dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
2895
share rss forum feed


jig

join:2001-01-05
Hacienda Heights, CA

AdwCleaner - campaign to keep infected from installing?

it looks like AdwCleaner is the victim of a campaign to ruin its reputation, because Sophos blocks it's download, and a bunch of commenters at different download sites say it itself installs adware and such.

but, we still have it listed as part of the "do this first" FAQ for security clean up.

just wanted to double check, is AdwCleaner still ok to use? Is the link in the FAQ broken or hijacked? Is Sophos bad or working off bad data?

Thanks - it's been a while since one of my family members got hit with something (per my request they use FF and other prophylactics). Don't want to make an annoying situation worse.
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
From a reputable source such as our forum FAQ, author's site - or »www.bleepingcomputer.com/downloa···cleaner/ ...here, yes.

....until our helpers hear differently, it would be pulled


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

reply to jig
quote:
it looks like AdwCleaner is the victim of a campaign to ruin its reputation, because Sophos blocks it's download
Not a campaign, but many of the tools we use, due to methods they use, or possibly if it's encrypted to keep it from being disassembled, crop up occassionally with a false positive by some antivirus companies. The tool can be submitted for further analysis to the antivirus company for examination and removal from their detection, but there is always the potential that it's detected again the next time the tool is updated. That's why some of the tools have specific instructions to disable the resident antivirus program to keep it from blocking the tool.

As always, the best place to download any program is the author's site, or an authorized download location.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


jig

join:2001-01-05
Hacienda Heights, CA
reply to jig
thanks guys. i'm away from that computer at the moment, but having the wife run adwcleaner on it. the infestation is something that runs "links.exe" at startup, and it's fairly difficult to remove it. none of the scanners have been able to remove it yet.

and, actually, the wife just told me that adwcleaner didn't remove it either. sigh. suggestions? I won't be able to post logs in the short term. i've been able to get through steps 1-6 of the FAQ. looks like maybe i should try ccleaner..., possibly in safe mode.
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

2 recommendations

CCleaner won't do much for you. If you've completed steps 1-6, then you've already run:
1. Temp File Cleaner
2. Malwarebytes Anti-Malware
3. AdwCleaner
4. OTL
5. Security Check
6. Online AV Scan

That's all you need, Just post the logs from steps 2-6, and we can start providing assistance.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


jig

join:2001-01-05
Hacienda Heights, CA
Here they are:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.18.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
JJB :: LEN61T [administrator]

Protection: Disabled

2/21/2014 10:55:40 PM
mbam-log-2014-02-21 (22-55-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312099
Time elapsed: 1 hour(s), 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v3.019 - Report created 22/02/2014 at 01:23:10
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : JJB - LEN61T
# Running from : C:\Documents and Settings\JJB\Desktop\KW\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\FLEXnet

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [719 octets] - [18/02/2014 11:43:50]
AdwCleaner[R1].txt - [800 octets] - [22/02/2014 00:08:02]
AdwCleaner[R2].txt - [918 octets] - [22/02/2014 01:22:08]
AdwCleaner[S0].txt - [783 octets] - [18/02/2014 11:52:52]
AdwCleaner[S1].txt - [862 octets] - [22/02/2014 00:12:11]
AdwCleaner[S2].txt - [842 octets] - [22/02/2014 01:23:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [901 octets] ##########

OTL logfile created on: 2/22/2014 12:22:12 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\JJB\Desktop\KW
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 90.62% Memory free
4.82 Gb Paging File | 4.74 Gb Available in Paging File | 98.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 27.24 Gb Free Space | 38.91% Space Free | Partition Type: NTFS

Computer Name: LEN61T | User Name: JJB | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/02/17 22:17:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJB\Desktop\KW\OTL.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2006/12/13 18:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/09/30 10:52:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/17 16:04:30 | 001,251,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/03/27 18:46:42 | 000,180,224 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/03/27 18:44:34 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/02/27 16:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 12:11:32 | 000,569,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 10:40:16 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/30 17:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/29 19:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/12/15 15:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/06 17:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/03/28 10:02:00 | 000,012,848 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/03/28 04:22:58 | 002,204,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/03/14 21:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp)
DRV - [2007/03/02 16:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007/03/02 16:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 01:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/26 01:29:22 | 000,081,920 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/01/24 01:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/21 18:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 18:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 18:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/12/19 08:14:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/11/06 00:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/09/13 11:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/12 21:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/02/02 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\..\SearchScopes\{CF7D58A8-CD59-4EE5-820C-2218E3060F0D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CANON DR5010C SVC] C:\WINDOWS\System32\DR5KSVC.dll (Canon Electronics)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Nuance OmniPage 18-reminder] C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [OmniPage Preload] C:\Program Files\Nuance\OmniPage18\OmniPage.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe (Corel Corporation)
O4 - HKCU..\Run: [OpAgent] "OpAgent.exe" /agent File not found
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S1].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298794945890 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} https://peerreview.martindale.com/SpellChecker/wspell.cab (WSpell Spelling Checker Control)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC86EDC6-FACD-43AC-964D-64046A321F1E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 18:28:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7e116af1-768a-11e0-af77-001c25206bf8}\Shell - "" = AutoRun
O33 - MountPoints2\{7e116af1-768a-11e0-af77-001c25206bf8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e116af1-768a-11e0-af77-001c25206bf8}\Shell\AutoRun\command - "" = J:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{998ad9ad-5108-11e1-af8e-001c25206bf8}\Shell - "" = AutoRun
O33 - MountPoints2\{998ad9ad-5108-11e1-af8e-001c25206bf8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{998ad9ad-5108-11e1-af8e-001c25206bf8}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{ca78c69e-5e1e-11e0-af6e-001c25206bf8}\Shell - "" = AutoRun
O33 - MountPoints2\{ca78c69e-5e1e-11e0-af6e-001c25206bf8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca78c69e-5e1e-11e0-af6e-001c25206bf8}\Shell\AutoRun\command - "" = J:\ONSPCLCK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/02/21 22:51:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2014/02/21 22:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2014/02/18 12:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJB\Application Data\QuickScan
[2014/02/18 11:41:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/17 22:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/02/17 21:25:48 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/02/17 21:25:48 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/02/17 21:25:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/02/17 21:25:33 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/02/17 21:25:33 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/02/17 21:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/02/17 20:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJB\Application Data\Malwarebytes
[2014/02/17 20:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/17 20:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/17 20:43:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/17 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/17 20:20:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2014/02/17 19:59:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/02/17 19:59:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/02/17 19:59:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/02/22 00:18:01 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/22 00:15:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/22 00:13:37 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2014/02/22 00:13:37 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2014/02/21 22:46:32 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2014/02/21 22:39:48 | 000,506,264 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/21 22:39:48 | 000,089,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/21 18:15:22 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5022DBD6-EC67-47A8-9395-752A7C4A21A9}.job
[2014/02/19 10:26:57 | 000,000,160 | ---- | M] () -- C:\WINDOWS\setscan.ini
[2014/02/19 10:26:35 | 005,143,081 | ---- | M] () -- C:\Documents and Settings\JJB\Desktop\merchant.pdf
[2014/02/17 20:01:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/17 19:49:41 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\JJB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/09 09:42:28 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\JJB\Desktop\OmniPage 18.lnk
[2014/02/09 09:13:17 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\JJB\Desktop\Shortcut to file_share on SMB Server (192.168.0.35).lnk
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 15:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 15:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 15:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 15:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 15:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 15:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 15:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 15:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 15:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 15:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 15:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 15:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 15:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 15:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 15:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 15:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 15:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 15:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 15:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 15:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 15:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 15:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 15:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 15:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 15:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 15:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 15:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 15:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 15:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 15:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 14:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/01/23 13:45:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\JJB\Desktop\Word 2007.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/02/19 10:25:49 | 005,143,081 | ---- | C] () -- C:\Documents and Settings\JJB\Desktop\merchant.pdf
[2014/02/17 19:58:06 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2014/02/17 19:49:41 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\JJB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/14 03:23:15 | 000,365,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/11 15:53:53 | 000,000,031 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/11/15 15:53:32 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\JJB\Application Data\PFP120JPR.{PB
[2012/11/15 15:53:32 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\JJB\Application Data\PFP120JCM.{PB
[2012/07/18 14:47:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\Hitlist.ini
[2012/07/18 14:47:39 | 000,000,110 | ---- | C] () -- C:\WINDOWS\LNAME.INI
[2012/07/18 14:47:39 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BROWSER.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/04/29 23:25:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/10/10 09:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Appligent
[2011/10/13 16:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/03/08 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/08/02 10:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/08/15 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/08/02 10:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/01/30 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2012/08/15 20:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014/02/21 22:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/10/21 09:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2014/02/09 09:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/02 10:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2011/03/01 21:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\ElevatedDiagnostics
[2011/08/25 20:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\ICAClient
[2011/03/08 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\ISIS Drivers
[2010/08/02 10:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\Lenovo
[2012/08/15 20:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\Nuance
[2014/02/18 12:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\QuickScan
[2012/08/15 20:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\ScanSoft
[2012/05/07 22:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\Sling Media
[2012/08/15 20:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJB\Application Data\Zeon

