Malicious website

LP777 · August 27, 2014

Please help.

I have a chronic "Malicious website blocked by Malwarebytes" pop-up notification.

Scanned with AVG & MWB w/o avail.

My memory is being maxed out by this malware.

Slow function & no sound is what I see so far.

These are the I.P.s diplayed:

31.184.192.90
95.215.1.57
88.214.193.212
216.172.61.83

Thanks,

LP

FRST.txt

Addition.txt

Naathim · August 27, 2014

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

You have Poweliks infection.

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

First of all select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Don't forget to re-enable your previously switched-off protection software!

LP777 · August 27, 2014

Wow!

That's some work. Thanks for responding. Give me some time to put this in motion. I have to get some sleep. I have a 12 hr work shift awaiting me. (Typed from my other laptop.)

Thanks!

Naathim · August 27, 2014

No worries, I will be around

LP777 · August 29, 2014

OK Naat,

Here it is:

MWB Scan log

<?xml version="1.0" encoding="UTF-8" ?>
<mbam-log>
<header>
<date>2014/08/28 10:28:55 -0700</date>
<logfile>mbam-log-2014-08-28 (10-28-55).xml</logfile>
<isadmin>no</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.28.04</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows XP Service Pack 3</osversion>
<arch>x86</arch>
<username>Sheldon</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>356104</objects>
<time>1684</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LOCALSERVER32\#</path><vendor>Rootkit.Poweliks</vendor><action>success</action><hash>26ced1fad1aadc5ae9f5c1310bf7a55b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}</path><vendor>Rootkit.Poweliks</vendor><action>delete-on-reboot</action><hash>26ced1fad1aadc5ae9f5c1310bf7a55b</hash></key>
</items>
</mbam-log>

ComboFix log

ComboFix 14-08-29.03 - Sheldon 08/29/2014   4:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1913.1266 [GMT -7:00]
Running from: c:\documents and settings\Sheldon\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
CLSID={73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} - infected with Poweliks and removed.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-29 )))))))))))))))))))))))))))))))
.
.
2014-08-27 10:44 . 2014-08-27 10:46 -------- d-----w- C:\FRST
2014-08-26 19:00 . 2014-08-26 19:00 -------- d-----w- c:\windows\system32\cos
2014-08-26 18:01 . 2014-08-26 18:01 -------- d-----w- C:\Documents and Settirary Internet Files
2014-08-03 09:53 . 2014-08-03 09:53 188304 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 18:16 . 2014-04-10 16:13 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 16:56 . 2012-04-03 01:04 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 16:56 . 2011-06-14 20:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-02 20:20 . 2014-07-02 20:20 0 ---ha-w- c:\documents and settings\Sheldon\Local Settings\Application Data\BIT5B1.tmp
2014-06-30 19:43 . 2014-06-30 19:43 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 23:22 . 2013-02-08 11:37 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 23:21 . 2013-03-21 10:08 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 23:18 . 2013-02-08 11:37 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 23:17 . 2013-02-08 11:37 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 23:17 . 2014-06-17 23:17 190232 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2014-06-17 23:06 . 2013-02-08 11:37 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 23:06 . 2013-02-08 11:37 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 23:06 . 2013-03-01 17:32 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-03 247080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-22 69568]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-02-28 818240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-05 296096]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1668661-625817721-1318725885-30509\Scripts\Logon\0\0]
