Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gray taskbar, no Internet, no audio


  • This topic is locked This topic is locked
19 replies to this topic

#1 mca236

mca236

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 17 May 2015 - 09:34 AM

Hello  :tophat: This is my first post, so please let me know if something is missing or not right.

About a week ago I booted up my ThinkPad to find that: my taskbar is gray, I cannot connect to the Internet, and I get an "Audio Service is not running" error. Likewise, my System Restore is not working. I use the free Avast anti-virus software, which did not find any major infections.
 
I followed the solution to an identical problem in another forum, but I'm now at a point where I need my ComboFix log interpreted. Here it is:
 
____________________________________________________________________________________________________________________
 
 
 
ComboFix 15-05-13.01 - Matt 05/17/2015   9:57.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4007.2417 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-17 to 2015-05-17  )))))))))))))))))))))))))))))))
.
.
2015-05-17 14:05 . 2015-05-17 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-16 15:43 . 2015-05-05 23:52 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-16 15:21 . 2015-05-16 15:21 -------- d-----w- c:\users\Matt\AppData\Local\ElevatedDiagnostics
2015-05-09 20:07 . 2015-05-09 20:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-09 20:07 . 2015-05-09 20:07 -------- d-----w- c:\program files (x86)\Skype
2015-05-09 20:03 . 2015-05-09 20:03 -------- d-----w- c:\program files (x86)\iTunes
2015-05-09 20:03 . 2015-05-09 20:03 -------- d-----w- c:\program files\iPod
2015-05-09 20:03 . 2015-05-09 20:04 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-09 20:03 . 2015-05-09 20:04 -------- d-----w- c:\program files\iTunes
2015-05-09 19:47 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC7445BD-B43C-4215-A944-D13756B546DA}\mpengine.dll
2015-05-05 23:52 . 2015-05-05 23:52 43112 ----a-w- c:\windows\avastSS.scr
2015-04-22 02:23 . 2015-04-22 02:34 -------- d-----w- c:\users\Matt\AppData\Roaming\HandBrake
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-05 23:52 . 2013-12-25 06:57 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-05 23:52 . 2014-04-22 19:13 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-05 23:52 . 2013-03-06 13:10 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-05 23:52 . 2013-03-06 13:10 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-05 23:52 . 2012-03-16 05:52 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-05 23:52 . 2012-03-16 05:52 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-05 23:52 . 2012-03-16 05:52 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-05 23:52 . 2012-03-16 05:52 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-15 23:13 . 2012-03-16 16:14 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-15 02:22 . 2012-05-15 14:42 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 02:22 . 2012-03-15 21:45 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-02 00:17 . 2015-04-15 02:49 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-03-25 03:24 . 2015-04-15 02:53 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 02:53 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 02:53 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 02:53 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 02:53 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 02:53 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 02:53 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 02:53 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 02:53 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 02:53 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 02:53 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 02:53 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 02:53 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 02:53 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 02:53 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 02:53 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 23:50 . 2015-03-23 23:50 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2015-03-23 03:25 . 2015-04-15 02:52 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 02:52 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 02:52 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 02:52 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 02:52 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 02:52 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 02:52 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 02:52 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 05:22 . 2015-04-15 02:51 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:22 . 2015-04-15 02:51 95672 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:22 . 2015-04-15 02:51 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 05:19 . 2015-04-15 02:51 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-15 02:51 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-15 02:51 243712 ----a-w- c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-15 02:51 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-15 02:51 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-15 02:51 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 05:16 . 2015-04-15 02:51 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 05:16 . 2015-04-15 02:51 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 05:16 . 2015-04-15 02:51 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 05:16 . 2015-04-15 02:51 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-15 02:51 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-15 02:51 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 05:16 . 2015-04-15 02:51 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 05:16 . 2015-04-15 02:51 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 05:16 . 2015-04-15 02:51 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-15 02:51 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 05:16 . 2015-04-15 02:51 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 05:16 . 2015-04-15 02:51 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-15 02:51 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-15 02:51 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 05:16 . 2015-04-15 02:51 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-15 02:51 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 05:16 . 2015-04-15 02:51 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-15 02:51 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-15 02:51 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 05:15 . 2015-04-15 02:51 338432 ----a-w- c:\windows\system32\conhost.exe
2015-03-17 05:15 . 2015-04-15 02:51 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 05:13 . 2015-04-15 02:50 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 05:13 . 2015-04-15 02:50 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 05:11 . 2015-04-15 02:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 02:50 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 05:11 . 2015-04-15 02:50 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-17 05:01 . 2015-04-15 02:51 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-05 5515496]
"ZALFree"="c:\program files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" [2014-12-30 8205944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2012-3-21 1134592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(7).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R4 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
R4 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R4 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
R4 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 Update lookinglink;Update lookinglink;c:\program files (x86)\lookinglink\updatelookinglink.exe;c:\program files (x86)\lookinglink\updatelookinglink.exe [x]
R4 Util lookinglink;Util lookinglink;c:\program files (x86)\lookinglink\bin\utillookinglink.exe;c:\program files (x86)\lookinglink\bin\utillookinglink.exe [x]
R4 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys;c:\windows\SYSNATIVE\Drivers\LxrSII1d.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-03 12:19 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 02:22]
.
2015-05-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-05 23:52]
.
2015-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 22:12]
.
2015-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 22:12]
.
2015-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-27 22:12]
.
2015-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-27 22:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-05 23:52 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 15:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 15:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 15:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 15:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 15:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-19 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-19 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-19 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(7).dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 181.196.181.194:3128
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{656461ef-40f6-4115-9ff1-bced9812ccbb} - (no file)
URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f} - c:\program files (x86)\lookinglink\lookinglinkbho.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\LxrSII1s.exe
c:\windows\SysWOW64\SAsrv.exe
.
**************************************************************************
.
Completion time: 2015-05-17  10:17:44 - machine was rebooted
ComboFix-quarantined-files.txt  2015-05-17 14:17
.
Pre-Run: 119,054,565,376 bytes free
Post-Run: 118,944,026,624 bytes free
.
- - End Of File - - 1FAE2485D5D1F2BA33B5105BF3A64E4E

