• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

tiredofmalware1

Full Member
  • Content count

    86
  • Joined

  • Last visited

About tiredofmalware1

  • Rank
    Member
  • Birthday
  1. Ok what should I do now? The system restore hasn't worked. I checked and I don't think I can back date as far as I would like.Should I look into the installed motorola drivers? The drivers were installed on my computer for my cell phone.
  2. I restarted the computer and I still can't download anything.I wasn't able to do the registry edit. I just thought about something. I downloaded motorola drivers not to long before this started happening. I even added a device to a port in device manager. Could this have caused the problem? Could I do a system restore like a month or 2 prior?
  3. Sorry for the delay but I've been REAL busy. Now I created a new restore point. When I changed the name of the registery file and attempted to to run it nothing happens. No prompt nothing. Am I supposed to do this in MSDOS or something?
  4. I have the file on flash drive. The link for how to do system restore doesn't work. Can you resend it? I need to look at this first before I can make any changes. Thanks
  5. I forgot to check in yesterday. Since I have to do registry editing, I will wait until tomorrow also because I need to download the new file onto a flash drive.
  6. MiniToolBox by Farbar Version: 23-01-2014 Ran by lisa (administrator) on 24-04-2014 at 19:18:46 Running from "C:\Users\lisa\Desktop" Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected) 11b/g Wireless LAN Mini PCI Express Adapter III = Wireless Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Ann Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter III Physical Address. . . . . . . . . : 00-23-4E-D6-AE-5E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) Physical Address. . . . . . . . . : DE-8D-9A-E8-11-00 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c880:abe0:3608:1c88%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, April 23, 2014 5:55:08 PM Lease Expires . . . . . . . . . . : Thursday, April 24, 2014 8:12:10 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 167781204 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-01-7F-1F-00-23-4E-D6-AE-5E DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.westell.com Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{31059A55-7218-49B1-B9B7-AE3BA4F507AE} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:c6a:38eb:3f57:fffc(Preferred) Link-local IPv6 Address . . . . . : fe80::c6a:38eb:3f57:fffc%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 16: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 22: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E0CCB94B-8B1B-43C9-A419-B206FF0414D5} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: dns-cac-lb-01.rr.com Address: 209.18.47.61 Name: google.com Addresses: 2607:f8b0:4006:800::1001 74.125.226.164 74.125.226.165 74.125.226.166 74.125.226.167 74.125.226.168 74.125.226.169 74.125.226.174 74.125.226.160 74.125.226.161 74.125.226.162 74.125.226.163 Pinging google.com [74.125.226.199] with 32 bytes of data: Reply from 74.125.226.199: bytes=32 time=17ms TTL=54 Reply from 74.125.226.199: bytes=32 time=15ms TTL=54 Ping statistics for 74.125.226.199: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 17ms, Average = 16ms Server: dns-cac-lb-01.rr.com Address: 209.18.47.61 Name: yahoo.com Addresses: 98.139.183.24 206.190.36.45 98.138.253.109 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=114ms TTL=46 Reply from 206.190.36.45: bytes=32 time=101ms TTL=46 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 101ms, Maximum = 114ms, Average = 107ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 11 ...00 23 4e d6 ae 5e ...... 11b/g Wireless LAN Mini PCI Express Adapter III 10 ...de 8d 9a e8 11 00 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) 1 ........................... Software Loopback Interface 1 19 ...00 00 00 00 00 00 00 e0 isatap.westell.com 24 ...00 00 00 00 00 00 00 e0 isatap.{31059A55-7218-49B1-B9B7-AE3BA4F507AE} 16 ...00 00 00 00 00 00 00 e0 6TO4 Adapter 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 17 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2 23 ...00 00 00 00 00 00 00 e0 isatap.