19 replies to this topic

[tiredofmalware1]

I just started having this problem where I can not download attachments from emails and programs and  also pictures etc. It just says "file name" couldn't be downloaded- with no explanation. Oddly enough, I am able to update antivirus programs with no problem. Luckily for me I already had security check and DDS on my computer so I didn't need to worry about downloading it. Here are my logs:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.20.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
lisa :: [administrator]

4/20/2014 12:47:17 PM
mbam-log-2014-04-20 (12-47-17).txt

Scan type: Full scan (C:\|E:\|Q:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445755
Time elapsed: 2 hour(s), 4 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\lisa\AppData\Local\temp\CT3319613 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 17
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEJAZVZ1\InstallConverter_TSV23YSKD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIIHZ9CK\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZ0ASS8Z\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\lisa\AppData\Local\temp\nsr2190.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\lisa\AppData\Local\temp\nsw669A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\lisa\AppData\Local\temp\nsg2F64\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\lisa\AppData\Local\temp\CT3319613\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545
Run by lisa at 20:45:12 on 2014-04-20
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.989.87 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:36
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B3153CBC-4491-4F1D-9859-82E008188C6F} : DHCPNameServer = 66.233.174.12 75.94.255.12
TCP: Interfaces\{E0CCB94B-8B1B-43C9-A419-B206FF0414D5} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-26 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-26 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-30 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-30 410528]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-30 67824]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-15 112128]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2011-5-19 340992]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2011-5-19 48768]
.
=============== Created Last 30 ================
.
2014-04-20 16:04:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-18 14:19:05 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b245ff4c-81ea-4266-83d3-43a8593f9570}\mpengine.dll
2014-03-26 04:04:19 -------- d-----w- c:\program files\Telecom Logic
2014-03-26 00:41:53 16896 ----a-w- c:\windows\system32\winusb.dll
2014-03-26 00:41:38 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2014-03-26 00:32:03 -------- d-----w- c:\programdata\Motorola
2014-03-26 00:14:38 -------- d-----w- c:\users\lisa\appdata\roaming\Motorola Mobility
2014-03-26 00:14:37 -------- d-----w- C:\Temp
2014-03-26 00:10:40 -------- d-----w- c:\program files\Motorola
2014-03-26 00:10:21 -------- d-----w- c:\program files\Motorola Mobility
2014-03-25 23:55:31 -------- d-----w- c:\program files\common files\Motorola Shared
2014-03-25 23:36:43 -------- d-----w- c:\users\lisa\appdata\roaming\Motorola
.
==================== Find3M  ====================
.
2014-03-31 13:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-03-07 22:52:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-07 10:38:44 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37:54 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46:58 876032 ----a-w- c:\windows\system32\wer.dll
.
============= FINISH: 20:54:13.67 ===============
 

 

Results of screen317's Security Check version 0.99.60 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 17 
 Java version out of Date!
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbam.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

 

[nasdaq]

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

[tiredofmalware1]

Sigh... unfortunately I cannot download the program. I even tried it in safemode and I still can't do it. Maybe I have to download the program on to a flash drive in order to be able to do so? What other options do I have?

[nasdaq]

If you can use a good computer and download the tool to a flash drive.

Copy the file to the Desktop of the infected computer and run it.

Post the log.

[tiredofmalware1]

ok. I wasn't able to do this today because I need another computer,but I will tomorrow. Will post the logs then.