Edited by Queen-Evie, 17 May 2015 - 09:43 AM.
moved from Windows 7 to Malware Removal Logs. CF logs are allowed only in MRL forum


BC AdBot (Login to Remove)

 


m

#2 mca236

mca236
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 17 May 2015 - 09:46 AM

I apologize for the multiple posts. I got a "website is offline" message (probably because my post was too long) and assumed the request didn't go through. Couldn't find a "delete post" option.

 

-- M



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 PM

Posted 22 May 2015 - 09:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576460 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 mca236

mca236
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 22 May 2015 - 07:57 PM

Greetings,

 

1.) I posted a description of my issue at the top. Nothing has changed since.

 

2.) My FRST log is attached.

 

3.) I do not have my original Windows CD.

 

4.) Thank you!

 

 

 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 AM

Posted 30 May 2015 - 01:09 AM

Greetings mca236 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Since only one of the 2 FRST reports was posted I am going to have you run the program again. Please make sure Addition.txt is checked before scanning your computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 mca236

mca236
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 31 May 2015 - 01:43 PM

Hello Gary! Thanks so much for helping me out. You can call me Matt.

 

To summarize, this post contains the following:

-- FRST log (copy/pasted)

-- addition log (copy/pasted)

-- System Summary information (zipped and attached)

 

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01 (ATTENTION: ====> FRSTversion is 9 days old and could be outdated)
Ran by Matt (administrator) on MATT-THINK on 31-05-2015 14:25:46
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexar Media, Inc.) C:\Windows\SysWOW64\LxrSII1s.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [167704 2011-08-19] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [392472 2011-08-19] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [416024 2011-08-19] (Intel Corporation)
HKLM-x32\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(7).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(7).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(7).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(7).dll [86400 2014-12-30] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2012-03-21]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-84418943-3450851122-1727580252-1000] => 181.196.181.194:3128
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3220468
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-84418943-3450851122-1727580252-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
SearchScopes: HKU\S-1-5-21-84418943-3450851122-1727580252-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
SearchScopes: HKU\S-1-5-21-84418943-3450851122-1727580252-1000 -> {E3FE2100-2097-4850-8E49-64741A881611} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-14] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: lookinglink -> {84dfb3ca-9212-4fba-bf3a-a66c4a02a48f} -> C:\Program Files (x86)\lookinglink\lookinglinkbho.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-14] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "backup.ftp", "119.252.165.166"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "119.252.165.166"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "119.252.165.166"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "117.102.163.3"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "117.102.163.3"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "117.102.163.3"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "117.102.163.3"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Matt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @talk.google.com/O1DPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\user.js [2015-05-17]
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: FT SleekDark - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-11]
FF Extension: Webmail Ad Blocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\gmailnoads@mywebber.com.xpi [2014-06-28]
FF Extension: NASA Night Launch - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\nasanightlaunch@example.com.xpi [2012-07-17]
FF Extension: InlineDisposition - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}.xpi [2012-10-14]
FF Extension: Stylish - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-07-18]
FF Extension: NoScript - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-23]
FF Extension: Abduction! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2012-07-12]
FF Extension: Video DownloadHelper - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-15]
FF Extension: FXOpera - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{e7c7d1b3-5984-410e-9f1e-54e3f8490e8e}.xpi [2012-07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-17]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-16]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
 