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F

OTL Extras logfile created on: 2/17/2014 10:19:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\JJB\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.97% Memory free
4.82 Gb Paging File | 4.14 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 20.57 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
Drive E: | 31.50 Gb Total Space | 3.99 Gb Free Space | 12.67% Space Free | Partition Type: FAT
Drive F: | 31.50 Gb Total Space | 3.99 Gb Free Space | 12.67% Space Free | Partition Type: FAT
Drive G: | 31.50 Gb Total Space | 3.99 Gb Free Space | 12.67% Space Free | Partition Type: FAT
Drive H: | 31.50 Gb Total Space | 3.99 Gb Free Space | 12.67% Space Free | Partition Type: FAT

Computer Name: LEN61T | User Name: JJB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Nuance\OmniPage18\OmniPage18.exe" = C:\Program Files\Nuance\OmniPage18\OmniPage18.exe:*:Enabled:Nuance OmniPage 18 Application -- (Nuance Communications, Inc.)
"C:\Program Files\Nuance\OmniPage18\PPMV.exe" = C:\Program Files\Nuance\OmniPage18\PPMV.exe:*:Enabled:Nuance Activation -- (Nuance Communications, Inc.)
"C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe" = C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe:*:Enabled:Nuance Electronic Registration -- (Nuance Communications, Inc.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{11E0AC7D-6834-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Professional Services Edition 2011
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3066630C-B5EB-44D9-845B-86EA394ED319}" = SmartJCForms 1.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{4320988A-7DE0-478D-A38B-CE9509BCE320}" = Sophos Anti-Virus
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{536D6172-7453-7569-7465-392E37300409}" = Lotus SmartSuite - English
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C2154A9B-CF4D-41CB-8DE4-56A6B3E403FD}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90F50D38-23E4-42AA-8483-75C1D8C546AB}" = Nuance OmniPage 18
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4065943-D898-4BE6-BFA4-6A5299675F93}" = Canon DR-4010C Driver
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AwayTask" = Maintenance Manager
"CapturePerfect 2.0" = CapturePerfect 2.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.1.8
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/17/2014 10:17:01 PM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/17/2014 11:45:28 PM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/17/2014 11:45:28 PM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/17/2014 11:45:28 PM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/18/2014 12:09:33 AM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/18/2014 12:09:33 AM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/18/2014 12:09:33 AM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/18/2014 12:40:45 AM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/18/2014 12:40:45 AM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/18/2014 12:40:45 AM | Computer Name = LEN61T | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ System Events ]
Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7034
Description = The ThinkPad HDD APS Logging Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7034
Description = The System Update service terminated unexpectedly. It has done this
1 time(s).

Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7031
Description = The Sophos Web Intelligence Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
30000 milliseconds: Restart the service.

Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7034
Description = The tvtnetwk service terminated unexpectedly. It has done this 1
time(s).

Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7034
Description = The TVT Backup Protection Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7034
Description = The TVT Backup Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7034
Description = The TVT Scheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 2/18/2014 12:33:12 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7031
Description = The Access Connections Main Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 2/18/2014 12:33:13 AM | Computer Name = LEN61T | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/18/2014 1:51:17 AM | Computer Name = LEN61T | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Reader 8 [color=red]Adobe Reader out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 6%
[u]````````````````````End of Log``````````````````````[/u]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b043d269a67e6747b510b605665783f8
# engine=17111
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-18 07:21:09
# local_time=2014-02-17 11:21:09 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8449 16775165 50 96 0 62253584 0 0
# scanned=72596
# found=0
# cleaned=0
# scan_time=1769
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


jig

join:2001-01-05
Hacienda Heights, CA

1 recommendation

reply to TheJoker
Also, thanks everyone for the help!


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

Please run OTL.exe.

- Copy the text in the code box below to the clipboard by highlighting all the text inside the box and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

quote:
:OTL
@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
:Commands
[EmptyTemp]
[EMPTYJAVA]
[EMPTYFLASH]
[CREATERESTOREPOINT]
- Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTL.exe

Please post the log from OTL in your next reply.

quote:
the infestation is something that runs "links.exe" at startup
How did you determine this, did you see it in running processes?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
http://jpshortstuff.247fixes.com/SystemLook.exe
 

Download Mirror #2
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe
 

- Double-click SystemLook.exe to run it.
- Copy the content of the following quotebox into the main textfield:

quote:
:filefind
links.exe
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please post the new log from OTL, and the log from SystemLook in your next reply, let me know how you determined the problem was a file called links.exe, and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


jig

join:2001-01-05
Hacienda Heights, CA
Thank you!

A little out of order - I'll start by saying that the reason why I think the problem is "links.exe' is because when using Task Manager, under the Applications tab, there is something called "Links" running at start up that I can't stop, and that is running even when i've started in safe mode with networking. The icon in te Applications tab looks like a command window.

Errors - the only one i experienced was that OTL forced a reboot after the Run Fix (not sure if that's an error or not).

Logs are below (OTL then Systemlook):

All processes killed
========== OTL ==========
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A303874F .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JJB
->Temp folder emptied: 509760 bytes
->Temporary Internet Files folder emptied: 5620117 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10285040 bytes

Total Files Cleaned = 16.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: JJB
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: JJB
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 02222014_220220

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SystemLook 30.07.11 by jpshortstuff
Log created at 22:11 on 22/02/2014 by JJB
Administrator - Elevation successful

========== filefind ==========

Searching for "links.exe"
No files found.

Searching for "--------------------------------------------------------------------------------"
No files found.

-= EOF =-
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
quote:
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
Please rerun OTL.exe

- Close all windows and double click OTL.exe.
- In the Extra Registry section, click and select "All".
- In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
:Commands
[EmptyTemp]


- Click Run Scan and let the program run uninterrupted.
- When the scan completes, it will open a Notepad window. OTL.txt.
- Please post the contents of OTL.txt in your next reply.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please post the contents of the log at C:\ComboFix.txt in your next reply, along with the new log from OTL (OTL.txt), and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


jig

join:2001-01-05
Hacienda Heights, CA
Thanks!

Just checking - did you want me to post the OTL and the Extras.txt? Both popped up after running OTL.

