N360; C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation)

R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [94208 2008-10-26] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)

S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)

S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)

R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation)

S2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2011-07-26] (Lenovo Group Limited)

R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-11-24] ()

R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-11-24] (Lenovo Group Limited)

S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()

S3 AVPsys; C:\WINDOWS\system32\drivers\cdaudio.sys [18688 2001-08-17] (Microsoft Corporation)

R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)

R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)

R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-04-25] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-03-02] (Symantec Corporation)

S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)

S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)

R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)

R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)

R3 IDSxpx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140507.001\IDSxpx86.sys [383120 2014-03-26] (Symantec Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-08] (Malwarebytes Corporation)

R3 MTsensor; C:\WINDOWS\System32\DRIVERS\A0101X32.sys [5760 2007-08-24] ()

R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140508.001\NAVENG.SYS [93272 2014-04-25] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140508.001\NAVEX15.SYS [1612376 2014-04-25] (Symantec Corporation)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-03-04] (Intel Corporation)

R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-08-20] (Microsoft Corporation)

R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)

R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [12560 2008-06-24] (UPEK Inc.)

R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [9632128 2007-10-01] ()

R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)

R0 SymDS; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-03-02] (Symantec Corporation)

R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)

R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)

R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)

R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2008-10-26] ()

R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-30] ()

U1 WS2IFSL; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-05-08 15:38 - 2014-05-08 15:38 - 00000000 ____D () C:\FRST

2014-05-08 06:30 - 2014-05-08 15:32 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-05-08 06:29 - 2014-05-08 06:29 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-05-08 06:29 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-05-08 06:29 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-05-08 05:54 - 2014-05-08 05:54 - 00000000 ____D () C:\WINDOWS\system32\Client Security Solution

2014-05-03 06:59 - 2014-05-03 07:01 - 00005824 _____ () C:\WINDOWS\KB2964358-IE8.log

2014-04-30 20:18 - 2014-04-30 20:18 - 00009481 _____ () C:\Documents and Settings\User\Desktop\KATIE DOC.odt

2014-04-23 10:05 - 2014-05-07 16:06 - 00003647 _____ () C:\Documents and Settings\User\Desktop\to do list.txt

2014-04-22 14:39 - 2014-04-22 14:39 - 00000000 ____D () C:\Documents and Settings\dub_cm_auto

2014-04-22 14:39 - 2014-04-22 08:13 - 03729920 _____ (Symantec Corporation) C:\Documents and Settings\dub_cm_auto\Application Data\NPE.exe

2014-04-20 19:02 - 2014-04-20 19:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9

2014-04-17 09:58 - 2014-04-17 09:58 - 00987136 _____ () C:\Documents and Settings\User\My Documents\OrderTrax - 20140417.mdb

2014-04-16 08:46 - 2014-04-16 08:46 - 00005291 _____ () C:\Documents and Settings\User\Desktop\red.htm

2014-04-12 08:26 - 2010-07-05 07:15 - 00017272 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll

2014-04-10 06:07 - 2014-04-10 06:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$

2014-04-09 19:37 - 2014-04-09 19:38 - 00011877 _____ () C:\WINDOWS\KB2936068-IE8.log

2014-04-08 22:53 - 2013-11-26 22:50 - 1766719965 _____ () C:\Documents and Settings\User\Desktop\The Hunger Games.m4v

2014-04-08 22:35 - 2013-11-26 22:50 - 2006441843 _____ () C:\Documents and Settings\User\Desktop\INVICTUS.m4v

2014-04-08 22:34 - 2013-11-26 22:50 - 1032583867 _____ () C:\Documents and Settings\User\Desktop\I_AM_LEGEND.m4v

2014-04-08 22:29 - 2006-10-29 23:13 - 480017513 _____ () C:\Documents and Settings\User\Desktop\Signs.mp4

2014-04-08 22:11 - 2014-04-10 06:07 - 00014115 _____ () C:\WINDOWS\KB2922229.log

 

==================== One Month Modified Files and Folders =======

 

2014-05-08 15:38 - 2014-05-08 15:38 - 00000000 ____D () C:\FRST

2014-05-08 15:37 - 2009-08-20 15:29 - 00823296 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG

2014-05-08 15:34 - 2012-07-13 09:40 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-05-08 15:33 - 2014-03-03 09:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype

2014-05-08 15:33 - 2012-02-21 21:02 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job

2014-05-08 15:32 - 2014-05-08 06:30 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-05-08 13:12 - 2014-03-03 16:01 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-08 12:50 - 2009-08-20 15:42 - 00000316 _____ () C:\WINDOWS\Tasks\PMTask.job

2014-05-08 12:47 - 2008-07-21 16:01 - 01201390 _____ () C:\WINDOWS\WindowsUpdate.log

2014-05-08 12:46 - 2014-03-31 06:47 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-05-08 12:46 - 2014-03-16 07:55 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job