Chrome: 
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-28]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-28]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-28]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-28]
CHR HKU\S-1-5-21-84418943-3450851122-1727580252-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Matt\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-08-06]
CHR HKU\S-1-5-21-84418943-3450851122-1727580252-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Matt\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Matt\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-08-06]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Matt\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-14]
CHR HKLM-x32\...\Chrome\Extension: [ngmmcbedgcbfghamlghhpbpifnbhhpik] - C:\Users\Matt\AppData\Local\Temp\ccex.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LxrSII1s; C:\Windows\SysWOW64\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) []
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) []
S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S4 Update lookinglink; "C:\Program Files (x86)\lookinglink\updatelookinglink.exe" [X]
S4 Util lookinglink; "C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-05] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-22 20:37 - 2015-05-22 20:37 - 00055182 _____ () C:\Users\Matt\Desktop\FRST scan 1 MA.txt
2015-05-22 20:32 - 2015-05-22 20:32 - 00055182 _____ () C:\Users\Matt\Desktop\Addition.txt
2015-05-22 20:31 - 2015-05-31 14:26 - 00021435 _____ () C:\Users\Matt\Desktop\FRST.txt
2015-05-22 20:31 - 2015-05-31 14:25 - 00000000 ____D () C:\FRST
2015-05-22 20:30 - 2015-05-22 20:26 - 02108416 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2015-05-22 20:30 - 2015-05-22 20:25 - 01147392 _____ (Farbar) C:\Users\Matt\Desktop\FRST.exe
2015-05-17 10:17 - 2015-05-17 10:17 - 00029840 _____ () C:\ComboFix.txt
2015-05-17 09:55 - 2015-05-17 10:19 - 00000000 ____D () C:\ComboFix
2015-05-17 09:55 - 2015-05-17 10:18 - 00000000 ____D () C:\Qoobox
2015-05-17 09:55 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-17 09:55 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-17 09:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-17 09:54 - 2015-05-17 10:14 - 00000000 ____D () C:\Windows\erdnt
2015-05-17 09:54 - 2015-05-17 09:23 - 05623645 ____R (Swearware) C:\Users\Matt\Desktop\ComboFix.exe
2015-05-16 11:43 - 2015-05-16 11:43 - 00001893 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-16 11:43 - 2015-05-16 11:43 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2015-05-16 11:43 - 2015-05-16 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-16 11:43 - 2015-05-05 19:52 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-09 16:07 - 2015-05-09 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-09 16:07 - 2015-05-09 16:07 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-05-09 16:04 - 2015-05-09 16:04 - 00001724 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-09 16:04 - 2015-05-09 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-09 16:03 - 2015-05-09 16:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-09 16:03 - 2015-05-09 16:04 - 00000000 ____D () C:\Program Files\iTunes
2015-05-09 16:03 - 2015-05-09 16:03 - 00000000 ____D () C:\Program Files\iPod
2015-05-09 16:03 - 2015-05-09 16:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-05 19:52 - 2015-05-05 19:52 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-31 14:26 - 2012-11-14 09:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 14:25 - 2011-12-17 15:14 - 01692961 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 14:21 - 2012-03-24 18:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 14:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 01:38 - 2012-05-27 17:27 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000UA.job
2015-05-23 01:37 - 2012-03-24 18:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 20:39 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 20:29 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 20:29 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 20:21 - 2012-03-21 03:11 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\stickies
2015-05-20 11:43 - 2012-05-27 17:27 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000Core.job
2015-05-17 10:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-17 10:09 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-17 10:06 - 2014-02-12 21:06 - 00205892 _____ () C:\Windows\PFRO.log
2015-05-17 09:03 - 2013-03-11 14:29 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2015-05-16 11:31 - 2012-03-20 21:13 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\BitTorrent
2015-05-09 16:25 - 2013-07-12 20:26 - 00000000 ____D () C:\Users\Matt\Desktop\Utility
2015-05-09 16:16 - 2013-03-04 00:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-09 16:15 - 2013-05-07 23:43 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Spotify
2015-05-09 16:15 - 2013-05-07 23:43 - 00000000 ____D () C:\Users\Matt\AppData\Local\Spotify
2015-05-09 16:09 - 2014-01-29 00:11 - 00015926 _____ () C:\Windows\setupact.log
2015-05-09 16:07 - 2014-05-20 09:43 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-09 16:07 - 2012-03-16 20:19 - 00000000 ____D () C:\ProgramData\Skype
2015-05-09 16:05 - 2012-03-23 21:07 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\vlc
2015-05-09 16:03 - 2014-05-29 21:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-05-09 16:03 - 2012-03-15 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-09 15:32 - 2013-06-17 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 15:30 - 2012-07-06 17:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-05 19:57 - 2012-05-15 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-05 19:52 - 2014-04-22 15:13 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-05 19:52 - 2013-12-25 02:57 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-05 19:52 - 2013-03-06 09:10 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-05 19:52 - 2013-03-06 09:10 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-05 19:52 - 2012-03-16 01:52 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-05 19:52 - 2012-03-16 01:52 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-05 19:52 - 2012-03-16 01:52 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-05 19:52 - 2012-03-16 01:52 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-03 08:22 - 2013-03-28 21:15 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2012-07-25 00:04 - 2012-07-25 00:04 - 0004096 ____H () C:\Users\Matt\AppData\Local\keyfile3.drm
2012-03-16 09:39 - 2012-06-06 18:30 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-17 10:42
 
==================== End of log ============================
 
 
 
 
 
 
Addition log:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Matt at 2015-05-31 14:26:35
Running from C:\Users\Matt\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-84418943-3450851122-1727580252-500 - Administrator - Disabled)
Guest (S-1-5-21-84418943-3450851122-1727580252-501 - Limited - Disabled)
Matt (S-1-5-21-84418943-3450851122-1727580252-1000 - Administrator - Enabled) => C:\Users\Matt
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Botanicula (HKLM-x32\...\Steam App 207690) (Version:  - )
Broken Age (HKLM-x32\...\Steam App 232790) (Version:  - Double Fine Productions)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Costume Quest (HKLM-x32\...\Steam App 115100) (Version:  - )
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - )
Dropbox (HKU\S-1-5-21-84418943-3450851122-1727580252-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.63 - NCH Software)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Image to PDF Converter Free 6.5 (HKLM-x32\...\Image to PDF Converter Free_is1) (Version:  - PDFArea Software)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Machinarium (HKLM-x32\...\Steam App 40700) (Version:  - Amanita Design)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.00 - )
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.5.30814 - Grinding Gear Games)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samorost 2 (HKLM-x32\...\Steam App 40720) (Version:  - Amanita Design)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-84418943-3450851122-1727580252-1000\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stickies 7.1c (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows Driver Package - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)
Windows Driver Package - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-05-17 10:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {017F2785-71F4-4508-86DC-BB0161193351} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {089D5DC2-50BA-47C1-A570-FCC3BEE38B55} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {0D9E9906-6081-48D6-B0C5-AEB161B709A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0E4AB467-46BB-41D7-B9DD-884AE7654A73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-05] (Avast Software s.r.o.)
Task: {29F11DE1-4A7F-4C26-9076-84CAF73B9318} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-03-23] ()
Task: {2DFA291E-D560-4E18-B7CA-4F186ED449D8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {30CC74D3-2471-4D6B-8224-1EE47EF11AE1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {561F6C0C-4B37-44E6-9164-A489B44A33EC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {5F3B2B73-02DC-4C35-9CF4-1ECA772DB1E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000UA => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {744886EF-E3FA-476F-BE70-9D6E9A8A037C} - System32\Tasks\{8391E6CB-EC37-448F-944B-C0E03C94CD6A} => pcalua.exe -a C:\Users\Matt\Desktop\vcredist_x86.exe -d C:\Users\Matt\Desktop
Task: {844AAD49-2A45-418A-8944-6BF9215736CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A1A94653-4637-473F-AA57-C23DF2D09E18} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {BF9AD4E9-F171-4602-8344-18930E8C30A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {CB2E5AA6-3390-4F86-927B-57A50D49AF63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {D0EE25CB-B319-4211-8C20-3AD584FCB9BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {D8EA8510-23AF-41DA-8E47-9D3AFFCA4203} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E7D77A3E-051D-41EC-994E-D6D1F8BD050A} - System32\Tasks\{E51094CE-B05C-4B9B-8F0D-B5320A9A9A4A} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {EE65BD67-9C01-4EFE-81FF-223A847EE238} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {EF84C976-4848-4AD0-9DA5-ED7335AA0F55} - System32\Tasks\{1CC33CC0-F8B8-4D6D-8478-F33236F1E166} => C:\Users\Matt\Desktop\KYOTO\AUTORUN.EXE [1995-11-23] (Dynaware USA, Inc.)
Task: {FA5702C9-DE28-49AA-8477-18AE946295F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000Core => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000Core.job => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000UA.job => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-03-04 15:50 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2012-07-12 16:05 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-03-04 15:50 - 2012-09-18 16:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2011-12-17 15:23 - 2011-08-31 14:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-12-17 15:21 - 2010-10-25 23:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-12-17 15:21 - 2011-08-19 01:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-05 19:52 - 2015-05-05 19:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-05 19:52 - 2015-05-05 19:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-11 19:14 - 2015-05-11 19:14 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15051101\algo.dll
2012-03-21 03:11 - 2012-03-21 03:11 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2015-04-14 22:28 - 2015-04-14 22:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-14 20:40 - 2015-02-14 20:40 - 00381440 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: LENOVO.CAMMUTE => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: SUService => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: TPHKSVC => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Update lookinglink => 2
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: Util lookinglink => 2
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VIPAppService => 2
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Facebook Update => "C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: googletalk => C:\Users\Matt\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Matt\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3AEDD551-833F-457A-A635-BEDCD546FB57}] => (Allow) C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5322A1FB-A618-4EF2-839B-45ED2733CE71}] => (Allow) C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B332AB63-9237-46B2-ACBF-7EBD836CF369}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C32666C6-46B4-49BD-9B78-099AB3BC42CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5D356B9-BF91-409D-8053-98E0D5C4EA4F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12CB8B06-92B2-4599-95EF-270CC969A246}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{FC9B99DF-0CF6-4F1F-AD4D-A234BA553A53}C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4E4B381C-FD77-45B3-87ED-A1132DF29DC7}C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\matt\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E819759C-7E5C-49AF-B831-71BE69F6EA73}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E6A00737-8FC8-4B03-85F3-D8131169B130}] => (Allow) LPort=2869
FirewallRules: [{B13FFCEE-A8DD-435A-95C6-90AC2E85690F}] => (Allow) LPort=1900
FirewallRules: [{B3FF74FE-8726-414D-AB07-225CC05C4B62}] => (Allow) C:\Users\Matt\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3705203E-526A-41A6-A9DA-9E0FE5D2A5F7}] => (Allow) C:\Users\Matt\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{7ABFDB66-6F36-4038-B9AC-389D4E8F7DB3}C:\users\matt\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matt\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C0E39C8B-BBCA-4EF9-9BDB-78F637AEEA21}C:\users\matt\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matt\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E3F5D73D-824B-4B64-8D0E-6CD0F731165D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{40C74001-5246-4555-BD3F-010ED6540915}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E36C037E-E701-4A50-BCBA-B9D33721149D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8463DBEF-1602-4AC3-9990-7E75D41A146C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dear Esther\dearesther.exe
FirewallRules: [{FC59F5E4-BCB3-4DC3-B606-E884CED2AF08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dear Esther\dearesther.exe
FirewallRules: [{3F13B169-CCE9-4D2B-AD87-15320B09432D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{ED756AB0-FDC2-4176-AAA8-D272795D517D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{EE43315E-85A6-423C-9FFD-CA21A6A692A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Samorost 2\Samorost2.exe
FirewallRules: [{8BB87338-50C2-44A3-9036-05B79D7AFCCC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Samorost 2\Samorost2.exe
FirewallRules: [{40FD522A-B3DD-420D-82A8-46E1DA03EA43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Botanicula\Botanicula.exe
FirewallRules: [{C78630AD-CBF8-4700-B26B-FBC97FDA8B49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Botanicula\Botanicula.exe
FirewallRules: [{49204EF6-3F4E-42BB-878B-A319EE6B80A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{4362B3DF-8D43-4FDB-A46D-2A14C6F7DEBB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{E7BE0349-CAFB-4137-8340-470DC9F6C9CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stacking\Stack.exe
FirewallRules: [{73E51ABC-F22C-4E05-831B-D68A8C3A26C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stacking\Stack.exe
FirewallRules: [{F02A4491-5662-4764-B7D7-963C49012808}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{901EEE61-3197-4A24-A18E-A277A1C4679D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{AF03DDEA-3FB2-4088-AC4D-44D819182BEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Costume Quest\Cq.exe
FirewallRules: [{53194677-6E55-499E-9664-B54B4815E592}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Costume Quest\Cq.exe
FirewallRules: [{15E0DD00-1FAE-493A-95A7-03EAE3238022}] => (Allow) C:\Users\Matt\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0E120EFA-E2D2-401F-A705-467CBC2304F2}] => (Allow) C:\Users\Matt\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7B8E4CED-0A7A-4AA6-8CDC-2CDE4190896D}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{D049985D-FD00-4FD7-936F-05A3801DD595}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{D97774A8-443C-4D9C-BECA-F99AADBA4158}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{03A35B09-B200-42DA-9450-CF3DD553731F}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{FE12D104-211F-4B60-996B-A5C67CDBCE73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{300BBD4B-1C49-4889-B1D4-9E68BBA69BDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{10AE6ADF-1E03-480A-B47A-BD8C7E723646}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{BD7A3796-B1D3-4C39-861B-896EE1372113}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{FE85AE01-0200-4F80-B1F2-8E3FC02497CD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E8129932-065F-4F3D-9D0A-42DD6AB65D2A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6E0700B2-CEB9-40DB-937C-3335C4754E2F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{46C219EA-FFEF-45CE-A06D-EE102D2098EE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{B3BEB95F-A1C9-4084-A375-720A7C006996}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{D0E1D95A-5A6C-4B55-B3B1-04423370C01F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{3162430C-FCBE-41BD-A767-4DEC549E8318}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F75F8088-65AA-470D-AEB9-ABE6D54C2283}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{5390185D-2303-4919-8338-EB0E8971283E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B0E9CD1E-F4C2-4C2E-BB94-55C51F2CE44A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{23D8AF40-262A-4B09-BD3D-5C3B43C3F56E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Age\BrokenAge.exe
FirewallRules: [{5694860B-F059-4153-BED3-E8ED1C8B61C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Age\BrokenAge.exe
FirewallRules: [{86B65B1D-1225-47FA-9E8D-4326DAC29C41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{B54243DC-2BA5-4120-BE37-A3EA5CEE7CA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{752A4FCA-B05C-424E-9AD6-4468067C1ECB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{B92BFB1F-0A55-41D9-BB99-E00505D36D92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{F602695A-75C7-41B2-8ADC-E28CA7B12626}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C4F885A6-287C-4E08-8B7B-0CE5F99603B4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{11981501-F9DC-4116-ABA9-99AF9912AADF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6CF12DA3-7478-49A7-89A5-99EA12D19BCA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{84CCC33B-C4CA-4818-A74B-77557AEDB655}] => (Allow) C:\Users\Matt\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{CB745C64-D481-427D-B34A-5F1F146C8646}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7BA0B4D6-78E0-4AE1-87D9-2EA85EE1860D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{10B7992F-8BEB-4044-B673-536124FF1370}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{59A2A723-8A48-466D-8862-6C15E617A064}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{95A5DA69-36AF-4709-B52E-1F21350C18ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF129AE4-B89F-4DAD-8B08-1E943DEA3AD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6DF8D332-A272-4C18-AA5B-9BA47A4B760C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AFEA631B-AB53-4079-926C-3AE89DD99023}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A79B47C5-71FA-4928-9469-C94D63D9D7B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2700A7E7-D1AE-43C7-9B6B-2FA094FB1539}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {83b03939-3c46-4bd3-b1b9-09276cb0fa28}
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {83b03939-3c46-4bd3-b1b9-09276cb0fa28}
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {d8ccd1a8-654b-4ed5-b509-e814364fb38e}
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {d8ccd1a8-654b-4ed5-b509-e814364fb38e}
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 12346) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {ef5426d7-4e83-40ab-9cba-e14c5a2fedd3}
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {ef5426d7-4e83-40ab-9cba-e14c5a2fedd3}
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 12342) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx.  hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.
 