"Script"=myLauncher.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3115626628-1226218140-1781437045-45710\Scripts\Logon\0\0]
"Script"=\\renet\NETLOGON\rancho.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3115626628-1226218140-1781437045-50333\Scripts\Logon\0\0]
"Script"=\\renet\NETLOGON\rancho.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3115626628-1226218140-1781437045-51168\Scripts\Logon\0\0]
"Script"=\\renet\NETLOGON\rancho.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3115626628-1226218140-1781437045-76708\Scripts\Logon\0\0]
"Script"=\\renet-dc\NETLOGON\rancho.wsf
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-03-27 03:58 163840 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-15 22:06 178712 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-15 22:06 150040 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-07-03 02:11 18665472 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2008-07-21 18:19 2701880 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-12 18:53 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 241944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [6/30/2014 12:43 PM 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [6/17/2014 4:17 PM 190232]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 197400]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/12/2010 7:12 PM 13480]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/24/2006 11:48 AM 10240]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [8/11/2014 2:51 PM 3244048]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [8/11/2014 2:36 PM 289328]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [5/6/2009 11:23 AM 54560]
R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/12/2010 7:12 PM 44984]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [5/12/2010 7:14 PM 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [4/2/2012 7:12 PM 244800]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/6/2009 11:22 AM 63928]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/6/2009 11:34 AM 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/6/2009 11:15 AM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/2/2012 5:15 PM 23256]
S1 vzenqosm;vzenqosm;\??\c:\windows\system32\drivers\vzenqosm.sys --> c:\windows\system32\drivers\vzenqosm.sys [?]
S2 Agent;Agent;c:\windows\agent.exe [4/17/2012 8:39 AM 155648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/9/2014 1:15 PM 860472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/12/2010 6:46 PM 1684736]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [4/9/2014 1:15 PM 1809720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 18:23 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:56]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-09 09:03]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-09 09:03]
.
2014-08-29 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-09 01:59]
.
2014-08-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-09 01:59]
.
2014-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1677128483-1801674531-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 19:00]
.
2014-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1677128483-1801674531-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 19:00]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: amazon.com\sellercentral
Trusted Zone: ebay.com\signin
Trusted Zone: google.com\accounts
Trusted Zone: netflix.com\signup
Trusted Zone: netspend.com\www
Trusted Zone: paypal.com\www
Trusted Zone: usps.com\store
Trusted Zone: yahoo.com
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AVG-Secure-Search-Update_0913a - c:\documents and settings\Sheldon\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-29 04:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-08-29 04:14:16
ComboFix-quarantined-files.txt 2014-08-29 11:14
.
Pre-Run: 12,844,400,640 bytes free
Post-Run: 96,092,114,944 bytes free
.
- - End Of File - - 7323823CC4C9F5F48CA4CF2BA376ED77
A36C5E4F47E84449FF07ED3517B43A31