2014-05-08 12:46 - 2014-03-03 16:01 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-08 12:46 - 2008-07-21 16:50 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl

2014-05-08 12:45 - 2008-07-21 08:58 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-05-08 12:45 - 2008-07-21 08:58 - 00000048 _____ () C:\WINDOWS\wiaservc.log

2014-05-08 12:44 - 2008-07-21 16:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-05-08 12:43 - 2009-12-24 05:40 - 00001040 _____ () C:\WINDOWS\system32\ICAutoUpdate.log.bak

2014-05-08 12:42 - 2009-12-24 05:39 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini

2014-05-08 12:42 - 2008-07-21 16:05 - 00032492 _____ () C:\WINDOWS\SchedLgU.Txt

2014-05-08 06:57 - 2014-03-02 14:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$

2014-05-08 06:57 - 2012-08-20 12:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UpdaterService

2014-05-08 06:29 - 2014-05-08 06:29 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-08 06:29 - 2014-05-08 06:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-05-08 05:54 - 2014-05-08 05:54 - 00000000 ____D () C:\WINDOWS\system32\Client Security Solution

2014-05-07 16:06 - 2014-04-23 10:05 - 00003647 _____ () C:\Documents and Settings\User\Desktop\to do list.txt

2014-05-07 10:43 - 2014-03-03 23:32 - 00000459 _____ () C:\Documents and Settings\User\Desktop\copay.txt

2014-05-07 07:04 - 2014-03-04 15:46 - 00011212 _____ () C:\Documents and Settings\User\Desktop\Notes and charges.odt

2014-05-06 13:37 - 2014-03-05 17:56 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-05-03 07:01 - 2014-05-03 06:59 - 00005824 _____ () C:\WINDOWS\KB2964358-IE8.log

2014-05-03 07:01 - 2009-08-20 15:07 - 00154331 _____ () C:\WINDOWS\updspapi.log

2014-05-03 07:01 - 2008-07-21 08:55 - 01674972 _____ () C:\WINDOWS\iis6.log

2014-05-03 07:01 - 2008-07-21 08:55 - 01532517 _____ () C:\WINDOWS\FaxSetup.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00741948 _____ () C:\WINDOWS\ocgen.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00709409 _____ () C:\WINDOWS\tsoc.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00520162 _____ () C:\WINDOWS\comsetup.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00468178 _____ () C:\WINDOWS\msmqinst.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00313658 _____ () C:\WINDOWS\ntdtcsetup.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00269208 _____ () C:\WINDOWS\netfxocm.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00106048 _____ () C:\WINDOWS\MedCtrOC.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00085017 _____ () C:\WINDOWS\ocmsn.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00077800 _____ () C:\WINDOWS\tabletoc.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00076885 _____ () C:\WINDOWS\msgsocm.log

2014-05-03 07:01 - 2008-07-21 08:55 - 00001355 _____ () C:\WINDOWS\imsins.log

2014-05-02 16:03 - 2014-03-08 20:21 - 00042479 _____ () C:\Documents and Settings\User\Desktop\Mad Money 2014.ods

2014-04-30 20:18 - 2014-04-30 20:18 - 00009481 _____ () C:\Documents and Settings\User\Desktop\KATIE DOC.odt

2014-04-30 02:13 - 2008-07-21 16:49 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-04-30 02:13 - 2007-08-13 19:54 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll

2014-04-29 17:15 - 2014-03-03 16:03 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-04-29 11:39 - 2012-07-11 14:33 - 00526789 _____ () C:\WINDOWS\setupapi.log

2014-04-28 15:34 - 2012-07-13 09:40 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-04-28 15:34 - 2012-07-13 09:40 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-04-28 14:48 - 2014-03-24 07:59 - 00002367 _____ () C:\Documents and Settings\All Users\Desktop\Klarion OrderTrax.lnk

2014-04-26 08:42 - 2009-08-20 15:21 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups

2014-04-25 15:53 - 2009-08-20 15:42 - 00089832 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2014-04-25 06:07 - 2008-07-21 08:55 - 00341832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-04-22 14:39 - 2014-04-22 14:39 - 00000000 ____D () C:\Documents and Settings\dub_cm_auto

2014-04-22 08:13 - 2014-04-22 14:39 - 03729920 _____ (Symantec Corporation) C:\Documents and Settings\dub_cm_auto\Application Data\NPE.exe

2014-04-21 15:39 - 2014-03-25 05:49 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Foxit Software

2014-04-21 09:32 - 2014-03-03 09:33 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk

2014-04-20 19:02 - 2014-04-20 19:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9

2014-04-20 19:02 - 2014-03-28 12:54 - 00002030 _____ () C:\WINDOWS\system32\TeamViewer9_Hooks.log

2014-04-20 19:02 - 2014-03-03 12:38 - 00000822 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk

2014-04-17 09:58 - 2014-04-17 09:58 - 00987136 _____ () C:\Documents and Settings\User\My Documents\OrderTrax - 20140417.mdb

2014-04-16 08:46 - 2014-04-16 08:46 - 00005291 _____ () C:\Documents and Settings\User\Desktop\red.htm

2014-04-12 09:32 - 2008-07-21 15:59 - 00107437 ____C () C:\WINDOWS\wmsetup.log

2014-04-12 08:33 - 2009-08-20 15:29 - 00022816 ____C () C:\WINDOWS\spupdsvc.log

2014-04-12 08:27 - 2012-02-20 08:47 - 00000789 _____ () C:\Documents and Settings\User\Desktop\Windows Media Player.lnk

2014-04-12 08:27 - 2009-12-24 05:39 - 00000795 _____ () C:\Documents and Settings\User\Start Menu\Programs\Windows Media Player.lnk

2014-04-12 08:26 - 2014-03-16 08:22 - 00013367 _____ () C:\WINDOWS\MSCompPackV1.log

2014-04-12 08:26 - 2014-03-16 08:21 - 00033144 _____ () C:\WINDOWS\wmp11.log

2014-04-12 08:26 - 2008-07-21 16:02 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb

2014-04-12 08:26 - 2008-07-21 16:02 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb

2014-04-12 08:25 - 2014-03-16 08:20 - 00055010 _____ () C:\WINDOWS\WMFDist11.log

2014-04-12 08:25 - 2014-03-16 08:20 - 00015172 _____ () C:\WINDOWS\Wudf01000Inst.log

2014-04-12 07:11 - 2014-03-05 18:02 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Apple Computer

2014-04-10 06:08 - 2009-08-20 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-04-10 06:07 - 2014-04-10 06:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$

2014-04-10 06:07 - 2014-04-08 22:11 - 00014115 _____ () C:\WINDOWS\KB2922229.log

2014-04-10 06:07 - 2008-07-21 08:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK

2014-04-10 06:03 - 2014-03-03 08:33 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-04-09 19:39 - 2012-02-19 15:23 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-04-09 19:38 - 2014-04-09 19:37 - 00011877 _____ () C:\WINDOWS\KB2936068-IE8.log

2014-04-09 19:38 - 2012-02-19 15:53 - 00000000 ____D () C:\WINDOWS\ie8updates

2014-04-08 22:34 - 2014-03-16 07:55 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job

2014-04-08 22:28 - 2014-03-05 17:36 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Feb2014

 

Some content of TEMP:

====================

C:\Documents and Settings\User\Local Settings\Temp\Foxit Reader Updater.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\system32\winlogon.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

 

 

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-05-2014

Ran by User at 2014-05-08 15:39:28

Running from C:\Documents and Settings\User\My Documents\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Norton Security Suite (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

==================== Installed Programs ======================

 

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version:  - )

Adobe Flash Player 10 Plugin (HKLM\...\{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}) (Version: 10.0.12.36 - Adobe Systems, Inc.)

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)

Adobe Reader 8.2.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)

Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)

Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden

Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.29 - Lenovo)

Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.54.0.0 - Conexant)

Contextual Tool Extrafind (HKLM\...\d6e27ed1) (Version:  - ) <==== ATTENTION

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)

DirectXInstallService (Version: 9.0.2 - Roxio) Hidden

Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)

Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)

Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)

Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)

Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - )

Heroes of Might and Magic® III Complete (HKLM\...\Heroes of Might and Magic® III) (Version:  - )

Integrated Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.35003.0 - Sonix)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation)

InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden

InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1243 - InterVideo Inc.)

iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)

Java 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)

Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 3.00b - )

Lenovo Care Supplement (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 3.00b - )

Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)

Lenovo System Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5122.07 - PC-Doctor, Inc.)

Lenovo_ATK_Package (HKLM\...\{055B9AD2-48E1-462E-9992-814123063C46}) (Version: 0.00.04.0 - Lenovo)

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - )

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden

Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden

Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)

Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mobile Broadband Connect (HKLM\...\{11733061-B36C-472D-BC43-EB67A912C897}) (Version: 3.4.0059 - Lenovo)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)

Norton Security Suite (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)

On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.13.01 - )

Online Data Backup (HKLM\...\{4C018129-1793-48D2-B82C-6FA71C96B476}) (Version: 1.00.0001 - lenovo)

OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

OrderTrax (HKLM\...\{F596354D-56BC-11D5-970D-004005615399}) (Version: 3.2.5 - Klarion)

Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )

RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.13.0000 - Realtek)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.21.0030.00 - Lenovo Group Limited)

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )

Roxio Activation Module (Version: 1.0 - Roxio) Hidden

Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden

Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden

Roxio Central Core (Version: 3.7.0 - Roxio) Hidden

Roxio Central Data (Version: 3.7.0 - Roxio) Hidden

Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)

Roxio Creator Small Business Edition (Version: 10.1.177 - Roxio) Hidden

Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden

Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden

Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden

Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.15.0017 - Lenovo)

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)

ThinkPad EasyEject Utility  (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.36 - )

ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.03 - )

ThinkPad PC Card Power Policy (Version: 1.02 - ) Hidden

ThinkPad Power Management Driver for SL Series (HKLM\...\Power Management Driver) (Version: 1.44 - )

ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.48 - )

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.19.5 - )

ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )

ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo)

ThinkVantage Fingerprint Software 5.8 (HKLM\...\{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}) (Version: 5.8.2.4462 - UPEK Inc.)

ThinkVantage Technologies Welcome Message (Version: 2.00 - ) Hidden

Un-Rar for Windows 9.22beta (HKLM\...\Un-Rar for Windows) (Version:  - )

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)

Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden

Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden

Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)

Verizon Wireless BroadbandAccess Self Activation (HKLM\...\{3F963A06-7C18-4039-9789-9644B3266AE7}) (Version: 1.3.2 - Smith Micro Software, Inc.)

Wallpapers (Version:  - ) Hidden

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

WhiteSmokeTranslator (HKLM\...\WhiteSmokeTranslator) (Version: 1.00.6033.12731 - WhiteSmoke)

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Connect (Version:  - Microsoft Corporation) Hidden

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden

Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden

XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

XP Themes (Version: 1.00.0000 - Lenovo) Hidden

 

==================== Restore Points  =========================

 

02-03-2014 19:55:38 Software Distribution Service 3.0

03-03-2014 02:40:01 Removed Bing Bar

03-03-2014 04:16:17 Removed Steam

03-03-2014 14:17:22 Software Distribution Service 3.0

 

==================== Hosts content: ==========================

 

2008-07-21 16:49 - 2008-04-14 06:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PCDR5\pcdr5cuiw32.exe

Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job => C:\WINDOWS\system32\msfeedssync.exe

 

==================== Loaded Modules (whitelisted) =============

 

2008-09-23 20:20 - 2006-09-06 01:37 - 00034344 ____N () C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

2009-02-27 07:51 - 2009-02-27 07:51 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL

2009-08-20 15:39 - 2007-10-30 12:35 - 00094208 ____R () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

2009-08-20 15:39 - 2008-03-19 22:46 - 00208896 ____R () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

2014-04-20 19:02 - 2013-10-17 09:32 - 00019448 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2009-08-20 15:37 - 2007-06-18 17:28 - 00056056 ____N () C:\WINDOWS\system32\DLAAPI_W.DLL

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-03-21 11:09 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

2008-07-21 16:50 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

2008-11-24 16:34 - 2008-11-24 16:34 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

2008-11-24 16:28 - 2008-11-24 16:28 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll

2009-08-20 15:42 - 2008-10-26 10:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

2009-08-20 15:42 - 2008-10-26 10:48 - 00094208 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL

2009-08-20 15:42 - 2008-10-26 10:48 - 00045056 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL

2009-08-20 15:39 - 2007-03-09 17:16 - 00106496 ____R () C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll

2008-07-21 16:49 - 2008-04-14 06:00 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll

2008-07-21 16:49 - 2008-04-14 06:00 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll

2009-08-20 15:39 - 2008-02-25 18:01 - 00061440 ____R () C:\WINDOWS\system32\AABATT.dll

2008-07-21 16:50 - 2008-04-14 06:00 - 00192512 ____C () C:\WINDOWS\system32\qcap.dll

2008-11-24 16:28 - 2008-11-24 16:28 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll

2014-04-29 17:15 - 2014-04-23 18:33 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

2014-04-29 17:15 - 2014-04-23 18:33 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll

2014-04-29 17:15 - 2014-04-23 18:33 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll

2014-04-29 17:15 - 2014-04-23 18:33 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/08/2014 01:47:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 1425782

 

Error: (05/08/2014 01:47:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 1425782

 

Error: (05/08/2014 01:47:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/08/2014 01:23:25 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/06/2014 04:01:13 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 8390

 

Error: (05/06/2014 04:01:13 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 8390

 

Error: (05/06/2014 04:01:13 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/06/2014 04:01:09 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 5156

 

Error: (05/06/2014 04:01:09 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 5156

 

Error: (05/06/2014 04:01:09 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (05/08/2014 01:47:30 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)

Description: Timeout (30000 milliseconds) waiting for a transaction response from the TeamViewer9 service.

 

Error: (05/08/2014 00:46:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)

Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

 

Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)

Description: The System Update service failed to start due to the following error: 

%%1053

 

Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)

Description: Timeout (30000 milliseconds) waiting for the System Update service to connect.

 

Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)

Description: The System Restore Service service terminated with the following error: 

%%2

 

Error: (05/08/2014 00:45:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)

Description: The SessionLauncher service failed to start due to the following error: 

%%3

 

Error: (05/08/2014 00:44:37 PM) (Source: SRService) (User: ) (EventID: 104)

Description: The System Restore initialization process failed.

 

Error: (05/08/2014 07:00:00 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)

Description: The following boot-start or system-start driver(s) failed to load: 

Pcmcia

 

Error: (05/08/2014 06:59:43 AM) (Source: Service Control Manager) (User: ) (EventID: 7023)

Description: The System Restore Service service terminated with the following error: 

%%2

 

Error: (05/08/2014 06:59:43 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)

Description: The SessionLauncher service failed to start due to the following error: 

%%3

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 41%

Total physical RAM: 3037.23 MB

Available physical RAM: 1773.41 MB

Total Pagefile: 4921.18 MB

Available Pagefile: 3522.05 MB

Total Virtual: 2047.88 MB

Available Virtual: 1942.35 MB

 

==================== Drives ================================

 

Drive c: (Preload) (Fixed) (Total:227.18 GB) (Free:102.17 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: 777AA0E1)

Partition 1: (Active) - (Size=227 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=6 GB) - (Type=12)

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello tresslers

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

# AdwCleaner v3.207 - Report created 09/05/2014 at 07:17:23

# Updated 05/05/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : User - PAYNELAPTOP

# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\BasicScan

Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars

Folder Deleted : C:\Program Files\BasicScan

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKLM\Software\BasicScan

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BasicScan

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicScan

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Google Chrome v34.0.1847.131

 

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 





 

*************************

 

AdwCleaner[R0].txt - [3292 octets] - [09/05/2014 07:12:52]

AdwCleaner[s0].txt - [3273 octets] - [09/05/2014 07:17:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3333 octets] ##########

 

 

 

 

 

 

 

 

 

 

 

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Microsoft Windows XP x86

Ran by User on Fri 05/09/2014 at  7:30:11.92

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\blekkotb_005"

Failed to delete: [Folder] "C:\Program Files\coupons"

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 05/09/2014 at  7:42:42.25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

The computer is no longer redirecting webpages, seems to be running quicker.  However, I can't attest to the constant disconnect and reconnecting of the internet connection yet, it sometimes will go a couple hours without doing that and then start doing it quite a bit.

Link to post
Share on other sites

  • Staff

Hello tresslers

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

ComboFix 14-05-07.03 - User 05/09/2014  11:58:56.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2025 [GMT -6:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\0ec271b4b9a95533052afe00bebe9792_c

c:\windows\system32\d6e27ed1.exe

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_AVPsys

.

.

(((((((((((((((((((((((((   Files Created from 2014-04-09 to 2014-05-09  )))))))))))))))))))))))))))))))

.

.

2014-05-09 13:29 . 2014-05-09 13:29 -------- d-----w- c:\windows\ERUNT

2014-05-09 13:15 . 2010-08-30 14:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-05-09 13:12 . 2014-05-09 13:17 -------- d-----w- C:\AdwCleaner

2014-05-08 21:38 . 2014-05-08 21:41 -------- d-----w- C:\FRST

2014-05-08 12:30 . 2014-05-09 17:46 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2014-05-08 12:29 . 2014-04-03 15:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-05-08 12:29 . 2014-04-03 15:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-05-08 11:54 . 2014-05-08 11:54 -------- d-----w- c:\windows\system32\Client Security Solution

2014-04-22 20:39 . 2014-04-22 20:39 -------- d-----w- c:\documents and settings\dub_cm_auto

2014-04-21 01:02 . 2013-10-17 15:32 19448 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-28 21:34 . 2012-07-13 15:40 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-04-28 21:34 . 2012-07-13 15:40 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-03-19 23:12 . 2014-03-19 23:12 469488 ----a-w- c:\windows\system32\cpnprt2wswin32.cid

2014-03-18 14:45 . 2014-03-18 14:45 465280 ----a-w- c:\windows\system32\cpnprt2win32.cid

2014-03-06 17:59 . 2008-07-21 22:50 920064 ----a-w- c:\windows\system32\wininet.dll

2014-03-06 17:59 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll

2014-03-06 17:59 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl

2014-03-06 17:59 . 2008-07-21 22:49 18944 ------w- c:\windows\system32\corpol.dll

2014-03-06 00:46 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec

2014-03-04 04:18 . 2014-04-03 16:14 936152 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symefa.sys

2014-03-03 04:54 . 2014-03-03 04:54 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2014-02-26 01:59 . 2014-03-28 02:07 13312 ------w- c:\windows\system32\xp_eos.exe

2014-02-18 01:32 . 2014-04-03 16:14 423256 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdi.sys

2014-02-18 01:32 . 2014-04-03 16:14 384728 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdiv.sys

2014-02-18 01:32 . 2014-04-03 16:14 447704 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symnets.sys

2014-02-13 01:59 . 2014-04-03 16:14 664280 ----a-w- c:\windows\system32\drivers\N360\1502000.026\srtsp.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 150040]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 136600]

"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]

"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-10-26 335872]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-10-26 208896]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2008-06-25 00:31 95496 ------w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ   scecli psqlpwd

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1502000.026\symds.sys [4/3/2014 10:14 AM 367704]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1502000.026\symefa.sys [4/3/2014 10:14 AM 936152]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 5:21 PM 19496]

R1 BHDrvx86;BHDrvx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [4/15/2014 2:22 PM 1098968]

R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360\1502000.026\ccsetx86.sys [4/3/2014 10:13 AM 127064]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1502000.026\ironx86.sys [4/3/2014 10:13 AM 206936]

R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 6:50 PM 46144]

R2 CouponPrinterService;Coupon Printer Service;c:\program files\Coupons\CouponPrinterService.exe [2/13/2014 4:56 PM 152560]

R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [3/25/2014 5:48 AM 239680]

R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [8/20/2009 3:39 PM 208896]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\21.2.0.38\n360.exe [4/3/2014 10:13 AM 265040]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/20/2009 3:42 PM 94208]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 6:07 PM 12560]

R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [3/3/2014 12:38 PM 4972864]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 4:34 PM 520192]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 6:50 PM 360448]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/2/2014 10:55 PM 108120]

R3 IDSxpx86;IDSxpx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSXpx86.sys [5/8/2014 8:19 PM 383120]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/20/2009 3:26 PM 110080]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/8/2014 6:29 AM 23256]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/8/2014 6:29 AM 857912]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 9:18 AM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 9:16 AM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 9:15 AM 166384]

S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/1/2013 1:11 PM 161384]

S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [3/21/2014 11:10 AM 266240]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [5/8/2014 6:30 AM 107736]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 9:18 AM 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 9:15 AM 1120752]

S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/8/2014 6:29 AM 1809720]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-04-29 23:12 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 21:35]

.

2014-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01]

.

2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01]

.

2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-03-28 01:59]

.

2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-03-28 01:59]

.

2012-03-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]

.

2014-05-09 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-20 16:48]

.

2014-05-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13]

.

2014-04-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13]

.

2014-05-09 c:\windows\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]

.

.

------- Supplementary Scan -------

.



uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 208.67.222.123 208.67.220.123 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files\Coupons\uninstall.exe

AddRemove-d6e27ed1 - c:\windows\system32\d6e27ed1.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-05-09 12:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"

"ImagePath"="\SystemRoot\System32\Drivers\N360\1502000.026\SYMTDI.SYS"

"TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.2.0.38"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1084)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\qlbase.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\program files\Lenovo\HOTKEY\tphklock.dll

c:\program files\ThinkVantage Fingerprint Software\pscssint.dll

c:\program files\ThinkVantage Fingerprint Software\vti.dll

.

- - - - - - - > 'lsass.exe'(1140)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

- - - - - - - > 'explorer.exe'(3040)

c:\windows\system32\WININET.dll

c:\program files\TeamViewer\Version9\tv_w32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Lenovo\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\System32\TPHDEXLG.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\TeamViewer\Version9\TeamViewer.exe

c:\windows\system32\wscntfy.exe

c:\program files\TeamViewer\Version9\tv_w32.exe

.

**************************************************************************

.

Completion time: 2014-05-09  12:13:46 - machine was rebooted

ComboFix-quarantined-files.txt  2014-05-09 18:13

.

Pre-Run: 111,252,606,976 bytes free

Post-Run: 111,352,000,512 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 9906077D8D961751B30C5FDD0E9F487F

ECA0DF36C8CD373AF8F175D564247B9A

 

 

 

 

 

 

everything seems to be operating much better, no more of the original errors

Link to post
Share on other sites

  • Staff

Hello tresslers

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

ComboFix 14-05-07.03 - User 05/09/2014  13:22:20.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.1911 [GMT -6:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\Thumbs.db

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((   Files Created from 2014-04-09 to 2014-05-09  )))))))))))))))))))))))))))))))

.

.

2014-05-09 13:29 . 2014-05-09 13:29 -------- d-----w- c:\windows\ERUNT

2014-05-09 13:15 . 2010-08-30 14:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-05-09 13:12 . 2014-05-09 13:17 -------- d-----w- C:\AdwCleaner

2014-05-08 21:38 . 2014-05-08 21:41 -------- d-----w- C:\FRST

2014-05-08 12:30 . 2014-05-09 19:18 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-05-08 12:29 . 2014-05-08 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2014-05-08 12:29 . 2014-04-03 15:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-05-08 12:29 . 2014-04-03 15:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-05-08 11:54 . 2014-05-08 11:54 -------- d-----w- c:\windows\system32\Client Security Solution

2014-04-22 20:39 . 2014-04-22 20:39 -------- d-----w- c:\documents and settings\dub_cm_auto

2014-04-21 01:02 . 2013-10-17 15:32 19448 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-28 21:34 . 2012-07-13 15:40 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-04-28 21:34 . 2012-07-13 15:40 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-03-19 23:12 . 2014-03-19 23:12 469488 ----a-w- c:\windows\system32\cpnprt2wswin32.cid

2014-03-18 14:45 . 2014-03-18 14:45 465280 ----a-w- c:\windows\system32\cpnprt2win32.cid

2014-03-06 17:59 . 2008-07-21 22:50 920064 ----a-w- c:\windows\system32\wininet.dll

2014-03-06 17:59 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll

2014-03-06 17:59 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl

2014-03-06 17:59 . 2008-07-21 22:49 18944 ------w- c:\windows\system32\corpol.dll

2014-03-06 00:46 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec

2014-03-04 04:18 . 2014-04-03 16:14 936152 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symefa.sys

2014-03-03 04:54 . 2014-03-03 04:54 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2014-02-26 01:59 . 2014-03-28 02:07 13312 ------w- c:\windows\system32\xp_eos.exe

2014-02-18 01:32 . 2014-04-03 16:14 423256 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdi.sys

2014-02-18 01:32 . 2014-04-03 16:14 384728 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symtdiv.sys

2014-02-18 01:32 . 2014-04-03 16:14 447704 ----a-w- c:\windows\system32\drivers\N360\1502000.026\symnets.sys

2014-02-13 01:59 . 2014-04-03 16:14 664280 ----a-w- c:\windows\system32\drivers\N360\1502000.026\srtsp.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 150040]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 136600]

"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]

"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-10-26 335872]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-10-26 208896]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2008-06-25 00:31 95496 ------w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ   scecli psqlpwd

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1502000.026\symds.sys [4/3/2014 10:14 AM 367704]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1502000.026\symefa.sys [4/3/2014 10:14 AM 936152]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 5:21 PM 19496]

R1 BHDrvx86;BHDrvx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx86.sys [4/15/2014 2:22 PM 1098968]

R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360\1502000.026\ccsetx86.sys [4/3/2014 10:13 AM 127064]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1502000.026\ironx86.sys [4/3/2014 10:13 AM 206936]

R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 6:50 PM 46144]

R2 CouponPrinterService;Coupon Printer Service;c:\program files\Coupons\CouponPrinterService.exe [2/13/2014 4:56 PM 152560]

R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [3/25/2014 5:48 AM 239680]

R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [8/20/2009 3:39 PM 208896]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/8/2014 6:29 AM 1809720]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/8/2014 6:29 AM 857912]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\21.2.0.38\n360.exe [4/3/2014 10:13 AM 265040]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/20/2009 3:42 PM 94208]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 6:07 PM 12560]

R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [3/3/2014 12:38 PM 4972864]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 4:34 PM 520192]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 6:50 PM 360448]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/2/2014 10:55 PM 108120]

R3 IDSxpx86;IDSxpx86;c:\program files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSXpx86.sys [5/8/2014 8:19 PM 383120]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/20/2009 3:26 PM 110080]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/8/2014 6:29 AM 23256]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [5/8/2014 6:30 AM 107736]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 9:18 AM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 9:16 AM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 9:15 AM 166384]

S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3/1/2013 1:11 PM 161384]

S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [3/21/2014 11:10 AM 266240]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 9:18 AM 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 9:15 AM 1120752]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-04-29 23:12 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 21:35]

.

2014-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01]

.

2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-03 22:01]

.

2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-03-28 01:59]

.

2014-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-03-28 01:59]

.

2012-03-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]

.

2014-05-09 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-20 16:48]

.

2014-05-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-109567894-1623751081-2236090892-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13]

.

2014-04-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-109567894-1623751081-2236090892-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 23:13]

.

2014-05-09 c:\windows\Tasks\User_Feed_Synchronization-{CFE58478-0630-4E02-A7FE-F6DC7D77FE2B}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]

.

.

------- Supplementary Scan -------

.



uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 208.67.222.123 208.67.220.123 75.75.76.76

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-05-09 13:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"

"ImagePath"="\SystemRoot\System32\Drivers\N360\1502000.026\SYMTDI.SYS"

"TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.2.0.38"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,47,bd,6a,74,b2,8e,41,81,ee,b6,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1084)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\qlbase.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\program files\Lenovo\HOTKEY\tphklock.dll

c:\program files\ThinkVantage Fingerprint Software\pscssint.dll

c:\program files\ThinkVantage Fingerprint Software\vti.dll

c:\windows\system32\igfxdev.dll

c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

- - - - - - - > 'lsass.exe'(1140)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

Completion time: 2014-05-09  13:31:30

ComboFix-quarantined-files.txt  2014-05-09 19:31

ComboFix2.txt  2014-05-09 18:13

.

Pre-Run: 111,356,891,136 bytes free

Post-Run: 111,344,742,400 bytes free

.

- - End Of File - - C68CC9E260CD169E27033D2E33FDC77D

ECA0DF36C8CD373AF8F175D564247B9A

 

 

 

 

 

 

 

 

All seems to be running normal at this point

Link to post
Share on other sites

  • Staff

Hello tresslers

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

 

2007 Microsoft Office system

Access Help

Adobe Flash Player 10 Plugin

Adobe Flash Player 13 ActiveX

Adobe Reader 8.2.0

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Brother MFL-Pro Suite HL-2280DW

Business Contact Manager for Outlook 2007 SP2

Camera Center

Client Security - Password Manager

Conexant HD Audio

DirectXInstallService

Drag-to-Disc

Foxit Cloud

Foxit Reader

Google Chrome

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

Help Center

Heroes of Might and Magic® III Complete

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Integrated Camera

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless WiFi Software

InterVideo Register Manager

InterVideo WinDVD

iTunes

Java 6 Update 11

Junk Mail filter update

Lenovo Care

Lenovo Care Supplement

Lenovo Registration

Lenovo System Toolbox

Lenovo_ATK_Package

Malwarebytes Anti-Malware version 2.0.1.1004

Message Center

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders  (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mobile Broadband Connect

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

Norton Security Suite

On Screen Display

Online Data Backup

OpenOffice 4.0.1

OrderTrax

Presentation Director

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

RealUpgrade 1.1

Rescue and Recovery

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

Roxio Activation Module

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Creator Small Business Edition

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition 

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2909210)

Security Update for Windows Internet Explorer 8 (KB2909921)

Security Update for Windows Internet Explorer 8 (KB2925418)

Security Update for Windows Internet Explorer 8 (KB2936068)

Security Update for Windows Internet Explorer 8 (KB2964358)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834903-v2)

Security Update for Windows Media Player (KB2834904-v2)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868038)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB2914368)

Security Update for Windows XP (KB2916036)

Security Update for Windows XP (KB2922229)

Security Update for Windows XP (KB2929961)

Security Update for Windows XP (KB2930275)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Segoe UI

Skype™ 6.3

Sonic CinePlayer Decoder Pack

Sonic Icons for Lenovo

swMSM

System Update

TeamViewer 9

ThinkPad EasyEject Utility 

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad PC Card Power Policy

ThinkPad Power Management Driver for SL Series

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Active Protection System

ThinkVantage Fingerprint Software 5.8

ThinkVantage Technologies Welcome Message

Un-Rar for Windows 9.22beta

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2904266)

Update for Windows XP (KB2934207)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Verizon Wireless BroadbandAccess Self Activation

Wallpapers

WebFldrs XP

WhiteSmokeTranslator

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

XML Paper Specification Shared Components Pack 1.0

XP Themes
Link to post
Share on other sites

  • Staff

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Adobe Reader 8.2.0

      Java™ 6 Update 11

      WhiteSmokeTranslator

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html

    After installing the latest Adobe Reader, uninstall all previous versions.

    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

There was an error when trying to uninstall White Smoke Translater.  It won't uninstall.  Error:  Error Launching CheckLockedWsDictFiles.exe

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/12/2014
Scan Time: 3:23:51 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.12.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290284
Time Elapsed: 8 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:34:44 PM, on 5/12/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files\Coupons\CouponPrinterService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
 
--
End of file - 13707 bytes
 
 
 
 
Also, don't know if this was just a fluke or not but the fist time I clicked on the Hijak Link you posted, I went to a page that told met that the website was offline and to check for a cached copay of the website.  I went back and clicked your link again and it was fine.  The internet seems to be slow and websites a couple times are now saying that I am not connected to the internet when I definitely am.
Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
    • O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

      O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

      O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    • NOTE**You can research each of those lines >here< and see if you want to keep them or not

      just copy the name between the brackets and paste into the search space

      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites

Arghhh!!! It found 11 threats!

 

 

C:\Documents and Settings\User\My Documents\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\User\My Documents\Downloads\FoxitReader620.0429_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Program Files\WhiteSmokeTranslator\html\english\dictClientDic\index.html HTML/WhiteSmoke potentially unwanted application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026147.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026148.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026186.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP65\A0026189.exe probably a variant of Win32/Adware.180Solutions application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026584.dll a variant of Win32/Adware.HotBar.S application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026588.EXE Win32/AutoRun.FlyStudio.H worm
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026597.dll a variant of Win32/Adware.OneStep.BQ application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP66\A0026664.exe a variant of Win32/Adware.OneStep.BE application
 

Link to post
Share on other sites

  • Staff

Hello tresslers

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the code box (below)...to Notepad.

    @echo offdel /f /s /q "C:\Documents and Settings\User\My Documents\Downloads\ccsetup404.exe"del /f /s /q "C:\Documents and Settings\User\My Documents\Downloads\FoxitReader620.0429_enu_Setup.exe"del /f /s /q "C:\Program Files\WhiteSmokeTranslator\html\english\dictClientDic\index.html"del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista

  • Double click on delfile.bat to execute it.

    A black CMD window will flash, then disappear...this is normal.

  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.

    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.
    Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png
:Remove the rest of our tools:

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

  • Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

    CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

    Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is

    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

Here is some more reading for you from some of my collegesquoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.