{E0CCB94B-8B1B-43C9-A419-B206FF0414D5} =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 10 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.3 266 192.168.0.3 255.255.255.255 On-link 192.168.0.3 266 192.168.0.255 255.255.255.255 On-link 192.168.0.3 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.3 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.3 266 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 18 ::/0 On-link 1 306 ::1/128 On-link 12 18 2001::/32 On-link 12 266 2001:0:9d38:6abd:c6a:38eb:3f57:fffc/128 On-link 10 266 fe80::/64 On-link 12 266 fe80::/64 On-link 12 266 fe80::c6a:38eb:3f57:fffc/128 On-link 10 266 fe80::c880:abe0:3608:1c88/128 On-link 1 306 ff00::/8 On-link 12 266 ff00::/8 On-link 10 266 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation) Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation) Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation) Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/23/2014 05:56:36 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/21/2014 07:55:16 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/21/2014 07:52:56 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. Error: (04/21/2014 07:29:31 PM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (04/21/2014 07:29:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/20/2014 07:49:06 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/15/2014 03:52:36 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module IEFRAME.dll, version 9.0.8112.16545, time stamp 0x531a5395, exception code 0xc0000005, fault offset 0x00119ef1, process id 0x1618, application start time 0xiexplore.exe0. Error: (04/15/2014 10:30:22 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2014 03:44:23 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/29/2014 09:17:35 PM) (Source: Application Error) (User: ) Description: Faulting application MotoHelperService.exe, version 2.3.8.0, time stamp 0x52862eb0, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000008, fault offset 0x000744cc, process id 0xae0, application start time 0xMotoHelperService.exe0. System errors: ============= Error: (04/24/2014 07:07:46 PM) (Source: WPDMTPDriver) (User: ) Description: MTP WPD Driver0x80070002 Error: (04/24/2014 07:07:44 PM) (Source: WPDMTPDriver) (User: ) Description: MTP WPD Driver0x80070005 Error: (04/23/2014 06:14:02 PM) (Source: Service Control Manager) (User: ) Description: 30000SysMain Error: (04/23/2014 06:13:33 PM) (Source: Service Control Manager) (User: ) Description: 30000TrkWks Error: (04/23/2014 06:12:15 PM) (Source: Service Control Manager) (User: ) Description: 30000SysMain Error: (04/23/2014 06:11:45 PM) (Source: Service Control Manager) (User: ) Description: 30000TrkWks Error: (04/23/2014 06:04:56 PM) (Source: Service Control Manager) (User: ) Description: Windows Update Error: (04/23/2014 05:58:00 PM) (Source: Service Control Manager) (User: ) Description: tvtumon Error: (04/23/2014 05:57:31 PM) (Source: Service Control Manager) (User: ) Description: System Update%%1053 Error: (04/23/2014 05:57:31 PM) (Source: Service Control Manager) (User: ) Description: 30000System Update Microsoft Office Sessions: ========================= Error: (02/15/2014 09:00:47 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 126691 seconds with 840 seconds of active time. This session ended with a crash. Error: (03/18/2013 02:48:25 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33386 seconds with 180 seconds of active time. This session ended with a crash. Error: (02/05/2011 00:23:18 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4952 seconds with 360 seconds of active time. This session ended with a crash. Error: (01/03/2011 01:01:33 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7120 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/20/2010 01:32:00 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10678 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/15/2010 09:04:12 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5344 seconds with 420 seconds of active time. This session ended with a crash. Error: (06/21/2010 00:45:29 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21642 seconds with 60 seconds of active time. This session ended with a crash. Error: (06/17/2010 04:17:36 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10056 seconds with 360 seconds of active time. This session ended with a crash. Error: (12/05/2009 06:33:32 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash. Error: (08/12/2009 00:03:52 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 349 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-04-20 14:24:21.472 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:21.242 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:21.010 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:20.782 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:20.554 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:20.324 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:20.019 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:19.792 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:19.561 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-04-20 14:24:19.333 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. **** End of log **** Farbar Service Scanner Version: 25-02-2014 Ran by lisa (administrator) on 24-04-2014 at 20:29:06 Running from "C:\Users\lisa\Desktop" Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Security Center Notification Icon =====> HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC}\\"AutoStart" value does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  7. ok. I already have FSS on my computer. I will have to look for the minitoolbox . Will post my findings tomorrow.