Thanks,

LP

Naathim · August 30, 2014

Hi

Let's confirm if the Poweliks is gone.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

LP777 · August 30, 2014

Here goes...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01
Ran by Sheldon (administrator) on R-NBRT-WESH4147 on 30-08-2014 09:16:02
Running from C:\Documents and Settings\Sheldon\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Lenovo) C:\Program Files\Lenovo\PMDriver\PMHandler.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo.) C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Lenovo) C:\Program Files\Lenovo\PMDriver\PMSveH.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPWAUDAP] => C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-10] (Lenovo Group Limited)
HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PMDriver\PMHandler.exe [247080 2009-04-02] (Lenovo)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-07-05] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-789336058-1677128483-1801674531-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-09] (Google Inc.)
HKU\S-1-5-21-789336058-1677128483-1801674531-500\...\Policies\Explorer: [NoInternetIcon] 0
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8209CA01879CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241584509031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1242154444978&h=468d382764c9beb40efad2d24b9a7124/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-05]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR CustomProfile: C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
CHR Extension: (Google Drive) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-09]
CHR Extension: (Google Search) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-09]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-04-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-09]
CHR Extension: (Gmail) - C:\Documents and Settings\Sheldon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-09]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Agent; C:\WINDOWS\agent.exe [155648 2011-08-24] () [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-13] (Lenovo.)
S3 HP Port Resolver; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE [77824 2004-01-05] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [73728 2004-01-05] (Hewlett-Packard Company)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-05-12] (Sun Microsystems, Inc.)
R2 Lenovo.micmute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [44984 2009-11-17] (Lenovo Group Limited)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PMSveH; C:\Program Files\Lenovo\PMDriver\PMSveH.exe [57344 2006-05-24] (Lenovo) [File not signed]
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [69632 2012-02-28] () [File not signed]
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [244800 2012-02-28] (Lenovo Group Limited)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [954368 2010-01-19] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1286144 2008-02-20] (Broadcom Corporation)
S3 Cam5607; C:\WINDOWS\System32\Drivers\BisonC07.sys [1132840 2008-09-10] (Bison Electronics. Inc. )
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [6598656 2010-01-13] (Intel Corporation)
R1 PMHler; C:\WINDOWS\System32\drivers\PMHler.sys [10240 2006-05-24] (Lenovo )
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2009-08-10] (Intel Corporation)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [12144 2012-02-28] (Lenovo Group Limited)
R3 catchme; \??\C:\DOCUME~1\Sheldon\LOCALS~1\Temp\catchme.sys [X]
S3 CnxtHdAudService; system32\drivers\CHDAU32.sys [X]
S4 IntelIde; No ImagePath
S1 vzenqosm; \??\C:\WINDOWS\system32\drivers\vzenqosm.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 09:15 - 2014-08-30 09:15 - 00000000 ____D () C:\Documents and Settings\Sheldon\Desktop\FRST-OlderVersion
2014-08-29 04:14 - 2014-08-30 09:18 - 00000000 ____D () C:\Documents and Settings\Sheldon\Local Settings\temp
2014-08-29 04:14 - 2014-08-29 04:14 - 00014322 _____ () C:\ComboFix.txt
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\eCoursesSB\Local Settings\temp
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-29 03:35 - 2014-08-29 03:35 - 00000000 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat~
2014-08-29 02:24 - 2014-08-29 03:57 - 05576760 ____R (Swearware) C:\Documents and Settings\Sheldon\Desktop\ComboFix.exe
2014-08-28 11:16 - 2014-08-28 11:16 - 00001661 _____ () C:\Documents and Settings\Sheldon\Desktop\Slog.xml
2014-08-27 03:45 - 2014-08-27 03:46 - 00045006 _____ () C:\Documents and Settings\Sheldon\Desktop\Addition.txt
2014-08-27 03:44 - 2014-08-30 09:18 - 00021032 _____ () C:\Documents and Settings\Sheldon\Desktop\FRST.txt
2014-08-27 03:44 - 2014-08-30 09:16 - 00000000 ____D () C:\FRST
2014-08-27 03:33 - 2014-08-30 09:15 - 01095680 _____ (Farbar) C:\Documents and Settings\Sheldon\Desktop\FRST.exe
2014-08-26 17:37 - 2014-08-29 03:35 - 00000000 _____ () C:\avenger.txt
2014-08-26 12:00 - 2014-08-26 12:00 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-26 11:01 - 2014-08-26 11:01 - 00000000 ____D () C:\Documents and Settirary Internet Files
2014-08-16 11:19 - 2014-08-23 11:50 - 00000000 ____D () C:\Documents and Settings\Sheldon\Desktop\JNS Tax