[tiredofmalware1]

Nevermind...I also found FRST on my computer from before. The filename threw me off which is why I didn't figure it out the first time. Well its a good thing I don't delete anything. Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2014
Ran by lisa (administrator) on 22-04-2014 18:35:27
Running from C:\Users\lisa\Desktop\Scan logs
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\system32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Roxio) C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-04-10] (Synaptics, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-23] (Lenovo Group Limited)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [242976 2008-06-04] (Lenovo Group Ltd.)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe [1116920 2007-03-13] (Roxio)
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [419376 2007-02-01] (LENOVO)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [632096 2008-10-26] (Lenovo Group Limited)
HKLM\...\Run: [BLOG] => C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL [214576 2008-10-26] ()
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3077432 2008-06-25] (Lenovo Group Limited)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-09] (AVAST Software)
HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-171438943-3973964762-3527317486-1003\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20591230DA5BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {2A3C7159-BAEF-4967-8A45-C370CD92A100} URL = http://us.yhs4.searc...&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\lisa\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-30] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-09] (AVAST Software)
R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.)
R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-20] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2008-06-13] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 CACLEARWIRE; "C:\Program Files\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" [X]
S3 CLEARWIRERcAppSvc; "C:\Program Files\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-09] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-09] ()
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [340992 2011-05-19] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [48768 2011-05-19] (Beceem communications pvt ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-04-20] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\A0101V32.sys [7680 2006-12-14] (ATK0100)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [12080 2008-10-26] ()
U3 TrueSight; C:\Windows\system32\drivers\TrueSight.sys [15616 2013-02-17] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\linda\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 motport; system32\DRIVERS\motport.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-20 21:16 - 2014-04-20 21:20 - 00000000 ____D () C:\Users\lisa\Desktop\computer logs for  4-20-14
2014-04-20 20:55 - 2014-04-20 20:55 - 00009971 _____ () C:\Users\lisa\Desktop\attach.txt
2014-04-20 20:55 - 2014-04-20 20:54 - 00011333 _____ () C:\Users\lisa\Desktop\dds.txt
2014-04-20 12:04 - 2014-04-20 20:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-04-15 10:24 - 2014-04-15 10:24 - 00049152 ____H () C:\Users\lisa\Desktop\~WRL0028.tmp
2014-04-14 02:36 - 2014-04-14 02:36 - 00030720 _____ () C:\Users\lisa\Desktop\~WRD1038.tmp
2014-04-11 16:09 - 2014-04-11 16:09 - 00000787 _____ () C:\Users\lisa\Desktop\CIMG0237 - Shortcut.lnk
2014-04-10 03:16 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 03:16 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 03:16 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 03:16 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 03:16 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 03:16 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 03:16 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 03:16 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 03:16 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 03:16 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 03:16 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 03:16 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 03:16 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 03:16 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 03:16 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 03:15 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 04:56 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 20:38 - 2014-04-08 23:43 - 00033280 ____H () C:\Users\lisa\Desktop\~WRL0731.tmp
2014-04-01 23:23 - 2014-04-01 23:23 - 00000054 _____ () C:\Users\lisa\AppData\Roaming\mbam.context.scan
2014-03-29 09:22 - 2014-03-29 09:22 - 03347378 _____ () C:\Users\lisa\Downloads\attachments_2014_03_29.zip
2014-03-27 09:26 - 2014-03-27 09:29 - 00268852 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-26 00:04 - 2014-03-26 00:04 - 00000000 ____D () C:\Program Files\Telecom Logic
2014-03-25 23:27 - 2014-03-25 23:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motport_01009.Wdf
2014-03-25 21:15 - 2014-03-25 21:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-03-25 20:41 - 2009-07-14 08:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-03-25 20:41 - 2009-07-13 19:51 - 00034944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2014-03-25 20:32 - 2014-03-25 20:32 - 00000000 ____D () C:\ProgramData\Motorola
2014-03-25 20:14 - 2014-03-25 20:14 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola Mobility
2014-03-25 20:10 - 2014-03-25 20:13 - 00000000 ____D () C:\Program Files\Motorola Mobility
2014-03-25 20:10 - 2014-03-25 20:10 - 00000000 ____D () C:\Program Files\Motorola
2014-03-25 19:55 - 2014-03-25 19:55 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-03-25 19:36 - 2014-03-25 19:36 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola
2014-03-25 18:47 - 2014-03-25 18:51 - 00000000 ____D () C:\Users\lisa\Desktop\moto device mgr