  8. Nevermind...I also found FRST on my computer from before. The filename threw me off which is why I didn't figure it out the first time. Well its a good thing I don't delete anything. Here is the log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2014 Ran by lisa (administrator) on 22-04-2014 18:35:27 Running from C:\Users\lisa\Desktop\Scan logs Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo) C:\Windows\system32\ibmpmsvc.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe () C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo.) C:\Windows\System32\TPHDEXLG.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe (Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Roxio) C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-04-10] (Synaptics, Inc.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.) HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited) HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.) HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited) HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions) HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe [1116920 2007-03-13] (Roxio) HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO) HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [632096 2008-10-26] (Lenovo Group Limited) HKLM\...\Run: [bLOG] => C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL [214576 2008-10-26] () HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3077432 2008-06-25] (Lenovo Group Limited) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.) HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-09] (AVAST Software) HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.) HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20591230DA5BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKCU - {2A3C7159-BAEF-4967-8A45-C370CD92A100} URL = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811_yhs3tst&p={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\lisa\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF StartMenuInternet: FIREFOX.EXE - firefox.exe ========================== Services (Whitelisted) ================= R2 ASLDRService; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-09] (AVAST Software) R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-20] () S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions) S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2008-06-13] (Lenovo) R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) S3 CACLEARWIRE; "C:\Program Files\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" [X] S3 CLEARWIRERcAppSvc; "C:\Program Files\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" [X] S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] ==================== Drivers (Whitelisted) ==================== R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-09] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-09] () S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [340992 2011-05-19] (Beceem communications pvt ltd.) S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [48768 2011-05-19] (Beceem communications pvt ltd.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-04-20] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\A0101V32.sys [7680 2006-12-14] (ATK0100) R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2008-10-26] () U3 TrueSight; C:\Windows\system32\drivers\TrueSight.sys [15616 2013-02-17] () U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) S3 catchme; \??\C:\Users\linda\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 motport; system32\DRIVERS\motport.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-20 21:16 - 2014-04-20 21:20 - 00000000 ____D () C:\Users\lisa\Desktop\computer logs for 4-20-14 2014-04-20 20:55 - 2014-04-20 20:55 - 00009971 _____ () C:\Users\lisa\Desktop\attach.txt 2014-04-20 20:55 - 2014-04-20 20:54 - 00011333 _____ () C:\Users\lisa\Desktop\dds.txt 2014-04-20 12:04 - 2014-04-20 20:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-04-15 10:24 - 2014-04-15 10:24 - 00049152 ____H () C:\Users\lisa\Desktop\~WRL0028.tmp 2014-04-14 02:36 - 2014-04-14 02:36 - 00030720 _____ () C:\Users\lisa\Desktop\~WRD1038.tmp 2014-04-11 16:09 - 2014-04-11 16:09 - 00000787 _____ () C:\Users\lisa\Desktop\CIMG0237 - Shortcut.lnk 2014-04-10 03:16 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-10 03:16 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-10 03:16 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-10 03:16 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-10 03:16 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-10 03:16 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 03:16 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-10 03:16 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 03:16 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-10 03:16 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-10 03:16 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-10 03:16 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-10 03:16 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 03:16 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 03:16 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-10 03:15 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 04:56 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-08 20:38 - 2014-04-08 23:43 - 00033280 ____H () C:\Users\lisa\Desktop\~WRL0731.tmp 2014-04-01 23:23 - 2014-04-01 23:23 - 00000054 _____ () C:\Users\lisa\AppData\Roaming\mbam.context.scan 2014-03-29 09:22 - 2014-03-29 09:22 - 03347378 _____ () C:\Users\lisa\Downloads\attachments_2014_03_29.zip 2014-03-27 09:26 - 2014-03-27 09:29 - 00268852 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-03-26 00:04 - 2014-03-26 00:04 - 00000000 ____D () C:\Program Files\Telecom Logic 2014-03-25 23:27 - 2014-03-25 23:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motport_01009.Wdf 2014-03-25 21:15 - 2014-03-25 21:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-03-25 20:41 - 2009-07-14 08:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll 2014-03-25 20:41 - 2009-07-13 19:51 - 00034944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys 2014-03-25 20:32 - 2014-03-25 20:32 - 00000000 ____D () C:\ProgramData\Motorola 2014-03-25 20:14 - 2014-03-25 20:14 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola Mobility 2014-03-25 20:10 - 2014-03-25 20:13 - 00000000 ____D () C:\Program Files\Motorola Mobility 2014-03-25 20:10 - 2014-03-25 20:10 - 00000000 ____D () C:\Program Files\Motorola 2014-03-25 19:55 - 2014-03-25 19:55 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared 2014-03-25 19:36 - 2014-03-25 19:36 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola 2014-03-25 18:47 - 2014-03-25 18:51 - 00000000 ____D () C:\Users\lisa\Desktop\moto device mgr ==================== One Month Modified Files and Folders ======= 2014-04-22 18:35 - 2014-02-09 18:53 - 00000000 ____D () C:\FRST 2014-04-22 18:26 - 2013-07-01 12:35 - 02409600 _____ () C:\Windows\system32\TPAPSLOG.LOG 2014-04-22 17:54 - 2006-11-02 08:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-22 17:54 - 2006-11-02 08:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-22 14:05 - 2009-01-15 19:25 - 01829774 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 19:53 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-21 19:27 - 2008-01-20 23:02 - 00122058 _____ () C:\Windows\PFRO.log 2014-04-21 19:25 - 2006-11-02 08:58 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-20 21:20 - 2014-04-20 21:16 - 00000000 ____D () C:\Users\lisa\Desktop\computer logs for 4-20-14 2014-04-20 20:55 - 2014-04-20 20:55 - 00009971 _____ () C:\Users\lisa\Desktop\attach.txt 2014-04-20 20:54 - 2014-04-20 20:55 - 00011333 _____ () C:\Users\lisa\Desktop\dds.txt 2014-04-20 20:26 - 2014-04-20 12:04 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-04-20 19:47 - 2009-03-14 16:12 - 00000000 ____D () C:\Windows\SHELLNEW 2014-04-15 10:24 - 2014-04-15 10:24 - 00049152 ____H () C:\Users\lisa\Desktop\~WRL0028.tmp 2014-04-14 02:36 - 2014-04-14 02:36 - 00030720 _____ () C:\Users\lisa\Desktop\~WRD1038.tmp 2014-04-13 21:35 - 2013-09-06 00:50 - 00000000 ____D () C:\Users\lisa\Desktop\Complaint letters 2014-04-11 16:09 - 2014-04-11 16:09 - 00000787 _____ () C:\Users\lisa\Desktop\CIMG0237 - Shortcut.lnk 2014-04-10 03:18 - 2009-01-15 19:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-10 03:12 - 2013-07-26 02:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 03:08 - 2006-11-02 06:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-04-08 23:43 - 2014-04-08 20:38 - 00033280 ____H () C:\Users\lisa\Desktop\~WRL0731.tmp 2014-04-05 21:12 - 2014-02-16 19:53 - 00000000 ____D () C:\Users\lisa\Desktop\Resumes 2014-04-03 08:37 - 2014-03-20 18:56 - 00000000 ____D () C:\Users\lisa\Desktop\New Folder 2014-04-01 23:23 - 2014-04-01 23:23 - 00000054 _____ () C:\Users\lisa\AppData\Roaming\mbam.context.scan 2014-03-31 23:27 - 2009-01-15 19:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-03-31 09:35 - 2010-01-19 15:28 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-29 20:23 - 2006-11-02 08:49 - 00119256 _____ () C:\Windows\setupact.log 2014-03-29 09:22 - 2014-03-29 09:22 - 03347378 _____ () C:\Users\lisa\Downloads\attachments_2014_03_29.zip 2014-03-27 09:29 - 2014-03-27 09:26 - 00268852 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-03-26 00:04 - 2014-03-26 00:04 - 00000000 ____D () C:\Program Files\Telecom Logic 2014-03-25 23:27 - 2014-03-25 23:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motport_01009.Wdf 2014-03-25 21:15 - 2014-03-25 21:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-03-25 20:32 - 2014-03-25 20:32 - 00000000 ____D () C:\ProgramData\Motorola 2014-03-25 20:14 - 2014-03-25 20:14 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola Mobility 2014-03-25 20:13 - 2014-03-25 20:10 - 00000000 ____D () C:\Program Files\Motorola Mobility 2014-03-25 20:10 - 2014-03-25 20:10 - 00000000 ____D () C:\Program Files\Motorola 2014-03-25 20:08 - 2009-02-21 20:15 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-03-25 20:06 - 2009-01-25 12:19 - 00000000 ____D () C:\Users\lisa 2014-03-25 19:55 - 2014-03-25 19:55 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared 2014-03-25 19:36 - 2014-03-25 19:36 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola 2014-03-25 18:51 - 2014-03-25 18:47 - 00000000 ____D () C:\Users\lisa\Desktop\moto device mgr Some content of TEMP: ==================== C:\Users\lisa\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-22 08:49 ==================== End Of Log ============================
  9. ok. I wasn't able to do this today because I need another computer,but I will tomorrow. Will post the logs then.
  10. Sigh... unfortunately I cannot download the program. I even tried it in safemode and I still can't do it. Maybe I have to download the program on to a flash drive in order to be able to do so? What other options do I have?
  11. I just started having this problem where I can not download attachments from emails and programs and also pictures etc. It just says "file name" couldn't be downloaded- with no explanation. Oddly enough, I am able to update antivirus programs with no problem. Luckily for me I already had security check and DDS on my computer so I didn't need to worry about downloading it. Here are my logs: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.20.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 lisa :: [administrator] 4/20/2014 12:47:17 PM mbam-log-2014-04-20 (12-47-17).txt Scan type: Full scan (C:\|E:\|Q:\|S:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 445755 Time elapsed: 2 hour(s), 4 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\lisa\AppData\Local\temp\CT3319613 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. Files Detected: 17 C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEJAZVZ1\InstallConverter_TSV23YSKD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIIHZ9CK\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZ0ASS8Z\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\lisa\AppData\Local\temp\nsr2190.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\lisa\AppData\Local\temp\nsw669A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\lisa\AppData\Local\temp\nsg2F64\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\lisa\AppData\Local\temp\CT3319613\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end) DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16545 Run by lisa at 20:45:12 on 2014-04-20 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.989.87 [GMT -4:00] . AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\ibmpmsvc.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\SLsvc.exe C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\DDNI\DIBS\DDNIService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\System32\TPHDEXLG.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uSearchURL,(Default) = hxxp://www.google.com BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe" mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui uPolicies-Explorer: NoDriveTypeAutoRun = dword:36 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{B3153CBC-4491-4F1D-9859-82E008188C6F} : DHCPNameServer = 66.233.174.12 75.94.255.12 TCP: Interfaces\{E0CCB94B-8B1B-43C9-A419-B206FF0414D5} : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-26 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-26 180248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-30 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-30 410528] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-30 67824] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-15 112128] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2011-5-19 340992] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2011-5-19 48768] . =============== Created Last 30 ================ . 2014-04-20 16:04:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2014-04-18 14:19:05 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b245ff4c-81ea-4266-83d3-43a8593f9570}\mpengine.dll 2014-03-26 04:04:19 -------- d-----w- c:\program files\Telecom Logic 2014-03-26 00:41:53 16896 ----a-w- c:\windows\system32\winusb.dll 2014-03-26 00:41:38 34944 ----a-w- c:\windows\system32\drivers\winusb.sys 2014-03-26 00:32:03 -------- d-----w- c:\programdata\Motorola 2014-03-26 00:14:38 -------- d-----w- c:\users\lisa\appdata\roaming\Motorola Mobility 2014-03-26 00:14:37 -------- d-----w- C:\Temp 2014-03-26 00:10:40 -------- d-----w- c:\program files\Motorola 2014-03-26 00:10:21 -------- d-----w- c:\program files\Motorola Mobility 2014-03-25 23:55:31 -------- d-----w- c:\program files\common files\Motorola Shared 2014-03-25 23:36:43 -------- d-----w- c:\users\lisa\appdata\roaming\Motorola . ==================== Find3M ==================== . 2014-03-31 13:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll 2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll 2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll 2014-03-07 22:52:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2014-02-07 10:38:44 2050560 ----a-w- c:\windows\system32\win32k.sys 2014-02-03 10:37:54 505344 ----a-w- c:\windows\system32\qedit.dll 2014-01-30 07:46:58 876032 ----a-w- c:\windows\system32\wer.dll . ============= FINISH: 20:54:13.67 =============== Results of screen317's Security Check version 0.99.60 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 17 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  12. Nothing else has happened but....I have not streamed any movies or tv shows since all this happened. Should I bite the bullet and start watching my shows again? Am I putting my computer at risk by watching tv shows from legit websites online? Is there a extra safeguard or program for those who watch shows from netflix or other legit websites? I will work on the java updates first thing tomorrow.
  13. Sorry for the delay.Here are my logs: AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1046816 2014-02-03] (Conduit) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F44E8D7370= SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2317600 2014-02-03] (Conduit) S1 MpKsl150dfa64; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00A57C1-6331-4B62-A14C-29B873A446C2}\MpKsl150dfa64.sys [X] S1 MpKsl82e61415; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00A57C1-6331-4B62-A14C-29B873A446C2}\MpKsl82e61415.sys [X] S1 MpKsl8dab591e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B49B169-E044-408E-B0E3-2AEB12920146}\MpKsl8dab591e.sys [X] S1 MpKslf75a6d20; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00A57C1-6331-4B62-A14C-29B873A446C2}\MpKslf75a6d20.sys [X] S1 MpKslfe0e3919; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B49B169-E044-408E-B0E3-2AEB12920146}\MpKslfe0e3919.sys [X] U3 mbr; \??\C:\Users\lisa\AppData\Local\Temp\mbr.sys [X] end ***************** C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe => No running process found C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe => No running process found C:\Program Files\SearchProtect\UI\bin\cltmngui.exe => No running process found "C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully. HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found. CltMngSvc => Service not found. MpKsl150dfa64 => Service deleted successfully. MpKsl82e61415 => Service deleted successfully. MpKsl8dab591e => Service deleted successfully. MpKslf75a6d20 => Service deleted successfully. MpKslfe0e3919 => Service deleted successfully. mbr => Service not found. ==== End of Fixlog ==== Results of screen317's Security Check version 0.99.79 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 17 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  14. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014 03 Ran by lisa (administrator) on 09-02-2014 17:56:16 Running from C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIIHZ9CK Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo) C:\Windows\system32\ibmpmsvc.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe () C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe () C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo.) C:\Windows\System32\TPHDEXLG.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe (Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Roxio) C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe (Conduit) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe (Conduit) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-04-10] (Synaptics, Inc.) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.) HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited) HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.) HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited) HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions) HKLM\...\Run: [RoxioDragToDisc] - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe [1116920 2007-03-13] (Roxio) HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO) HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [632096 2008-10-26] (Lenovo Group Limited) HKLM\...\Run: [bLOG] - C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL [214576 2008-10-26] () HKLM\...\Run: [ACWlIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [148768 2008-10-27] (Lenovo) HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3077432 2008-06-25] (Lenovo Group Limited) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.) HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-09] (AVAST Software) HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\3517e38f-fe1f-41f5-a72b-e6725cf87c9f.exe /check [181136 2014-01-30] (AVAST Software) HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\Run: [cdloader] - C:\Users\linda\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.) HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\Run: [Logitech Vid] - C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.) HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe [697272 2012-12-22] (Adobe Systems Incorporated) HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1046816 2014-02-03] (Conduit) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F44E8D7370= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...rms}&FORM=LENIE SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...archTerms}= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...archTerms}= SearchScopes: HKCU - {2A3C7159-BAEF-4967-8A45-C370CD92A100} URL = http://us.yhs4.searc...&p={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 ========================== Services (Whitelisted) ================= R2 ASLDRService; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-09] (AVAST Software) R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2317600 2014-02-03] (Conduit) R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-20] () S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions) S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2008-06-13] (Lenovo) R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) S3 CACLEARWIRE; "C:\Program Files\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" [X] S3 CLEARWIRERcAppSvc; "C:\Program Files\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" [X] S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] ==================== Drivers (Whitelisted) ==================== R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-09] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-09] () S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [340992 2011-05-19] (Beceem communications pvt ltd.) S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [48768 2011-05-19] (Beceem communications pvt ltd.) R3 MTsensor; C:\Windows\System32\DRIVERS\A0101V32.sys [7680 2006-12-14] (ATK0100) R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2008-10-26] () U3 TrueSight; C:\Windows\system32\drivers\TrueSight.sys [15616 2013-02-17] () U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) S3 catchme; \??\C:\Users\lisa\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S1 MpKsl150dfa64; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00A57C1-6331-4B62-A14C-29B873A446C2}\MpKsl150dfa64.sys [X] S1 MpKsl82e61415; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00A57C1-6331-4B62-A14C-29B873A446C2}\MpKsl82e61415.sys [X] S1 MpKsl8dab591e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B49B169-E044-408E-B0E3-2AEB12920146}\MpKsl8dab591e.sys [X] S1 MpKslf75a6d20; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00A57C1-6331-4B62-A14C-29B873A446C2}\MpKslf75a6d20.sys [X] S1 MpKslfe0e3919; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B49B169-E044-408E-B0E3-2AEB12920146}\MpKslfe0e3919.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X] U3 mbr; \??\C:\Users\lisa\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-09 17:53 - 2014-02-09 17:56 - 00000000 ____D () C:\FRST 2014-02-09 17:32 - 2014-02-09 17:32 - 00000000 ____D () C:\Users\lisa\AppData\Local\SearchProtect 2014-02-09 17:32 - 2014-02-09 17:32 - 00000000 ____D () C:\Program Files\SearchProtect 2014-02-08 23:50 - 2014-02-08 23:50 - 00011195 _____ () C:\Users\lisa\Desktop\DDS notepad 2-8-14.txt 2014-02-08 23:49 - 2014-02-08 23:49 - 00011296 _____ () C:\Users\lisa\Desktop\DDS Attach 2-8-14.txt 2014-02-08 23:47 - 2014-02-08 23:47 - 00011296 _____ () C:\Users\lisa\Desktop\attach.txt 2014-02-08 23:47 - 2014-02-08 23:47 - 00011195 _____ () C:\Users\lisa\Desktop\dds.txt 2014-02-08 23:37 - 2014-02-08 23:37 - 00987425 _____ () C:\Users\lisa\Downloads\SecurityCheck (3).exe 2014-02-08 23:34 - 2014-02-08 23:34 - 00688992 ____R (Swearware) C:\Users\lisa\Downloads\dds.scr 2014-01-25 16:12 - 2014-01-25 16:12 - 00146136 _____ () C:\Windows\Minidump\Mini012514-01.dmp ==================== One Month Modified Files and Folders ======= 2014-02-09 17:56 - 2014-02-09 17:53 - 00000000 ____D () C:\FRST 2014-02-09 17:56 - 2009-01-15 18:25 - 01074957 _____ () C:\Windows\WindowsUpdate.log 2014-02-09 17:42 - 2013-07-01 11:35 - 01727552 _____ () C:\Windows\system32\TPAPSLOG.LOG 2014-02-09 17:32 - 2014-02-09 17:32 - 00000000 ____D () C:\Users\lisa\AppData\Local\SearchProtect 2014-02-09 17:32 - 2014-02-09 17:32 - 00000000 ____D () C:\Program Files\SearchProtect 2014-02-09 16:33 - 2006-11-02 07:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-09 16:33 - 2006-11-02 07:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-08 23:50 - 2014-02-08 23:50 - 00011195 _____ () C:\Users\lisa\Desktop\DDS notepad 2-8-14.txt 2014-02-08 23:49 - 2014-02-08 23:49 - 00011296 _____ () C:\Users\lisa\Desktop\DDS Attach 2-8-14.txt 2014-02-08 23:47 - 2014-02-08 23:47 - 00011296 _____ () C:\Users\lisa\Desktop\attach.txt 2014-02-08 23:47 - 2014-02-08 23:47 - 00011195 _____ () C:\Users\lisa\Desktop\dds.txt 2014-02-08 23:37 - 2014-02-08 23:37 - 00987425 _____ () C:\Users\lisa\Downloads\SecurityCheck (3).exe 2014-02-08 23:34 - 2014-02-08 23:34 - 00688992 ____R (Swearware) C:\Users\lisa\Downloads\dds.scr 2014-02-02 22:43 - 2013-07-12 23:24 - 00059392 ____H () C:\Users\lisa\Desktop\~WRL3015.tmp 2014-01-31 21:20 - 2013-10-10 15:57 - 00061952 ____H () C:\Users\lisa\Desktop\~WRL0026.tmp 2014-01-25 16:12 - 2014-01-25 16:12 - 00146136 _____ () C:\Windows\Minidump\Mini012514-01.dmp 2014-01-25 16:12 - 2009-05-03 18:31 - 175247475 _____ () C:\Windows\MEMORY.DMP 2014-01-25 16:12 - 2009-05-03 18:31 - 00000000 ____D () C:\Windows\Minidump 2014-01-25 16:12 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-01-15 03:50 - 2008-01-20 22:02 - 00112758 _____ () C:\Windows\PFRO.log 2014-01-15 03:47 - 2006-11-02 07:58 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-15 03:24 - 2009-01-15 18:58 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-15 03:18 - 2013-07-26 01:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 03:10 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-01-12 22:53 - 2013-01-26 20:44 - 00000000 ____D () C:\Users\lisa\Documents\Landlord info 2014-01-10 21:03 - 2013-10-09 20:45 - 00079872 ____H () C:\Users\lisa\Desktop\~WRL4001.tmp Some content of TEMP: ==================== C:\Users\lisa\AppData\Local\temp\nsr2190.exe C:\Users\lisa\AppData\Local\temp\nsw669A.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-09 08:05 ==================== End Of Log ============================ # AdwCleaner v3.018 - Report created 09/02/2014 at 21:37:48 # Updated 28/01/2014 by Xplode # Operating System : Windows Vista Home Basic Service Pack 2 (32 bits) # Username : lisa # Running from : C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEJAZVZ1\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : CltMngSvc ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Searchprotect Folder Deleted : C:\Users\lisa\AppData\Local\Searchprotect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [] ************************* AdwCleaner[R0].txt - [1518 octets] - [09/02/2014 19:41:12] AdwCleaner[R1].txt - [1744 octets] - [09/02/2014 21:35:47] AdwCleaner[s0].txt - [1472 octets] - [09/02/2014 21:37:48] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1532 octets] ########## Addition.txt
  15. I just did a scan with avast antivirus and no threats were found. I am unable to post a log for it. ETA: Hi Nasdaq. I didn't see your post until just now, after I refreshed my browser. I will get started on it and begin following your instructions in the next couple of hours. thanks.