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 09:18 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\Sheldon\Local Settings\temp
2014-08-30 09:18 - 2014-08-27 03:44 - 00021032 _____ () C:\Documents and Settings\Sheldon\Desktop\FRST.txt
2014-08-30 09:16 - 2014-08-27 03:44 - 00000000 ____D () C:\FRST
2014-08-30 09:16 - 2013-07-01 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-30 09:15 - 2014-08-30 09:15 - 00000000 ____D () C:\Documents and Settings\Sheldon\Desktop\FRST-OlderVersion
2014-08-30 09:15 - 2014-08-27 03:33 - 01095680 _____ (Farbar) C:\Documents and Settings\Sheldon\Desktop\FRST.exe
2014-08-30 09:15 - 2009-05-06 11:08 - 01802459 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-29 13:21 - 2014-04-09 02:04 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-29 13:20 - 2014-04-09 02:04 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-29 13:10 - 2009-05-06 11:14 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-29 04:14 - 2014-08-29 04:14 - 00014322 _____ () C:\ComboFix.txt
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\eCoursesSB\Local Settings\temp
2014-08-29 04:14 - 2014-08-29 04:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-29 04:14 - 2013-07-01 14:05 - 00000000 ____D () C:\Qoobox
2014-08-29 04:14 - 2009-05-06 11:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-29 04:11 - 2001-08-22 22:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-29 03:59 - 2009-05-06 11:14 - 00032426 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-29 03:57 - 2014-08-29 02:24 - 05576760 ____R (Swearware) C:\Documents and Settings\Sheldon\Desktop\ComboFix.exe
2014-08-29 03:56 - 2013-07-01 12:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-29 03:43 - 2009-05-06 03:04 - 00595320 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-29 03:40 - 2011-01-05 19:48 - 00655360 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-29 03:38 - 2013-07-01 13:01 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1677128483-1801674531-1006.job
2014-08-29 03:37 - 2009-05-06 03:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-29 03:37 - 2009-05-06 03:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-29 03:36 - 2014-05-01 07:43 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-29 03:36 - 2001-08-22 22:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-29 03:35 - 2014-08-29 03:35 - 00000000 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat~
2014-08-29 03:35 - 2014-08-26 17:37 - 00000000 _____ () C:\avenger.txt
2014-08-29 03:33 - 2012-04-16 16:36 - 00000178 ___SH () C:\Documents and Settings\Sheldon\ntuser.ini
2014-08-29 02:33 - 2013-07-01 11:41 - 00001620 _____ () C:\WINDOWS\setupact.log
2014-08-28 11:16 - 2014-08-28 11:16 - 00001661 _____ () C:\Documents and Settings\Sheldon\Desktop\Slog.xml
2014-08-28 11:16 - 2014-04-10 09:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 11:01 - 2011-11-14 13:51 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-08-27 03:46 - 2014-08-27 03:45 - 00045006 _____ () C:\Documents and Settings\Sheldon\Desktop\Addition.txt
2014-08-26 21:37 - 2009-05-06 11:07 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-26 20:38 - 2014-07-14 06:43 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-26 17:40 - 2013-07-01 13:01 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1677128483-1801674531-1006.job
2014-08-26 17:37 - 2009-05-05 21:43 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB950760$
2014-08-26 13:35 - 2012-04-19 01:36 - 00086016 _____ () C:\Documents and Settings\Sheldon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-26 12:00 - 2014-08-26 12:00 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-26 11:01 - 2014-08-26 11:01 - 00000000 ____D () C:\Documents and Settirary Internet Files
2014-08-24 14:19 - 2012-04-16 16:36 - 00000000 ____D () C:\Documents and Settings\Sheldon
2014-08-23 11:50 - 2014-08-16 11:19 - 00000000 ____D () C:\Documents and Settings\Sheldon\Desktop\JNS Tax
2014-08-21 13:18 - 2013-07-01 19:18 - 00093154 _____ () C:\WINDOWS\setupapi.log
2014-08-15 11:28 - 2014-04-09 02:07 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-14 14:08 - 2014-07-24 15:49 - 00000708 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-08-14 14:08 - 2014-06-18 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-14 14:06 - 2013-07-01 19:18 - 00000000 ____D () C:\$AVG
2014-08-13 08:03 - 2009-05-05 21:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-13 08:02 - 2013-08-21 07:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 07:57 - 2009-05-05 21:16 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-09 16:22 - 2014-05-01 07:43 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 15:40 - 2014-07-24 10:12 - 00000000 ____D () C:\Documents and Settings\Sheldon\Local Settings\Application Data\Avg2014

ZeroAccess:
C:\Windows\Installer\{4fe412c7-934e-1f63-be09-03ce55de5acb}

ZeroAccess:
C:\Documents and Settings\Sheldon\Local Settings\Application Data\{4fe412c7-934e-1f63-be09-03ce55de5acb}
C:\Documents and Settings\Sheldon\Local Settings\Application Data\{4fe412c7-934e-1f63-be09-03ce55de5acb}\@