==================== One Month Modified Files and Folders =======

2014-04-22 18:35 - 2014-02-09 18:53 - 00000000 ____D () C:\FRST
2014-04-22 18:26 - 2013-07-01 12:35 - 02409600 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-04-22 17:54 - 2006-11-02 08:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 17:54 - 2006-11-02 08:45 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 14:05 - 2009-01-15 19:25 - 01829774 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 19:53 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 19:27 - 2008-01-20 23:02 - 00122058 _____ () C:\Windows\PFRO.log
2014-04-21 19:25 - 2006-11-02 08:58 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 21:20 - 2014-04-20 21:16 - 00000000 ____D () C:\Users\lisa\Desktop\computer logs for  4-20-14
2014-04-20 20:55 - 2014-04-20 20:55 - 00009971 _____ () C:\Users\lisa\Desktop\attach.txt
2014-04-20 20:54 - 2014-04-20 20:55 - 00011333 _____ () C:\Users\lisa\Desktop\dds.txt
2014-04-20 20:26 - 2014-04-20 12:04 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-04-20 19:47 - 2009-03-14 16:12 - 00000000 ____D () C:\Windows\SHELLNEW
2014-04-15 10:24 - 2014-04-15 10:24 - 00049152 ____H () C:\Users\lisa\Desktop\~WRL0028.tmp
2014-04-14 02:36 - 2014-04-14 02:36 - 00030720 _____ () C:\Users\lisa\Desktop\~WRD1038.tmp
2014-04-13 21:35 - 2013-09-06 00:50 - 00000000 ____D () C:\Users\lisa\Desktop\Complaint letters
2014-04-11 16:09 - 2014-04-11 16:09 - 00000787 _____ () C:\Users\lisa\Desktop\CIMG0237 - Shortcut.lnk
2014-04-10 03:18 - 2009-01-15 19:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:12 - 2013-07-26 02:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:08 - 2006-11-02 06:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-08 23:43 - 2014-04-08 20:38 - 00033280 ____H () C:\Users\lisa\Desktop\~WRL0731.tmp
2014-04-05 21:12 - 2014-02-16 19:53 - 00000000 ____D () C:\Users\lisa\Desktop\Resumes
2014-04-03 08:37 - 2014-03-20 18:56 - 00000000 ____D () C:\Users\lisa\Desktop\New Folder
2014-04-01 23:23 - 2014-04-01 23:23 - 00000054 _____ () C:\Users\lisa\AppData\Roaming\mbam.context.scan
2014-03-31 23:27 - 2009-01-15 19:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-31 09:35 - 2010-01-19 15:28 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-29 20:23 - 2006-11-02 08:49 - 00119256 _____ () C:\Windows\setupact.log
2014-03-29 09:22 - 2014-03-29 09:22 - 03347378 _____ () C:\Users\lisa\Downloads\attachments_2014_03_29.zip
2014-03-27 09:29 - 2014-03-27 09:26 - 00268852 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-26 00:04 - 2014-03-26 00:04 - 00000000 ____D () C:\Program Files\Telecom Logic
2014-03-25 23:27 - 2014-03-25 23:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motport_01009.Wdf
2014-03-25 21:15 - 2014-03-25 21:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-03-25 20:32 - 2014-03-25 20:32 - 00000000 ____D () C:\ProgramData\Motorola
2014-03-25 20:14 - 2014-03-25 20:14 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola Mobility
2014-03-25 20:13 - 2014-03-25 20:10 - 00000000 ____D () C:\Program Files\Motorola Mobility
2014-03-25 20:10 - 2014-03-25 20:10 - 00000000 ____D () C:\Program Files\Motorola
2014-03-25 20:08 - 2009-02-21 20:15 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-25 20:06 - 2009-01-25 12:19 - 00000000 ____D () C:\Users\lisa
2014-03-25 19:55 - 2014-03-25 19:55 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-03-25 19:36 - 2014-03-25 19:36 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Motorola
2014-03-25 18:51 - 2014-03-25 18:47 - 00000000 ____D () C:\Users\lisa\Desktop\moto device mgr

Some content of TEMP:
====================
C:\Users\lisa\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-22 08:49

==================== End Of Log ============================

Edited by tiredofmalware1, 22 April 2014 - 05:04 PM.