Error: (05/31/2015 02:26:37 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator
 
 
System errors:
=============
Error: (05/31/2015 02:25:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:25:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
Error: (05/31/2015 02:24:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-17 10:05:23.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-17 10:05:23.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-24 13:59:09.397
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-24 13:59:09.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-24 13:51:02.817
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-24 13:51:02.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-23 11:37:36.938
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-23 11:37:36.908
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-22 19:56:40.756
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-06-22 19:56:40.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Lenovo\RapidBoot\PHCORE64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 24%
Total physical RAM: 4007.23 MB
Available physical RAM: 3038.54 MB
Total Pagefile: 8012.66 MB
Available Pagefile: 7039.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:284.91 GB) (Free:110.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: D545E0F9)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 AM

Posted 31 May 2015 - 02:19 PM

I will apologize up front because I am ending for the evening but did you set this Proxy? Are you in Equador?

 

ProxyServer: [S-1-5-21-84418943-3450851122-1727580252-1000] => 181.196.181.194:3128

 

I will be reviewing your reply in the morning, my time.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 mca236

mca236
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 31 May 2015 - 03:57 PM

Thanks for the quick reply!

 

I have used a couple proxies recently, but none from Ecuador (that I know of). I have most often used a Texas proxy through a VPN. I am in the US east coast.

 

Just so you know, the computer that I'm having issues with is not connecting to the Internet, so I've been posting from a second one (Mac).

 

Also so you know, I will be away from my computer until Thursday evening. I apologize for that delay. Feel free to wait until then to look at my case.

 

-- Matt

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 AM

Posted 01 June 2015 - 12:34 AM

Hi Matt,

Thank you for all the information and letting me know of your delay. Certainly not a problem.

Here are our first steps whenever you get to them.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ProxyServer: [S-1-5-21-84418943-3450851122-1727580252-1000] => 181.196.181.194:3128
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3220468
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-84418943-3450851122-1727580252-1000 -> {E3FE2100-2097-4850-8E49-64741A881611} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO-x32: lookinglink -> {84dfb3ca-9212-4fba-bf3a-a66c4a02a48f} -> C:\Program Files (x86)\lookinglink\lookinglinkbho.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\user.js [2015-05-17]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S4 Update lookinglink; "C:\Program Files (x86)\lookinglink\updatelookinglink.exe" [X]
S4 Util lookinglink; "C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 mca236

mca236
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 05 June 2015 - 01:06 AM

Thanks so much for your help so far! Below you will find my:

-- Fixlog

-- AdwCleaner log

-- Junkware log

 

I have not seen any noticeable performance improvement yet.

 

I have noticed a couple additional minor issues since my original post, in case that helps. Here is a summary of what's going on with it as of now:

-- Gray taskbar, no Internet, no audio (main issues from original post)

-- slow restart time

-- certain keyboard functions not working, such as brightness and volume

-- can't be "woken up" from sleep mode. I have to do a hard reset

 

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Matt at 2015-06-05 00:12:54 Run:1
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ProxyServer: [S-1-5-21-84418943-3450851122-1727580252-1000] => 181.196.181.194:3128 HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3220468 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKU\S-1-5-21-84418943-3450851122-1727580252-1000 -> {E3FE2100-2097-4850-8E49-64741A881611} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 BHO-x32: lookinglink -> {84dfb3ca-9212-4fba-bf3a-a66c4a02a48f} -> C:\Program Files (x86)\lookinglink\lookinglinkbho.dll No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\user.js [2015-05-17] S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] S4 Update lookinglink; "C:\Program Files (x86)\lookinglink\updatelookinglink.exe" [X] S4 Util lookinglink; "C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe" [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 vpnva; system32\DRIVERS\vpnva64.sys [X] CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-84418943-3450851122-1727580252-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
*****************
 
HKU\ProxyServer: [S-1-5-21-84418943-3450851122-1727580252-1000] => 181.196.181.194:3128 S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
 
==== End of Fixlog 00:12:54 ====
 
 
AdwCleaner log:
 
# AdwCleaner v4.206 - Logfile created 05/06/2015 at 00:18:13
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Matt - MATT-THINK
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Matt\AppData\Local\Conduit
Folder Deleted : C:\Users\Matt\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Matt\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Matt\AppData\Roaming\download Manager
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\user.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E3FE2100-2097-4850-8E49-64741A881611}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SavingsBullFilter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 181.196.181.194:3128
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : dknkjnkhedbanphkkpbpcgoblmkbfhlf
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [4085 bytes] - [05/06/2015 00:15:04]
AdwCleaner[S0].txt - [3560 bytes] - [05/06/2015 00:18:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3619  bytes] ##########
 
 
Junkware log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 7 Professional x64
Ran by Matt on Fri 06/05/2015 at  1:33:38.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] update lookinglink
Successfully deleted: [Service] update lookinglink
Successfully stopped: [Service] util lookinglink
Successfully deleted: [Service] util lookinglink
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update lookinglink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util lookinglink
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Matt\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Matt\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Matt\appdata\local\google\chrome\user data\default\local storage\https_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Matt\appdata\local\google\chrome\user data\default\local storage\https_www.superfish.com_0.localstorage-journal
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{1B113DBC-F962-4C7E-853B-9DF13237293E}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{4AC6E4A7-0CEA-4DB3-9436-30E1DC082F2D}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{53303BA3-B350-409D-AE80-9896CCE921AD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{53760B69-CBA0-4A8E-B915-F6F0B7A66DAE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{5FABAAD6-7FCA-408F-8150-28D95F95FAA4}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{60B7E617-C593-42D3-A21D-81C8B6CC6540}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{63EC42E5-BD2F-4387-93D0-806BF32BAEF7}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{6B7F5E41-60BC-41C3-913B-BA545DBBF1FD}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{840EB291-EE64-4A0F-B703-93B75F389D10}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{C3A3E4E7-8804-4C5B-AF59-45DD4D773192}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{D94E098D-2845-4BA0-9192-E8AF17225606}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E0E8CD16-1F38-41F3-B5A1-5E085D2DCDD5}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{E7C2FD62-88C1-4848-880C-08A968D7D67C}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{F5A518EC-E67A-4875-805E-2F078AFCF7BE}
Successfully deleted: [Empty Folder] C:\Users\Matt\appdata\local\{FA0C165C-6A24-44D6-8804-5A84492C7BF2}
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Matt\appdata\local\cre
Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\pcdr
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\5ylnxhzf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\5ylnxhzf.default\conduitcommon
Successfully deleted the following from C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\5ylnxhzf.default\prefs.js
 
user_pref(extensions.disconnect.whitelist, {\latimes.com\:{\Disconnect\:{\whitelisted\:false,\services\:{\Google\:true}}},\mediafire.com\:{\Disconnect\:{\whi
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\5ylnxhzf.default\minidumps [286 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\Matt\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Matt\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Matt\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Matt\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/05/2015 at  1:39:49.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:34 AM

Posted 05 June 2015 - 08:21 AM

Hello,
Oh My! is currently not able to help, so I'm helping you.
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 mca236

mca236
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 05 June 2015 - 09:19 AM

Hello Machiavelli,

 

My most current FRST log is below (June 5):

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01 (ATTENTION: ====> FRSTversion is 14 days old and could be outdated)
Ran by Matt (administrator) on MATT-THINK on 05-06-2015 10:12:28
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexar Media, Inc.) C:\Windows\SysWOW64\LxrSII1s.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [167704 2011-08-19] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [392472 2011-08-19] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [416024 2011-08-19] (Intel Corporation)
HKLM-x32\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(7).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(7).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(7).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(7).dll [86400 2014-12-30] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2012-03-21]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-84418943-3450851122-1727580252-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-84418943-3450851122-1727580252-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-14] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-14] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "backup.ftp", "119.252.165.166"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "119.252.165.166"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "119.252.165.166"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "117.102.163.3"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "117.102.163.3"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "117.102.163.3"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "117.102.163.3"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Matt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @talk.google.com/O1DPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-84418943-3450851122-1727580252-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: FT SleekDark - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-11]
FF Extension: Webmail Ad Blocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\gmailnoads@mywebber.com.xpi [2014-06-28]
FF Extension: NASA Night Launch - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\nasanightlaunch@example.com.xpi [2012-07-17]
FF Extension: InlineDisposition - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}.xpi [2012-10-14]
FF Extension: Stylish - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-07-18]
FF Extension: NoScript - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-23]
FF Extension: Abduction! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2012-07-12]
FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-15]
FF Extension: FXOpera - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5ylnxhzf.default\Extensions\{e7c7d1b3-5984-410e-9f1e-54e3f8490e8e}.xpi [2012-07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-12-17]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-16]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
 
Chrome: 
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-28]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-28]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-28]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-14]
CHR HKLM-x32\...\Chrome\Extension: [ngmmcbedgcbfghamlghhpbpifnbhhpik] - C:\Users\Matt\AppData\Local\Temp\ccex.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LxrSII1s; C:\Windows\SysWOW64\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) []
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) []
S4 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-05] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-05 01:42 - 2015-06-05 01:42 - 00005019 _____ () C:\Users\Matt\Desktop\JRT June 5.txt
2015-06-05 01:39 - 2015-06-05 01:39 - 00005019 _____ () C:\Users\Matt\Desktop\JRT.txt
2015-06-05 01:33 - 2015-06-05 01:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MATT-THINK-Windows-7-Professional-(64-bit).dat
2015-06-05 01:33 - 2015-06-05 01:33 - 00000000 ____D () C:\RegBackup
2015-06-05 01:31 - 2015-06-05 01:31 - 00003707 _____ () C:\Users\Matt\Desktop\AdwCleaner June 5.txt
2015-06-05 00:14 - 2015-06-05 00:18 - 00000000 ____D () C:\AdwCleaner
2015-06-05 00:09 - 2015-06-04 22:25 - 02942610 _____ (Thisisu) C:\Users\Matt\Desktop\JRT.exe
2015-06-05 00:09 - 2015-06-04 22:22 - 02231296 _____ () C:\Users\Matt\Desktop\AdwCleaner.exe
2015-05-31 14:30 - 2015-05-31 14:30 - 01271036 _____ () C:\Users\Matt\Desktop\Summary.nfo
2015-05-31 14:27 - 2015-05-31 14:27 - 00054795 _____ () C:\Users\Matt\Desktop\Addition May 31.txt
2015-05-31 14:27 - 2015-05-31 14:27 - 00029865 _____ () C:\Users\Matt\Desktop\FRST May 31.txt
2015-05-22 20:37 - 2015-05-22 20:37 - 00055182 _____ () C:\Users\Matt\Desktop\FRST scan 1 MA.txt
2015-05-22 20:32 - 2015-05-31 14:26 - 00054795 _____ () C:\Users\Matt\Desktop\Addition.txt
2015-05-22 20:31 - 2015-06-05 10:12 - 00019377 _____ () C:\Users\Matt\Desktop\FRST.txt
2015-05-22 20:31 - 2015-06-05 10:12 - 00000000 ____D () C:\FRST
2015-05-22 20:30 - 2015-05-22 20:26 - 02108416 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2015-05-22 20:30 - 2015-05-22 20:25 - 01147392 _____ (Farbar) C:\Users\Matt\Desktop\FRST.exe
2015-05-17 10:17 - 2015-05-17 10:17 - 00029840 _____ () C:\ComboFix.txt
2015-05-17 09:55 - 2015-05-17 10:19 - 00000000 ____D () C:\ComboFix
2015-05-17 09:55 - 2015-05-17 10:18 - 00000000 ____D () C:\Qoobox
2015-05-17 09:55 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-17 09:55 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-17 09:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-17 09:55 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-17 09:54 - 2015-05-17 10:14 - 00000000 ____D () C:\Windows\erdnt
2015-05-17 09:54 - 2015-05-17 09:23 - 05623645 ____R (Swearware) C:\Users\Matt\Desktop\ComboFix.exe
2015-05-16 11:43 - 2015-05-16 11:43 - 00001893 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-16 11:43 - 2015-05-16 11:43 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2015-05-16 11:43 - 2015-05-16 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-16 11:43 - 2015-05-05 19:52 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-09 16:07 - 2015-05-09 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-09 16:07 - 2015-05-09 16:07 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-05-09 16:04 - 2015-05-09 16:04 - 00001724 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-09 16:04 - 2015-05-09 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-09 16:03 - 2015-05-09 16:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-09 16:03 - 2015-05-09 16:04 - 00000000 ____D () C:\Program Files\iTunes
2015-05-09 16:03 - 2015-05-09 16:03 - 00000000 ____D () C:\Program Files\iPod
2015-05-09 16:03 - 2015-05-09 16:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-05 10:07 - 2012-03-21 03:11 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\stickies
2015-06-05 10:06 - 2012-03-24 18:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 10:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-05 01:51 - 2011-12-17 15:14 - 01725183 _____ () C:\Windows\WindowsUpdate.log
2015-06-05 01:51 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-05 01:51 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 01:51 - 2009-07-14 00:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-05 01:38 - 2012-05-27 17:27 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000UA.job
2015-06-05 01:37 - 2012-03-24 18:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 01:26 - 2012-11-14 09:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 11:43 - 2012-05-27 17:27 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84418943-3450851122-1727580252-1000Core.job
2015-05-17 10:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-17 10:09 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-17 10:06 - 2014-02-12 21:06 - 00205892 _____ () C:\Windows\PFRO.log
2015-05-17 09:03 - 2013-03-11 14:29 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2015-05-16 11:31 - 2012-03-20 21:13 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\BitTorrent
2015-05-09 16:25 - 2013-07-12 20:26 - 00000000 ____D () C:\Users\Matt\Desktop\Utility
2015-05-09 16:16 - 2013-03-04 00:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-09 16:15 - 2013-05-07 23:43 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Spotify
2015-05-09 16:15 - 2013-05-07 23:43 - 00000000 ____D () C:\Users\Matt\AppData\Local\Spotify
2015-05-09 16:09 - 2014-01-29 00:11 - 00015926 _____ () C:\Windows\setupact.log
2015-05-09 16:07 - 2014-05-20 09:43 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-09 16:07 - 2012-03-16 20:19 - 00000000 ____D () C:\ProgramData\Skype
2015-05-09 16:05 - 2012-03-23 21:07 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\vlc
2015-05-09 16:03 - 2014-05-29 21:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-05-09 16:03 - 2012-03-15 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-09 15:32 - 2013-06-17 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-09 15:30 - 2012-07-06 17:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
 