OTL logfile created on: 2/23/2014 1:17:39 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\JJB\Desktop\KW
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 83.14% Memory free
4.82 Gb Paging File | 4.47 Gb Available in Paging File | 92.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 26.97 Gb Free Space | 38.52% Space Free | Partition Type: NTFS

Computer Name: LEN61T | User Name: JJB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/02/17 22:17:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJB\Desktop\KW\OTL.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/14 23:32:40 | 001,467,240 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\OmniPage18\omnipage.exe
PRC - [2010/09/30 10:52:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/17 16:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/28 10:02:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/03/27 18:52:22 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/03/27 18:51:10 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/03/27 18:46:42 | 000,180,224 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/03/27 18:44:34 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/03/08 21:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 20:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/06 15:40:30 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/02/27 16:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/08 12:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 12:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 10:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/30 17:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/29 19:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/12/15 15:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/09/05 23:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/13 21:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/02/12 03:20:31 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 03:20:15 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/12 03:08:42 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 03:08:29 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013/07/10 02:33:25 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c9e5b549\mscorlib.dll
MOD - [2013/07/10 02:32:17 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5e50e374\system.dll
MOD - [2013/07/10 02:32:00 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/09/17 16:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
MOD - [2007/03/28 10:02:00 | 000,235,056 | ---- | M] () -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007/03/22 09:02:00 | 000,063,024 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2007/03/07 09:31:00 | 000,063,024 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2007/03/06 15:40:04 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/02/08 12:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/02/08 12:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/02/08 11:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/02/08 11:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/02/08 10:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2007/01/24 22:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/12/19 08:14:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2006/12/19 08:14:00 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2006/12/13 18:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll
MOD - [2006/11/09 20:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006/10/17 16:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/04/29 23:31:02 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2002/05/03 08:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2014/02/12 16:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/09/30 10:52:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/17 16:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/27 18:46:42 | 000,180,224 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/03/27 18:44:34 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/02/27 16:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 12:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 10:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/30 17:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/29 19:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/12/15 15:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/06 17:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/03/28 10:02:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/03/28 04:22:58 | 002,204,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/03/14 21:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp)
DRV - [2007/03/02 16:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007/03/02 16:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 01:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/26 01:29:22 | 000,081,920 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/01/24 01:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/21 18:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 18:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 18:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/12/19 08:14:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/11/06 00:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/09/13 11:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/12 21:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/02/02 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CF7D58A8-CD59-4EE5-820C-2218E3060F0D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\..\SearchScopes\{CF7D58A8-CD59-4EE5-820C-2218E3060F0D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/02/22 23:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JJB\Application Data\Mozilla\Extensions
[2014/02/22 23:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JJB\Application Data\Mozilla\Firefox\Profiles\pc0p8l1d.default\extensions
[2014/02/22 23:26:38 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\JJB\Application Data\Mozilla\Firefox\Profiles\pc0p8l1d.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/02/22 23:27:13 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\JJB\Application Data\Mozilla\Firefox\Profiles\pc0p8l1d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/22 23:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/22 23:24:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/02/22 00:54:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CANON DR5010C SVC] C:\WINDOWS\System32\DR5KSVC.dll (Canon Electronics)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Nuance OmniPage 18-reminder] C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [OmniPage Preload] C:\Program Files\Nuance\OmniPage18\OmniPage.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe (Corel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298794945890 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} https://peerreview.martindale.com/SpellChecker/wspell.cab (WSpell Spelling Checker Control)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC86EDC6-FACD-43AC-964D-64046A321F1E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 18:28:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/02/22 23:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJB\My Documents\Downloads
[2014/02/22 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJB\Local Settings\Application Data\Mozilla
[2014/02/22 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJB\Application Data\Mozilla
[2014/02/22 23:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/02/22 23:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/02/22 23:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/22 22:30:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JJB\Recent
[2014/02/22 01:12:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/22 00:51:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/02/22 00:42:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/22 00:42:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/22 00:42:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/22 00:42:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/22 00:42:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/22 00:42:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JJB\My Documents\My Videos
[2014/02/22 00:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/21 22:51:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2014/02/21 22:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2014/02/18 12:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJB\Application Data\QuickScan
[2014/02/17 22:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/02/17 21:25:48 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/02/17 21:25:48 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/02/17 21:25:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/02/17 21:25:33 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/02/17 21:25:33 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/02/17 21:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/02/17 20:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJB\Application Data\Malwarebytes
[2014/02/17 20:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/17 20:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/17 20:43:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/17 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/17 20:20:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2014/02/17 19:59:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2014/02/17 19:59:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/02/23 13:20:36 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2014/02/23 13:16:37 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5022DBD6-EC67-47A8-9395-752A7C4A21A9}.job
[2014/02/23 13:12:46 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2014/02/23 13:11:54 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/23 13:11:37 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2014/02/23 13:11:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/22 23:25:00 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\JJB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/22 23:24:54 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/02/22 00:54:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/21 22:39:48 | 000,506,264 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/21 22:39:48 | 000,089,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/19 10:26:57 | 000,000,160 | ---- | M] () -- C:\WINDOWS\setscan.ini
[2014/02/19 10:26:35 | 005,143,081 | ---- | M] () -- C:\Documents and Settings\JJB\Desktop\merchant.pdf
[2014/02/17 20:01:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/17 19:49:41 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\JJB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/09 09:42:28 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\JJB\Desktop\OmniPage 18.lnk
[2014/02/09 09:13:17 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\JJB\Desktop\Shortcut to file_share on SMB Server (192.168.0.35).lnk
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 15:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 15:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 15:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 15:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 15:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 15:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 15:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 15:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 15:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 15:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 15:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 15:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 15:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 15:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 15:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 15:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 15:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 15:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 15:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 15:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 15:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 15:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 15:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 15:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 15:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 15:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 15:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 15:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 15:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 15:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 14:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/02/22 23:25:00 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\JJB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/22 23:24:54 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/22 23:24:54 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/02/22 00:42:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/22 00:42:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/22 00:42:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/22 00:42:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/22 00:42:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/02/19 10:25:49 | 005,143,081 | ---- | C] () -- C:\Documents and Settings\JJB\Desktop\merchant.pdf
[2014/02/17 19:58:06 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2014/02/17 19:49:41 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\JJB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/14 03:23:15 | 000,365,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/11 15:53:53 | 000,000,031 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/11/15 15:53:32 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\JJB\Application Data\PFP120JPR.{PB
[2012/11/15 15:53:32 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\JJB\Application Data\PFP120JCM.{PB
[2012/07/18 14:47:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\Hitlist.ini
[2012/07/18 14:47:39 | 000,000,110 | ---- | C] () -- C:\WINDOWS\LNAME.INI
[2012/07/18 14:47:39 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BROWSER.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/04/29 23:25:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC][/color]
[2004/12/01 18:28:14 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/07 23:10:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/04/29 23:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/02 10:12:09 | 000,002,413 | ---- | M] () -- C:\drivez.log
[2006/04/13 21:55:44 | 000,000,529 | ---- | M] () -- C:\dsbHSM.inf
[2005/12/31 07:38:13 | 000,532,616 | ---- | M] (Microsoft Corporation ) -- C:\ImageResizerPowertoySetup.exe
[2006/04/29 23:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/29 23:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/03/01 20:19:28 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2013/07/03 19:03:25 | 002,149,888 | ---- | M] (Microsoft Corporation) -- C:\ntoskrnl.exe
[1999/12/07 04:00:00 | 000,761,193 | ---- | M] () -- C:\NTOSKRNL.EX_
[2014/02/23 13:11:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/02 09:46:14 | 000,000,093 | ---- | M] () -- C:\syslevel.lgl
[2014/02/23 13:11:35 | 000,001,692 | ---- | M] () -- C:\TPHKLOCK.TXT