[nasdaq]

No restrictions for download were found.

You will need to download these from a good computer.
Copy them to the Desktop of the problem computer.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

===

Download and run this one also.
Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List last 10 Event Viewer log
• List content of Hosts
• List IP Configuration
• List Winsock Entries
• Click Go and copy/paste the log (Result.txt) into your next post.
• Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

[tiredofmalware1]

ok. I already have FSS on my computer. I will have to look for the minitoolbox . Will post my findings tomorrow.

[tiredofmalware1]

MiniToolBox by Farbar  Version: 23-01-2014
Ran by lisa (administrator) on 24-04-2014 at 19:18:46
Running from "C:\Users\lisa\Desktop"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
11b/g Wireless LAN Mini PCI Express Adapter III = Wireless Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Ann
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter III
   Physical Address. . . . . . . . . : 00-23-4E-D6-AE-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : DE-8D-9A-E8-11-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c880:abe0:3608:1c88%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, April 23, 2014 5:55:08 PM
   Lease Expires . . . . . . . . . . : Thursday, April 24, 2014 8:12:10 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 167781204
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-01-7F-1F-00-23-4E-D6-AE-5E
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.westell.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{31059A55-7218-49B1-B9B7-AE3BA4F507AE}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:c6a:38eb:3f57:fffc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c6a:38eb:3f57:fffc%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{E0CCB94B-8B1B-43C9-A419-B206FF0414D5}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4006:800::1001
   74.125.226.164
   74.125.226.165
   74.125.226.166
   74.125.226.167
   74.125.226.168
   74.125.226.169
   74.125.226.174
   74.125.226.160
   74.125.226.161
   74.125.226.162
   74.125.226.163

 

Pinging google.com [74.125.226.199] with 32 bytes of data:

Reply from 74.125.226.199: bytes=32 time=17ms TTL=54

Reply from 74.125.226.199: bytes=32 time=15ms TTL=54

 

Ping statistics for 74.125.226.199:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 15ms, Maximum = 17ms, Average = 16ms

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=114ms TTL=46

Reply from 206.190.36.45: bytes=32 time=101ms TTL=46

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 101ms, Maximum = 114ms, Average = 107ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 23 4e d6 ae 5e ...... 11b/g Wireless LAN Mini PCI Express Adapter III
 10 ...de 8d 9a e8 11 00 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 19 ...00 00 00 00 00 00 00 e0  isatap.westell.com
 24 ...00 00 00 00 00 00 00 e0  isatap.{31059A55-7218-49B1-B9B7-AE3BA4F507AE}
 16 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 17 ...00 00 00 00 00 00 00 e0  Microsoft 6to4 Adapter #2
 23 ...00 00 00 00 00 00 00 e0  isatap.{E0CCB94B-8B1B-43C9-A419-B206FF0414D5}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    266
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    266
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:9d38:6abd:c6a:38eb:3f57:fffc/128
                                    On-link
 10    266 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::c6a:38eb:3f57:fffc/128
                                    On-link
 10    266 fe80::c880:abe0:3608:1c88/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/23/2014 05:56:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 07:55:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 07:52:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (04/21/2014 07:29:31 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/21/2014 07:29:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 07:49:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 03:52:36 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module IEFRAME.dll, version 9.0.8112.16545, time stamp 0x531a5395, exception code 0xc0000005, fault offset 0x00119ef1,
process id 0x1618, application start time 0xiexplore.exe0.

Error: (04/15/2014 10:30:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2014 03:44:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2014 09:17:35 PM) (Source: Application Error) (User: )
Description: Faulting application MotoHelperService.exe, version 2.3.8.0, time stamp 0x52862eb0, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000008, fault offset 0x000744cc,
process id 0xae0, application start time 0xMotoHelperService.exe0.