==================== Files in the root of some directories =======
 
2012-07-25 00:04 - 2012-07-25 00:04 - 0004096 ____H () C:\Users\Matt\AppData\Local\keyfile3.drm
2012-03-16 09:39 - 2012-06-06 18:30 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\Quarantine.exe
C:\Users\Matt\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-05 00:49
 
==================== End of log ============================


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:34 AM

Posted 05 June 2015 - 09:46 AM

Good day Matt,

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01 (ATTENTION: ====> FRSTversion is 14 days old and could be outdated)

Please re-download FRST.
 

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

You have basically 2 AS installed which isn't recommend as this can be quite dangerous (two such programs blocks each other etc.). I would recommend to disable Windows Defender.
 
xbRilsY4.png.pagespeed.ic.uUXpuN02_h.pngDisable Windows Defender

  • Press the Windows Key + on your keyboard at the same time. Type Windows Defender and click the programme.
  • Enable Windows Defender. 
  • Reconnect to the Internet.

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

 

Using zANS9oB.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

If you choose to keep Java installed, it is paramount you keep the software updated with the latest version.
You can verify/test your Java software installation & version here.

 

Step 1: FRST Fix

  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-84418943-3450851122-1727580252-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    FF NetworkProxy: "backup.ftp", "119.252.165.166"
    FF NetworkProxy: "backup.ftp_port", 8080
    FF NetworkProxy: "backup.socks", "119.252.165.166"
    FF NetworkProxy: "backup.socks_port", 8080
    FF NetworkProxy: "backup.ssl", "119.252.165.166"
    FF NetworkProxy: "backup.ssl_port", 8080
    FF NetworkProxy: "ftp", "117.102.163.3"
    FF NetworkProxy: "ftp_port", 3128
    FF NetworkProxy: "http", "117.102.163.3"
    FF NetworkProxy: "http_port", 3128
    FF NetworkProxy: "share_proxy_settings", true
    FF NetworkProxy: "socks", "117.102.163.3"
    FF NetworkProxy: "socks_port", 3128
    FF NetworkProxy: "ssl", "117.102.163.3"
    FF NetworkProxy: "ssl_port", 3128
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM-x32\...\Chrome\Extension: [ngmmcbedgcbfghamlghhpbpifnbhhpik] - C:\Users\Matt\AppData\Local\Temp\ccex.crx [Not Found]
    C:\Users\Matt\AppData\Local\Temp\Quarantine.exe
    C:\Users\Matt\AppData\Local\Temp\sqlite3.dll
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Step 2: MBAM Scan
 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Your version of Malwarebytes Anti-Malware is outdated. Download the update on top of your current version. 
  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.

Step 3: ESET Scan

 

GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Step 4: FRST Scan

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

 

 

pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

 

  • Fixlist.txt
  • MBAM Log
  • ESET Log
  • FRST.txt
  • Addition.txt

Edited by Machiavelli, 05 June 2015 - 09:46 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 mca236

mca236
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 05 June 2015 - 04:52 PM

Hello,

 

I cannot start the ESET scan because I am not connected to the Internet.



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:34 AM

Posted 06 June 2015 - 06:02 AM

OK, skip ESET for now.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users