[color=#A23BEC][/color]

[color=#A23BEC][/color]

[color=#A23BEC][/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-02-12 11:34:05

[color=#A23BEC][/color]

[color=#A23BEC][/color]

ComboFix 14-02-23.01 - JJB 02/23/2014 14:00:20.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2426 [GMT -8:00]
Running from: c:\documents and settings\JJB\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2014-01-23 to 2014-02-23 )))))))))))))))))))))))))))))))
.
.
2014-02-22 06:39 . 2014-02-22 06:39 -------- d-----w- c:\windows\SxsCaPendDel
2014-02-18 20:01 . 2014-02-22 08:35 -------- d-----w- c:\documents and settings\JJB\Application Data\QuickScan
2014-02-18 06:45 . 2014-02-18 06:45 -------- d-----w- c:\program files\ESET
2014-02-18 05:25 . 2013-12-19 04:46 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-02-18 05:25 . 2013-12-19 05:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-18 04:43 . 2014-02-18 04:43 -------- d-----w- c:\documents and settings\JJB\Application Data\Malwarebytes
2014-02-18 04:43 . 2014-02-18 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-18 04:43 . 2014-02-18 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-18 04:43 . 2013-04-04 22:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-18 03:59 . 2014-02-18 03:59 -------- d-----w- c:\windows\system32\winrm
2014-02-18 03:59 . 2014-02-18 03:59 -------- d-----w- c:\windows\system32\GroupPolicy
2014-02-18 03:58 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 23:26 . 2006-04-30 06:56 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2006-04-30 06:55 18944 ------w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2014-01-07 18:51 . 2013-01-08 23:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-07 18:51 . 2011-08-10 19:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-04 03:13 . 2006-04-30 06:56 420864 ------w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2006-04-30 06:55 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2006-04-30 06:55 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-03-30 181808]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-28 925696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-28 126976]
"WordPerfect Office 1215"="c:\program files\WordPerfect Office 12\Programs\Registration.exe" [2004-03-08 733184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-10 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-10 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-10 131072]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"CANON DR5010C SVC"="DR5KSVC.dll" [2010-06-14 135168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-09-27 1443080]
"OmniPage Preload"="c:\program files\Nuance\OmniPage18\OmniPage.exe" [2011-08-15 1467240]
"Nuance OmniPage 18-reminder"="c:\program files\Nuance\OmniPage18\Ereg\Ereg.exe" [2011-05-16 333088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
backup=c:\windows\pss\Lotus Organizer EasyClip.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\windows\pss\Lotus QuickStart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
backup=c:\windows\pss\Lotus SmartCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
backup=c:\windows\pss\Lotus SuiteStart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-01-31 02:01 2618944 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-13 21:26 36864 ------w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-13 21:00 45108 ------w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 20:19 536576 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=
"c:\\Program Files\\Nuance\\OmniPage18\\OmniPage18.exe"=
"c:\\Program Files\\Nuance\\OmniPage18\\PPMV.exe"=
"c:\\Program Files\\Nuance\\OmniPage18\\Ereg\\Ereg.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 4:47 PM 19760]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/17/2014 8:43 PM 418376]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [9/17/2010 4:04 PM 1251840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/14/2007 9:10 PM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 12:11 PM 569344]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8/2/2010 9:46 AM 81920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/17/2014 8:43 PM 22856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 11:42 AM 35264]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/17/2014 8:43 PM 701512]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2006-04-30 00:12]
.
2014-02-23 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-08-02 16:14]
.
2014-02-23 c:\windows\Tasks\User_Feed_Synchronization-{5022DBD6-EC67-47A8-9395-752A7C4A21A9}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - hxxps://peerreview.martindale.com/SpellChecker/wspell.cab
FF - ProfilePath - c:\documents and settings\JJB\Application Data\Mozilla\Firefox\Profiles\pc0p8l1d.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-23 14:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
.
- - - - - - - > 'lsass.exe'(1396)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Completion time: 2014-02-23 14:11:39
ComboFix-quarantined-files.txt 2014-02-23 22:11
.
Pre-Run: 34,486,951,936 bytes free
Post-Run: 34,475,540,480 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AB2369C2E4E84C2B8A88AC7558B43D4F
1C869A1497A8655DAC088BDBB52D56DA
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
What browser(s) is the malware appearing in, and what is it doing?

Download and save to your Desktop RogueKillerX64.exe (by tigzy)

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
 

- Quit all programs
- Please disconnect any USB or external drives from the computer before you run this scan!
- Start RogueKiller.exe
- Wait until Prescan has finished
- Click on Scan
- Click on Report and copy/paste the content of the notepad in your next reply.

Please download the Farbar Recovery Scan Tool and save it to your desktop.
You need to download the 32-bit version.

- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press the Scan button.
- It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Please post the logs from RogueKiller and Farbar Recovery Scan Tool, and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


jig

join:2001-01-05
Hacienda Heights, CA
Thanks again!

The malware doesn't show up in any particular browser, just task manager, though i think IE is running slower than it should, and i hear execution clicks often, as if its loading new ads. I will note that when i select 'go to process' in task manager when right clicking on the links application, the process it goes to is explorer.exe

here are the logs (multiple posts so they fit):

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRKgmailcom
Feedback : »forum.adlice.com
Website : »www.adlice.com/softwares/roguekiller/
Blog : »www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JJB [Admin rights]
Mode : Scan -- Date : 02/24/2014 00:02:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BEVS-08RST2 +++++
--- User ---
[MBR] ce33149948a091bd7db580d52adcdff7
[BSP] c3f1f898908e362598fc9da99b8bee17 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 71687 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 146815200 | Size: 4629 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : >
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


jig

join:2001-01-05
Hacienda Heights, CA
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014 02
Ran by JJB (administrator) on LEN61T on 24-02-2014 00:07:06
Running from C:\Documents and Settings\JJB\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
( ) c:\program files\lenovo\system update\suservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\WINDOWS\System32\TPHDEXLG.exe
(IBM) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\OmniPage18\OmniPage.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [110592 2006-02-13] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [512000 2006-02-13] (Synaptics, Inc.)
HKLM\...\Run: [PWRMGRTR] - C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [159744 2006-12-19] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] - C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2006-12-19] ()
HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [58416 2007-03-28] (Lenovo Group Limited)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [66176 2007-03-08] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [181808 2007-03-29] (Lenovo.)
HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [243248 2007-03-07] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2007-01-28] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] - C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2006-02-02] (Sonic Solutions)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [LPManager] - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [120368 2007-03-22] (Lenovo Group Limited)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [126976 2007-03-27] (Lenovo )
HKLM\...\Run: [WordPerfect Office 1215] - C:\Program Files\WordPerfect Office 12\Programs\Registration.exe [733184 2004-03-08] (Corel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2007-02-08] (Lenovo Group Limited)
HKLM\...\Run: [CANON DR5010C SVC] - C:\WINDOWS\system32\DR5KSVC.dll [135168 2010-06-14] (Canon Electronics)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1443080 2010-09-27] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [OmniPage Preload] - C:\Program Files\Nuance\OmniPage18\OmniPage.exe [1467240 2011-08-14] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance OmniPage 18-reminder] - C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\tpfnf2: C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Lsa: [Notification Packages] scecli psqlpwd

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {CF7D58A8-CD59-4EE5-820C-2218E3060F0D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {CF7D58A8-CD59-4EE5-820C-2218E3060F0D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298794945890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} https://peerreview.martindale.com/SpellChecker/wspell.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JJB\Application Data\Mozilla\Firefox\Profiles\pc0p8l1d.default
FF Homepage: www.google.com
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: Flashblock - C:\Documents and Settings\JJB\Application Data\Mozilla\Firefox\Profiles\pc0p8l1d.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-02-22]
FF Extension: Adblock Plus - C:\Documents and Settings\JJB\Application Data\Mozilla\Firefox\Profiles\pc0p8l1d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [622700 2006-05-23] (Diskeeper Corporation)
R2 IPSSVC; C:\WINDOWS\system32\IPSSVC.EXE [108080 2007-01-29] (Lenovo Group Limited)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [65795 2003-11-04] (HP)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1251840 2010-09-17] ()
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-03-06] (Intel Corporation )
R2 SUService; c:\program files\lenovo\system update\suservice.exe [11776 2006-12-15] ( )
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2007-01-30] (IBM)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-02-08] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2007-02-08] (Lenovo Group Limited)
S2 tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [45056 2007-02-08] ()
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21425 2010-08-02] (Meetinghouse Data Communications)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2005-11-08] (IBM Corp.)
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868042 2007-02-27] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-01-24] (Broadcom Corporation.)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions)
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions)
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions)
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions)
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions)
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions)
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions)
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions)
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions)
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-21] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-21] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [6016 2006-01-12] ()
R3 LenovoRd; C:\WINDOWS\System32\Drivers\LenovoRd.sys [81920 2007-02-26] (Lenovo)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2204672 2007-03-28] (Intel Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2010-08-02] (Microsoft Corporation)
R2 PROCDD; C:\WINDOWS\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation)
R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [11152 2007-03-14] (UPEK Inc.)
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17778 2006-10-22] (IBM Corporation)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2006-12-19] ()
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [12848 2007-03-28] ()
R3 TVTPktFilter; C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys [17664 2007-02-08] (Lenovo Group Limited)
R3 catchme; \??\C:\DOCUME~1\JJB\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-24 00:07 - 2014-02-24 00:07 - 00016685 _____ () C:\Documents and Settings\JJB\Desktop\FRST.txt
2014-02-24 00:06 - 2014-02-24 00:07 - 00000000 ____D () C:\FRST
2014-02-24 00:05 - 2014-02-24 00:05 - 00001565 _____ () C:\Documents and Settings\JJB\Desktop\RKreport[0]_D_02242014_000513.txt
2014-02-24 00:00 - 2014-02-24 00:00 - 01144320 _____ (Farbar) C:\Documents and Settings\JJB\Desktop\FRST.exe
2014-02-23 14:15 - 2014-02-23 14:22 - 00000192 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG
2014-02-23 14:11 - 2014-02-23 14:11 - 00015289 _____ () C:\ComboFix.txt
2014-02-23 13:58 - 2014-02-23 13:58 - 00000000 _RSHD () C:\cmdcons
2014-02-23 13:58 - 2011-03-07 23:10 - 00000211 _____ () C:\Boot.bak
2014-02-23 13:58 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-02-23 13:56 - 2014-02-23 14:11 - 00000000 ____D () C:\Qoobox
2014-02-23 13:56 - 2011-06-25 22:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-23 13:56 - 2010-11-07 09:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-23 13:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-23 13:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-23 13:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-23 13:56 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-23 13:56 - 2000-08-30 16:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-23 13:56 - 2000-08-30 16:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-23 13:56 - 2000-08-30 16:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-22 23:25 - 2014-02-22 23:25 - 00000000 ____D () C:\Documents and Settings\JJB\Local Settings\Application Data\Mozilla
2014-02-22 23:25 - 2014-02-22 23:25 - 00000000 ____D () C:\Documents and Settings\JJB\Application Data\Mozilla
2014-02-22 23:24 - 2014-02-22 23:24 - 00000737 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-22 23:24 - 2014-02-22 23:24 - 00000731 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-02-22 23:24 - 2014-02-22 23:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-22 23:24 - 2014-02-22 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-22 23:24 - 2014-02-22 23:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-02-22 00:51 - 2014-02-22 00:51 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-02-22 00:41 - 2014-02-23 13:56 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-21 22:51 - 2014-02-21 22:51 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-21 22:39 - 2014-02-21 22:39 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-02-18 15:51 - 2014-02-18 15:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021814-01.dmp
2014-02-18 12:01 - 2014-02-22 00:35 - 00000000 ____D () C:\Documents and Settings\JJB\Application Data\QuickScan
2014-02-17 22:45 - 2014-02-17 22:45 - 00000000 ____D () C:\Program Files\ESET
2014-02-17 21:25 - 2014-02-17 21:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-17 21:25 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-17 21:25 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-17 21:25 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-17 21:25 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-17 21:25 - 2013-12-18 20:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-02-17 21:23 - 2014-02-17 21:25 - 00005203 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Documents and Settings\JJB\Application Data\Malwarebytes
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-17 20:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-17 20:20 - 2014-02-17 20:20 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-02-17 20:07 - 2014-02-23 13:14 - 00019934 _____ () C:\WINDOWS\setupapi.log
2014-02-17 20:01 - 2014-02-17 20:01 - 00009401 _____ () C:\WINDOWS\KB2632503-IE8.log
2014-02-17 20:01 - 2014-02-17 20:01 - 00008566 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-02-17 19:59 - 2014-02-17 20:08 - 00000610 _____ () C:\WINDOWS\setupact.log
2014-02-17 19:59 - 2014-02-17 20:03 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-02-17 19:59 - 2014-02-17 20:02 - 00033195 _____ () C:\WINDOWS\iis6.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00014780 _____ () C:\WINDOWS\ocgen.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00009390 _____ () C:\WINDOWS\msmqinst.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00006150 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00005415 _____ () C:\WINDOWS\netfxocm.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00002125 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00001710 _____ () C:\WINDOWS\ocmsn.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00001545 _____ () C:\WINDOWS\msgsocm.log
2014-02-17 19:59 - 2014-02-17 20:02 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-17 19:59 - 2014-02-17 20:01 - 00009190 _____ () C:\WINDOWS\KB2492386.log
2014-02-17 19:59 - 2014-02-17 19:59 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-02-17 19:59 - 2014-02-17 19:59 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-02-17 19:59 - 2014-02-17 19:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-17 19:58 - 2014-02-17 20:02 - 00011102 _____ () C:\WINDOWS\KB2808679.log
2014-02-17 19:58 - 2011-08-16 02:45 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2014-02-17 19:58 - 2011-03-11 06:10 - 00225262 ____N () C:\WINDOWS\system32\dllcache\msimain.sdb
2014-02-17 19:49 - 2014-02-17 19:49 - 00003584 _____ () C:\Documents and Settings\JJB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-17 18:12 - 2014-02-17 18:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021714-02.dmp
2014-02-17 17:46 - 2014-02-17 17:45 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021714-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-24 00:07 - 2014-02-24 00:07 - 00016685 _____ () C:\Documents and Settings\JJB\Desktop\FRST.txt
2014-02-24 00:07 - 2014-02-24 00:06 - 00000000 ____D () C:\FRST
2014-02-24 00:06 - 2012-01-21 09:50 - 00000000 ____D () C:\Documents and Settings\JJB\Desktop\KW
2014-02-24 00:05 - 2014-02-24 00:05 - 00001565 _____ () C:\Documents and Settings\JJB\Desktop\RKreport[0]_D_02242014_000513.txt
2014-02-24 00:02 - 2011-02-27 09:41 - 00000418 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{5022DBD6-EC67-47A8-9395-752A7C4A21A9}.job
2014-02-24 00:00 - 2014-02-24 00:00 - 01144320 _____ (Farbar) C:\Documents and Settings\JJB\Desktop\FRST.exe
2014-02-23 23:59 - 2006-04-29 23:11 - 01234673 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-23 14:22 - 2014-02-23 14:15 - 00000192 _____ () C:\WINDOWS\system32\TPAPSLOG.LOG
2014-02-23 14:22 - 2010-08-02 10:02 - 00000316 _____ () C:\WINDOWS\Tasks\PMTask.job
2014-02-23 14:11 - 2014-02-23 14:11 - 00015289 _____ () C:\ComboFix.txt
2014-02-23 14:11 - 2014-02-23 13:56 - 00000000 ____D () C:\Qoobox