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014 01
Ran by Sheldon at 2014-08-30 09:19:22
Running from C:\Documents and Settings\Sheldon\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.6 - )
Broadcom WLAN (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.2 - Lenovo Electronics Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Citrix Presentation Server Client (HKLM\...\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}) (Version: 10.00.52110 - Citrix Systems, Inc.)
Click-N-Ship for Business® (HKLM\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 4.1.298.0 - United States Postal Service)
CourseSmart Bookshelf (HKLM\...\{838F8033-2F60-4294-ADB9-062E62D5FD4F}) (Version: 5.02.0040 - Ingram Digital)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Crystal Reports 10 Support Files (HKLM\...\{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}) (Version: 1.00.0000 - )
Dark Alleys: Penumbra Motel Collector's Edition (HKLM\...\BFG-Dark Alleys - Penumbra Motel Collector's Edition) (Version: - )
Dark Heritage: Guardians of Hope Collector's Edition (HKLM\...\BFG-Dark Heritage - Guardians of Hope Collector's Edition) (Version: - )
Dark Parables: The Red Riding Hood Sisters Collector's Edition (HKLM\...\BFG-Dark Parables - The Red Riding Hood Sisters Collector's Edition) (Version: - )
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Echoes of the Past: The Kingdom of Despair Collector's Edition (HKLM\...\BFG-Echoes of the Past - The Kingdom of Despair Collectors Edition) (Version: - )
Elsevier Pageburst (HKLM\...\{B9154586-6E6C-44E9-B419-BBEBDF82B8A3}) (Version: 5.05.0047 - Ingram Digital)
Final Cut: Death on the Silver Screen Collector's Edition (HKLM\...\BFG-Final Cut - Death on the Silver Screen Collector's Edition) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Grim Tales: The Wishes Collector's Edition (HKLM\...\BFG-Grim Tales - The Wishes Collector's Edition) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
Intel PROSet Wireless (Version: - ) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{014EFADF-1AA8-44D0-B889-D39D77302A62}) (Version: 13.01.1000 - Intel Corporation)
Java 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Lenovo EasyCamera (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.32.714.7 - Lenovo EasyCamera)
Lenovo Patch Utility (HKLM\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.00.0000 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mayan Prophecies: Ship of Spirits Collector's Edition (HKLM\...\BFG-Mayan Prophecies - Ship of Spirits Collector's Edition) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Trackers: Four Aces Collector's Edition (HKLM\...\BFG-Mystery Trackers - Four Aces Collector's Edition) (Version: - )
Mystery Trackers: Silent Hollow Collector's Edition (HKLM\...\BFG-Mystery Trackers - Silent Hollow Collector's Edition) (Version: - )
Nancy Drew® - Warnings at Waverly Academy (HKLM\...\am-nancydrewrwarningsatwaverlyacademy) (Version: - )
Neat (HKLM\...\Neat) (Version: 5.0.24.49 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{A4A42670-82B9-4A58-8955-20271DBBF29F}) (Version: 2.0.0.61 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{58155B30-6BE9-4268-A059-149629149C63}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (Version: 5.0.24.49 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{57F5920A-9897-4830-BD4A-BE85DA9734FF}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}) (Version: 2.0.0.122 - The Neat Company)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.03.00 - )
Pearson Education XL .Net Players (HKLM\...\Pearson Education XL .Net Players) (Version: - )
PM Driver (HKLM\...\InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}) (Version: 0.64.0.9 - Lenovo)
PM Driver (Version: 0.64.0.9 - Lenovo) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PuppetShow: Return to Joyville Collector's Edition (HKLM\...\BFG-PuppetShow - Return to Joyville Collector's Edition) (Version: - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5892 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RespiratoryCare (HKLM\...\{77ADAE6D-6F1A-4B5F-82CB-A4D8E5E3F077}) (Version: 1.0 - Default Manufacturer)
Sable Maze: Norwich Caves Collector's Edition (HKLM\...\BFG-Sable Maze - Norwich Caves Collectors Edition) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Send To Neat (HKLM\...\{F9C52512-F5AB-4CA8-8E35-6396797DD72A}) (Version: 1.0.0.0 - The Neat Company)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Summetric (HKLM\...\{87453863-9093-41F0-8C75-CB7D10BC6402}) (Version: 1.0 - Default Manufacturer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.13 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.99o - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkVantage Secure Data Disposal v1.3 (HKLM\...\{1219A9F1-B57E-48C0-AC15-09F423F02F95}) (Version: 1.3 - Lenovo)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version: - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2264107) (HKLM\...\KB2264107) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2813347-v2) (HKLM\...\KB2813347-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoLAN VLC media player 0.8.6f (HKLM\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web of Deceit: Black Widow Collector's Edition (HKLM\...\BFG-Web of Deceit - Black Widow Collector's Edition) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Whispered Secrets: The Story of Tideville Collector's Edition (HKLM\...\BFG-Whispered Secrets - The Story of Tideville Collector's Edition) (Version: - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