System errors:
=============
Error: (04/24/2014 07:07:46 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070002

Error: (04/24/2014 07:07:44 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x80070005

Error: (04/23/2014 06:14:02 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (04/23/2014 06:13:33 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (04/23/2014 06:12:15 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (04/23/2014 06:11:45 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (04/23/2014 06:04:56 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (04/23/2014 05:58:00 PM) (Source: Service Control Manager) (User: )
Description: tvtumon

Error: (04/23/2014 05:57:31 PM) (Source: Service Control Manager) (User: )
Description: System Update%%1053

Error: (04/23/2014 05:57:31 PM) (Source: Service Control Manager) (User: )
Description: 30000System Update

Microsoft Office Sessions:
=========================
Error: (02/15/2014 09:00:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 126691 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (03/18/2013 02:48:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33386 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (02/05/2011 00:23:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4952 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (01/03/2011 01:01:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7120 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/20/2010 01:32:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10678 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/15/2010 09:04:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5344 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (06/21/2010 00:45:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21642 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/17/2010 04:17:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10056 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (12/05/2009 06:33:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/12/2009 00:03:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 349 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-04-20 14:24:21.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:21.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:21.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:20.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:20.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:20.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:20.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:19.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:19.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-20 14:24:19.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

**** End of log ****

 

 

 

 

Farbar Service Scanner Version: 25-02-2014
Ran by lisa (administrator) on 24-04-2014 at 20:29:06
Running from "C:\Users\lisa\Desktop"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Security Center Notification Icon =====> HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC}\\"AutoStart" value does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

[nasdaq]

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Vista and Seven - http://www.howtogeek...system-restore/


Download Vista-action-center-notification-icon-missing.reg.txt file attached.
Place the file on your desktop and rename it Download Vista-action-center-notification-icon-missing.reg
To run it, Double-click on downloaded .reg file and confirm the prompt.
Restart computer.

Run the FSS tool one more time. Post the log for my review.

Let me know if the problem persists.

Attached Files

•  win-vista-action-center-notification-icon-missing.reg.txt   190bytes   73 downloads

[tiredofmalware1]

I forgot to check in yesterday. Since I have to do registry editing, I will wait until tomorrow also because I need to download the new file onto a flash drive.

[tiredofmalware1]

I have the file on flash drive. The link for how to do system restore doesn't work. Can you resend it? I need to look at this first before I can make any changes. Thanks

Edited by tiredofmalware1, 29 April 2014 - 01:53 PM.

[nasdaq]

This is the correct link.

http://windows.micro...a-restore-point

[tiredofmalware1]

Sorry for the delay but I've been REAL busy. Now I created a new restore point. When I changed the name of the registery file and attempted to to run it nothing happens. No prompt nothing. Am I supposed to do this in MSDOS or something?

[nasdaq]

Can you restart the computer in normal mode?

If not try the safe mode.

How to boot to Safe Mode, Vista - Windows 7
http://www.computerh...s/chsafe.htm#03

[tiredofmalware1]

I restarted the computer and I still can't download anything.I wasn't able to do the registry edit.  I just thought about something. I downloaded motorola drivers not to long before this started happening. I even added a device to a port in device manager. Could this have caused the problem? Could I do a system restore like a month or 2 prior?

Edited by tiredofmalware1, 05 May 2014 - 07:53 AM.

[nasdaq]

Could I do a system restore like a month or 2 prior?

Yes if one is available.

You may have to do a Windows update if some of them were installed after the said date.

[tiredofmalware1]

Ok what should I do now? The system restore hasn't worked. I checked and I don't think I can back date as far as I would like.Should I look into the installed motorola drivers? The drivers were installed on my computer for my cell phone.

Edited by tiredofmalware1, 06 May 2014 - 06:52 AM.

[nasdaq]

You may have to install the driver using these instructions.

http://pcsupport.abo...atedrvvista.htm

Read the instructions if you need additional information please ask.

[nasdaq]

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.