2014-02-23 14:11 - 2006-04-29 23:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-23 14:06 - 2006-04-29 22:56 - 00000246 _____ () C:\WINDOWS\system.ini
2014-02-23 13:58 - 2014-02-23 13:58 - 00000000 _RSHD () C:\cmdcons
2014-02-23 13:58 - 2006-04-29 22:56 - 00000327 __RSH () C:\boot.ini
2014-02-23 13:56 - 2014-02-22 00:41 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-23 13:56 - 2006-04-29 23:20 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-23 13:51 - 2007-03-02 04:15 - 00025269 _____ () C:\WINDOWS\system32\PROCDB.INI
2014-02-23 13:50 - 2010-08-02 10:08 - 00001704 _____ () C:\TPHKLOCK.TXT
2014-02-23 13:50 - 2007-03-02 04:15 - 00000480 _____ () C:\WINDOWS\system32\IPSCtrl.INI
2014-02-23 13:50 - 2006-04-29 22:56 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-23 13:50 - 2006-04-29 16:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-23 13:50 - 2006-04-29 16:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-23 13:48 - 2011-02-25 15:01 - 00000178 ___SH () C:\Documents and Settings\JJB\ntuser.ini
2014-02-23 13:47 - 2006-04-29 16:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-23 13:14 - 2014-02-17 20:07 - 00019934 _____ () C:\WINDOWS\setupapi.log
2014-02-23 13:13 - 2010-08-02 10:21 - 00000000 ____D () C:\SWSHARE
2014-02-22 23:25 - 2014-02-22 23:25 - 00000000 ____D () C:\Documents and Settings\JJB\Local Settings\Application Data\Mozilla
2014-02-22 23:25 - 2014-02-22 23:25 - 00000000 ____D () C:\Documents and Settings\JJB\Application Data\Mozilla
2014-02-22 23:24 - 2014-02-22 23:24 - 00000737 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-02-22 23:24 - 2014-02-22 23:24 - 00000731 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-02-22 23:24 - 2014-02-22 23:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-22 23:24 - 2014-02-22 23:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-22 23:24 - 2014-02-22 23:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-02-22 22:51 - 2012-05-07 22:33 - 00000000 ____D () C:\Documents and Settings\JJB\Application Data\Sling Media
2014-02-22 22:50 - 2010-08-02 10:26 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-22 22:50 - 2010-08-02 10:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-02-22 22:30 - 2011-02-25 15:01 - 00000000 ____D () C:\Documents and Settings\JJB
2014-02-22 00:58 - 2006-04-29 16:20 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-22 00:51 - 2014-02-22 00:51 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-02-22 00:51 - 2014-02-22 00:51 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-02-22 00:51 - 2006-04-29 16:03 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-02-22 00:51 - 2006-04-29 16:03 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-02-22 00:51 - 2006-04-29 16:02 - 40108032 _____ () C:\WINDOWS\system32\config\software.bak
2014-02-22 00:51 - 2006-04-29 16:02 - 07864320 _____ () C:\WINDOWS\system32\config\system.bak
2014-02-22 00:51 - 2006-04-29 16:02 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-02-22 00:35 - 2014-02-18 12:01 - 00000000 ____D () C:\Documents and Settings\JJB\Application Data\QuickScan
2014-02-21 22:51 - 2014-02-21 22:51 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-21 22:50 - 2012-07-26 13:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sophos
2014-02-21 22:43 - 2012-02-27 10:37 - 00000000 ____D () C:\Program Files\Sophos
2014-02-21 22:39 - 2014-02-21 22:39 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-02-21 22:39 - 2006-04-29 16:04 - 00607722 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-21 19:01 - 2011-04-02 19:34 - 00000000 ____D () C:\Documents and Settings\JJB\My Documents\get video
2014-02-19 10:26 - 2011-03-08 17:32 - 00000160 _____ () C:\WINDOWS\setscan.ini
2014-02-18 15:51 - 2014-02-18 15:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021814-01.dmp
2014-02-17 22:45 - 2014-02-17 22:45 - 00000000 ____D () C:\Program Files\ESET
2014-02-17 21:25 - 2014-02-17 21:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-17 21:25 - 2014-02-17 21:23 - 00005203 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-17 21:25 - 2010-08-02 10:11 - 00000000 ____D () C:\Program Files\Java
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Documents and Settings\JJB\Application Data\Malwarebytes
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-17 20:43 - 2014-02-17 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-17 20:41 - 2011-10-13 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
2014-02-17 20:23 - 2011-02-25 15:01 - 00000000 ____D () C:\Program Files\Windows Live Toolbar
2014-02-17 20:22 - 2011-04-22 19:26 - 00000000 ____D () C:\Program Files\ScreenPrint32 v3
2014-02-17 20:20 - 2014-02-17 20:20 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-02-17 20:20 - 2010-08-02 10:11 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-17 20:08 - 2014-02-17 19:59 - 00000610 _____ () C:\WINDOWS\setupact.log
2014-02-17 20:03 - 2014-02-17 19:59 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-02-17 20:02 - 2014-02-17 19:59 - 00033195 _____ () C:\WINDOWS\iis6.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00014780 _____ () C:\WINDOWS\ocgen.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00009390 _____ () C:\WINDOWS\msmqinst.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00006150 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00005415 _____ () C:\WINDOWS\netfxocm.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00002125 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00001710 _____ () C:\WINDOWS\ocmsn.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00001545 _____ () C:\WINDOWS\msgsocm.log
2014-02-17 20:02 - 2014-02-17 19:59 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-17 20:02 - 2014-02-17 19:58 - 00011102 _____ () C:\WINDOWS\KB2808679.log
2014-02-17 20:02 - 2006-04-29 16:04 - 02150811 _____ () C:\WINDOWS\FaxSetup.log
2014-02-17 20:02 - 2006-04-29 16:04 - 00989944 _____ () C:\WINDOWS\tsoc.log
2014-02-17 20:02 - 2006-04-29 16:04 - 00603324 _____ () C:\WINDOWS\comsetup.log
2014-02-17 20:02 - 2006-04-29 16:04 - 00109056 _____ () C:\WINDOWS\tabletoc.log
2014-02-17 20:01 - 2014-02-17 20:01 - 00009401 _____ () C:\WINDOWS\KB2632503-IE8.log
2014-02-17 20:01 - 2014-02-17 20:01 - 00008566 _____ () C:\WINDOWS\KB2598845-IE8.log
2014-02-17 20:01 - 2014-02-17 19:59 - 00009190 _____ () C:\WINDOWS\KB2492386.log
2014-02-17 20:01 - 2006-04-29 23:26 - 00307494 _____ () C:\WINDOWS\updspapi.log
2014-02-17 20:01 - 2006-04-29 16:13 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-02-17 20:01 - 2006-04-29 16:04 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-17 19:59 - 2014-02-17 19:59 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-02-17 19:59 - 2014-02-17 19:59 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-02-17 19:59 - 2014-02-17 19:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-17 19:59 - 2011-03-01 21:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-02-17 19:59 - 2006-04-29 16:25 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-17 19:59 - 2006-04-29 16:08 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-02-17 19:59 - 2006-04-29 08:57 - 00000000 ____D () C:\WINDOWS\security
2014-02-17 19:59 - 2006-04-29 08:57 - 00000000 ____D () C:\WINDOWS\Help
2014-02-17 19:49 - 2014-02-17 19:49 - 00003584 _____ () C:\Documents and Settings\JJB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-17 19:37 - 2011-04-10 10:22 - 00000000 ____D () C:\tscan61
2014-02-17 18:12 - 2014-02-17 18:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021714-02.dmp
2014-02-17 18:12 - 2011-02-25 22:20 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-17 17:45 - 2014-02-17 17:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021714-01.dmp
2014-02-14 13:58 - 2011-03-04 22:00 - 00000000 ____D () C:\wp
2014-02-12 03:22 - 2013-08-15 02:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 03:15 - 2011-02-27 05:59 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-09 09:42 - 2012-08-15 20:44 - 00002515 _____ () C:\Documents and Settings\JJB\Desktop\OmniPage 18.lnk
2014-02-09 09:13 - 2013-10-11 17:18 - 00000470 _____ () C:\Documents and Settings\JJB\Desktop\Shortcut to file_share on SMB Server (192.168.0.35).lnk
2014-02-06 03:54 - 2006-11-07 02:26 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2006-04-29 22:55 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 15:26 - 2012-06-12 19:07 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 15:26 - 2011-02-27 06:08 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 15:26 - 2011-02-27 06:08 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 15:26 - 2011-02-27 06:08 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 15:26 - 2011-02-27 06:08 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 15:26 - 2011-02-27 06:08 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 15:26 - 2011-02-27 06:08 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 15:26 - 2011-02-27 06:08 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 06021120 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 01216000 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00759296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 15:26 - 2006-11-07 20:03 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 15:26 - 2006-11-07 02:27 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 15:26 - 2006-10-17 11:05 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 15:26 - 2006-10-17 11:05 - 00105984 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 15:26 - 2006-10-17 11:05 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 15:26 - 2006-10-17 11:04 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 15:26 - 2006-10-17 11:03 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 15:26 - 2006-10-17 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 15:26 - 2006-04-29 22:56 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 15:26 - 2006-04-29 22:56 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 15:26 - 2006-04-29 22:56 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 15:26 - 2006-04-29 22:55 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 15:26 - 2006-04-29 22:55 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 14:24 - 2006-04-29 22:55 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec

Some content of TEMP:
====================
C:\Documents and Settings\JJB\Local Settings\temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


jig

join:2001-01-05
Hacienda Heights, CA
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2014 02
Ran by JJB at 2014-02-24 00:07:22
Running from C:\Documents and Settings\JJB\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.01 - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Canon DR-4010C Driver (HKLM\...\{A4065943-D898-4BE6-BFA4-6A5299675F93}) (Version: 1.6.11009.29001a - Canon Electronics Inc.)
CapturePerfect 2.0 (HKLM\...\CapturePerfect 2.0) (Version: - )
Client Security Solution (HKLM\...\{F055E1B2-8A05-4D87-8039-1BE979BA4193}) (Version: 8.00.0114.00 - Lenovo Group Limited)
Diskeeper Lite (HKLM\...\{796E076A-82F7-4D49-98C8-DEC0C3BC733A}) (Version: 9.0.541 - Diskeeper Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00c - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Integrated Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.8.010 - Sonix)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0.API - Intel Corporation)
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.311 - InterVideo Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies)
Lotus NotesSQL 3.01 driver (HKLM\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM\...\{536D6172-7453-7569-7465-392E37300409}) (Version: 9.7.0 - Lotus Development Corporation)
Maintenance Manager (HKLM\...\AwayTask) (Version: 3.0.4.0 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
mCore (Version: 9.07.0000 - Intel Corporation) Hidden
mDriver (Version: 9.07.0000 - Intel) Hidden
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01b - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
mMHouse (Version: 9.07.0000 - Intel Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
mPfMgr (Version: 9.07.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
Nuance OmniPage 18 (HKLM\...\{90F50D38-23E4-42AA-8483-75C1D8C546AB}) (Version: 18.1.0000 - Nuance Communications, Inc.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.01 - )
PaperPort 8.0 (HKLM\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4334.11 - PC-Doctor, Inc.)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 3.02b - )
Productivity Center Supplement for ThinkPad (HKLM\...\{D728E945-256D-4477-B377-6BBA693714AC}) (Version: 2.00 - )
QuickBooks (Version: 21.0.4003.904 - Intuit Inc.) Hidden
QuickBooks Premier: Professional Services Edition 2011 (HKLM\...\{11E0AC7D-6834-4F67-865F-EE1C13D28C38}) (Version: 21.0.4003.904 - Intuit Inc.)
RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Remove Multimedia Center (HKLM\...\Remove Multimedia Center) (Version: - )
Rescue and Recovery (HKLM\...\{F151F2B3-0C32-44D3-90E2-E639B8024622}) (Version: 4.00.0114.00 - Lenovo Group Limited)
SmartJCForms 1.0 (HKLM\...\{3066630C-B5EB-44D9-845B-86EA394ED319}) (Version: 1.0 - CEB)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 1.0.2 - Lenovo)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5370 - Analog Devices)
System Migration Assistant (HKLM\...\{F705E3E1-A471-426B-9A09-73429F3418EE}) (Version: 5.20.0033 - Lenovo Group Limited.)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.00.0022 - Lenovo)
Tax Forms Helper 2011 10.0 (HKLM\...\Tax Forms Helper 2011_is1) (Version: - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3100 - Lenovo)
ThinkPad EasyEject Utility (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.31 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 1.16 - )
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
ThinkPad PC Card Power Policy (Version: 1.02 - ) Hidden
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.42 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.14 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 7.5.17.20 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 1.03 - )
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 4.40 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.52 - Lenovo)
ThinkVantage Fingerprint Software 5.6 (HKLM\...\{41894269-0DD1-4C85-B3DD-1EB41B07621D}) (Version: 5.6.1.3425 - UPEK Inc.)
ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 2.02 - )
ThinkVantage Technologies Welcome Message (Version: 1.18 - ) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB932080) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{EDC9CA29-6BC1-471C-828C-7A36109005D7}) (Version: - )
Update for Office 2007 (KB933688) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F6E692F1-63C2-4760-94C6-C689DCD053F1}) (Version: - )
Update for Office 2007 (KB934391) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B3091818-7C56-4C45-BE7D-CA23027A5EA5}) (Version: - )
Update for Office 2007 (KB934393) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}) (Version: - )
Update for Outlook 2007 (KB933493) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{23F2FF76-ABCD-421D-9860-0D0B2999D028}) (Version: - )
Update for Outlook 2007 Junk Email Filter (KB934655) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F7185592-E40D-476E-9BC4-38DF96EE176B}) (Version: - )
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Word 2007 (KB934173) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C6A89125-5473-45E3-B413-ED8186437475}) (Version: - )
Wallpapers (Version: - ) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version: - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office 12 (HKLM\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)
XP Themes (Version: 1.00.0000 - Lenovo) Hidden

==================== Restore Points =========================

==================== Hosts content: ==========================

2006-04-29 22:55 - 2014-02-23 14:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Backup.job => C:\WINDOWS\system32\ntbackup.exe
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5022DBD6-EC67-47A8-9395-752A7C4A21A9}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2007-03-30 00:39 - 2006-12-13 18:06 - 00028672 ____N () C:\Program Files\Lenovo\HOTKEY\tphklock.dll
2007-03-06 15:40 - 2007-03-06 15:40 - 00118784 ____N () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2002-05-03 08:40 - 2002-05-03 08:40 - 00094274 ____N () C:\WINDOWS\system32\HPBHealr.dll
2010-09-17 16:04 - 2010-09-17 16:04 - 01251840 ____N () C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
2013-07-10 02:33 - 2013-07-10 02:33 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c9e5b549\mscorlib.dll
2013-07-10 02:32 - 2013-07-10 02:32 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5e50e374\system.dll
2007-02-08 12:11 - 2007-02-08 12:11 - 00569344 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2007-02-08 11:59 - 2007-02-08 11:59 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2010-08-02 10:03 - 2007-03-28 10:02 - 00235056 ____N () C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll
2007-03-30 00:39 - 2006-11-09 20:26 - 00030256 ____N () C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
2007-03-30 00:39 - 2007-01-24 22:25 - 00069720 ____N () C:\Program Files\Lenovo\HOTKEY\hkvolkey.dll
2010-08-02 10:13 - 2007-03-22 09:02 - 00063024 ____N () C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
2007-02-08 11:59 - 2007-02-08 11:59 - 00139264 ____N () C:\Program Files\Common Files\Lenovo\CDRecord.dll
2006-10-17 16:13 - 2006-10-17 16:13 - 01167360 ____N () C:\Program Files\Intel\Wireless\Bin\acAuth.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk => C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk => C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk => C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk => C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup
MSCONFIG\startupreg: AMSG => C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
MSCONFIG\startupreg: AwaySch => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
MSCONFIG\startupreg: cssauth => "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
MSCONFIG\startupreg: DiskeeperSystray => "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
MSCONFIG\startupreg: IndexSearch => C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: TVT Scheduler Proxy => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 08:40:45 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 08:40:45 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 08:40:45 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 08:09:33 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 08:09:33 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 08:09:33 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 07:45:28 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 07:45:28 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 07:45:28 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/17/2014 06:17:01 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

System errors:
=============
Error: (02/23/2014 02:00:11 PM) (Source: Service Control Manager) (User: )
Description: The tvtnetwk service terminated unexpectedly. It has done this 1 time(s).

Error: (02/23/2014 01:35:44 PM) (Source: Service Control Manager) (User: )
Description: The tvtnetwk service terminated unexpectedly. It has done this 1 time(s).

Error: (02/22/2014 10:46:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/22/2014 10:30:47 PM) (Source: DCOM) (User: LEN61T)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (02/22/2014 10:29:41 PM) (Source: DCOM) (User: LEN61T)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (02/22/2014 10:29:11 PM) (Source: DCOM) (User: LEN61T)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (02/22/2014 10:26:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
ANC
Fips
IBMTPCHK
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
TPHKDRV
TPPWRIF
TSMAPIP
WS2IFSL

Error: (02/22/2014 10:26:08 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (02/22/2014 10:26:08 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (02/22/2014 10:26:08 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3046.22 MB
Available physical RAM: 2426.84 MB
Total Pagefile: 4932.01 MB
Available Pagefile: 4585.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.55 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:70.01 GB) (Free:32.09 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: FF7E85C6)

Partition: GPT Partition Type.

==================== End Of Log ============================
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

reply to jig
quote:
The malware doesn't show up in any particular browser, just task manager
I don't see any malware in any of your logs.

quote:
i think IE is running slower than it should, and i hear execution clicks often, as if its loading new ads.
But you don't see any ads.

We can check with one more tool, but at this point I don't see any identifiable malware:
Please download the Kaspersky Virus Removal Tool:
»www.kaspersky.com/antivirus-remo···l?form=1
Double-click to start the program.
- Click the gear icon and ensure the following are all selected:
-- System Memory
-- Hidden startup objects
-- Disk Boot sectors
-- My Documents
-- My e-mail
-- Computer
-- Local disk (your C drive)
- Once done please select the Automatic Scan tab and press Start Scan.
- Allow AVP to delete all infections found.
- Once it has finished select the Report tab.
- Select the Detected threats report from the left and press the Save button.
- Save it to your Desktop and post the contents in your next reply.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


jig

join:2001-01-05
Hacienda Heights, CA

1 edit
Thanks - downloading and will run shortly.

Here's the indication that it's malware:

»www.bleepingcomputer.com/startup···964.html

and it certainly acts like malware, being unable to kill, etc. well, we'll see.

edit --> forgot to add, there is/was some popup blocker stuff installed, that may have been killing the ads.

--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


jig

join:2001-01-05
Hacienda Heights, CA
reply to TheJoker
Ran scan, nothing found, so no detected threats report. Re-running with deep scan enabled and heuristics upped a notch.

I didn't find anything like an update button for Kaspersky AVP - i assume it's downloaded with the latest signatures?

Thanks for all your help. Its beginning to look as if i should reinstall if i'm really worried about a trojan/rootkit.
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

reply to jig
From that page at BC:

quote:
This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications
Not sure what you had in Task Manager, but you said there was no file extension, and after searching your system there was no file found called links.exe. I think you assumed it was links.exe:

quote:
the reason why I think the problem is "links.exe' is because when using Task Manager, under the Applications tab, there is something called "Links" running at start up that I can't stop
There is no identifiable malware on your system that I can find. The only item even found was an alternate data stream (ADS), that has been removed.

One more utility to search with, but if it doesn't find anything, we've pretty much exhausted searching.

Please download Malwarebytes Anti-Rootkit here:

http://downloads.malwarebytes.org/file/mbar
 

- Unzip the contents to a folder on the Desktop.
- Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Please post the two logs produced.
- Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


jig

join:2001-01-05
Hacienda Heights, CA
reply to jig
nothing detected. arg. i've attached a screen shot of the application that's running, as shown in task manager, which is some kind of routine embedded in explorer.exe, according to task manager.

maybe i'll try uninstalling various programs before i slash and burn, but i'm not going to be comfortable until links isn't running.

thanks so much - please let me know if you have any further suggestions.
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


jig

join:2001-01-05
Hacienda Heights, CA
reply to TheJoker
found out some new information: the links application does not start when i boot into safe mode command prompt. that appears to be the only state in which i can boot and links isn't resident and cannot be ended. i tried running mbar and roguekiller while in that mode - the computer scanned clean.

i tried going through computer management-->services and stopping as many of those as i could. i got down to about 10 left (out of more than 30? that were started) that either wouldn't stop or could not be stopped (couldn't select stop service from right click menu), but links was still resident. none of the remaining services seemed foreign, but i didn't check that list against a non-compromised installation.

i haven't heard of a non-malware application that is so difficult to end or stop or at least research. the word "links" is almost impossible to search for online in most contexts - any other words in the search take precedence and "links" is just implied as a listing of urls to click on to reach pages including the other words. any help with the search string would be wonderful.

does this sound similar to another type of infection? vundo? is it worth running some other fixes to see what they come up with? if not, then i'll just reinstall windows - the valid programs on this machine are installed on other machines, and none of the other machines have the links application resident. i can only guess that somehow it's been injected into explorer.exe or hidden elsewhere in the filesystem.

one more thing - process explorer pointed to a folder called Links that i can only reach and/or see when using the command prompt. it's located at C:\documents and settings\jjb\favorites\links. i've tried removing the directory, and i get an access denied, even when in safe mode command prompt. i may try a live disk and see if i can see/delete the folder that way. should i consider trying the kaspersky bootcd/usbboot scanner?
--
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

You should be able to delete any item in Favorites. If you can't, as you mentioned you could likely do that from a Kaspersky Rescue Disk, Avira Rescue Disk, or any Linux boot disk. A small compact Linux version is PuppyLinux, available here:
http://distro.ibiblio.org/pub/linux/distributions/puppylinux/puppy-4.2-k2.6.25.16-seamonkey.iso
 

If you were to use the Kaspersky Rescue Disk, as an added bonus you would be able to update the scanner and scan your system while not in Windows.

Please let me know if you are successful.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010