29-08-2014 10:59:55 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-22 22:00 - 2013-07-01 14:26 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1677128483-1801674531-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1677128483-1801674531-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2006-01-03 15:23 - 2002-05-03 08:40 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2012-04-17 08:39 - 2011-08-24 11:01 - 00046592 _____ () C:\WINDOWS\system32\sdtnpm.dll
2009-03-31 23:28 - 2009-03-31 23:28 - 00024576 _____ () C:\Program Files\Lenovo\PMDriver\PMHlerIO.dll
2009-05-06 11:33 - 2008-06-16 17:47 - 00032768 _____ () C:\Program Files\Lenovo\PMDriver\PMEbLib.dll
2010-05-12 19:14 - 2012-02-28 01:39 - 00043008 _____ () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2010-05-12 19:14 - 2012-02-28 01:39 - 00054784 _____ () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
2010-05-12 18:46 - 2009-03-10 16:59 - 00032768 _____ () C:\Program Files\Realtek\Audio\LenovoDLL.dll
2010-05-12 19:14 - 2012-02-28 01:39 - 00069632 _____ () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\MsMpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\MsMpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318} => ""="Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318} => ""="NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318} => ""="NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318} => ""="NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2014 09:16:18 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/30/2014 09:16:18 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2014 04:09:12 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/29/2014 04:09:12 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2014 04:09:11 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/29/2014 04:09:11 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2014 04:09:11 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/29/2014 04:09:11 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2014 04:09:11 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (08/29/2014 04:09:11 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (08/29/2014 03:58:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (08/29/2014 03:46:29 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:45:57 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:45:25 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:44:53 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:44:21 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:43:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:43:18 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:42:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (08/29/2014 03:42:14 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 1912.79 MB
Available physical RAM: 893.46 MB
Total Pagefile: 3672.99 MB
Available Pagefile: 2887.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.04 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:232.88 GB) (Free:89.67 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Malwarebytes) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BE541CF6)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

LiquidTension · August 31, 2014

Hello LP777,

Naathim will unfortunately be unavailable until tomorrow. After burning his HDD to his Home PC, he is need of a new Hard Drive and will not be able to purchase one until tomorrow.

Thank you for your patience.

Naathim · September 1, 2014

Hi and I'm very sorry for the delay. I had a short-circuit accident which deeply fried my home PC's hard drive. As you may know, it's quite hard to run a PC without it

After some time, I'd like to see a fresh report.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

LP777 · September 2, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01
Ran by Sheldon (administrator) on R-NBRT-WESH4147 on 02-09-2014 13:30:15
Running from C:\Documents and Settings\Sheldon\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Lenovo) C:\Program Files\Lenovo\PMDriver\PMHandler.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo.) C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Lenovo) C:\Program Files\Lenovo\PMDriver\PMSveH.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPWAUDAP] => C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-10] (Lenovo Group Limited)
HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PMDriver\PMHandler.exe [247080 2009-04-02] (Lenovo)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-07-05] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-789336058-1677128483-1801674531-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-09] (Google Inc.)
HKU\S-1-5-21-789336058-1677128483-1801674531-500\...\Policies\Explorer: [NoInternetIcon] 0
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8209CA01879CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241584509031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1242154444978&h=468d382764c9beb40efad2d24b9a7124/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab