Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection, svchost.exe high CPU usage


  • This topic is locked This topic is locked
2 replies to this topic

#1 mowersman

mowersman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:05:51 PM

Posted 02 January 2016 - 08:10 PM

Hi all

I was asked by Buddy215 to drop a posting over here for someone to have a check over to ensure that my problems are not malware related.

 

This is my original question over on the "Am I infected" forum

 

Hi all, sorry for jumping in almost straight away with a question.

I've been having some serious issues over the last couple of days, with my laptop performing very slowly and regularly crashing (No BSOD, just dies :unsure: ...)

The computer is a Lenovo Thinkpad T400, Core 2 Duo P8600 2.4Ghz with 8gb of RAM, Running Windows 7 Ultimate.

I think I have narrowed the problem down to one of the many svchost.exe processes in task manager running around 50% CPU usage. Running Process Explorer suggests that this has two "process" under it, both called taskeng.exe, one with GoogleUpdate.exe under it and one with AdobeARM under it. I kill the process, but a few minutes later it starts right back up, again, around the 50% mark. This just seems rather odd to be and to my untrained mind, suggests malware or a virus.

I have run both Avast antivirus and Malwarebytes and neither of those have thrown up anything that relates to it, only a few potentially unwanted programs.

 

I do hope I haven't missed any important information out, but if I have, let me know and I will try my best to find and include it.

 

Cheers

Andrew

So far I have run

A scan with avast antivirus

Malwarebytes

Ccleaner

ADWcleaner

Junkware removal tool

Eset online scan

 

None of these seem to have turned up anything that is related to my issue.

 

I have now downloaded FRST and these are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by User (administrator) on USER-PC (03-01-2016 00:50:25)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\CPUCooL\CooLSRV.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Mozilla Thunderbird\updated\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Alexander Roshal) C:\Program Files (x86)\WinRAR\WinRAR.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\ATFUS:
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_235_Plugin.exe [1162944 2015-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\MountPoints2: {48b92a75-1fd0-11e3-b997-00247e15e4c4} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\MountPoints2: {e11f5ba2-b7fd-11e3-9a89-00247e15e4c4} - E:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{25001CE4-5460-41A2-BA7A-20D75F636E36}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F795197E-B8AB-4A2F-9A13-72644BA17E62}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-357035105-4179914726-231070807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-27] (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3euguz26.default
FF DefaultSearchEngine: Google CO.UK
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 9666
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 9666
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3euguz26.default\searchplugins\google-couk.xml [2015-08-23]
FF Extension: British English Dictionary - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3euguz26.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2015-12-26] [not signed]
FF Extension: YouTube mp3 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3euguz26.default\Extensions\info@youtube-mp3.org.xpi [2015-05-29]
FF Extension: British English Dictionary (Forked by Marco Pinto) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3euguz26.default\Extensions\marcoagpinto@mail.telepac.pt [2015-12-30]
FF Extension: UltraSurf Firefox Tool - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3euguz26.default\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi [2014-02-11] [not signed]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3euguz26.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-26]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-15]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-01]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2011-05-31] () [File not signed]
S4 ATService; C:\Windows\system32\ATService.exe [2715976 2011-05-31] (AuthenTec, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-20] (Avast Software)
R2 CPUCooLServer; C:\Program Files (x86)\CPUCooL\CooLSrv.exe [743936 2011-12-01] () [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-14] (Lenovo.)
S4 dtsvc; C:\Windows\system32\DTS.exe [117760 2011-05-31] () [File not signed]
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-17] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-20] (AVAST Software)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-20] (Avast Software)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 00:50 - 2016-01-03 00:50 - 00016638 _____ C:\Users\User\Downloads\FRST.txt
2016-01-03 00:49 - 2016-01-03 00:50 - 00000000 ____D C:\FRST
2016-01-03 00:48 - 2016-01-03 00:48 - 02370560 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-01-02 00:12 - 2016-01-02 00:13 - 00000000 ____D C:\3bc1aebda8066a7152d71c9e
2016-01-01 03:13 - 2016-01-01 03:13 - 00000000 ____D C:\Users\User\Downloads\Maps
2016-01-01 03:12 - 2016-01-01 03:12 - 00002633 _____ C:\Users\User\Desktop\µTorrent.lnk
2016-01-01 03:12 - 2016-01-01 03:12 - 00002633 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-01 03:12 - 2016-01-01 03:12 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2016-01-01 03:11 - 2016-01-01 03:11 - 02026520 _____ (BitTorrent Inc.) C:\Users\User\Downloads\uTorrent.exe
2016-01-01 03:10 - 2016-01-01 03:10 - 00166925 _____ C:\Users\User\Downloads\[kat.cr]memory.map.v5.plus.maps.of.uk.southern.ireland.europe.torrent
2016-01-01 03:05 - 2016-01-01 03:05 - 28978299 _____ C:\Users\User\Downloads\vmdvec_tm.zip
2016-01-01 02:57 - 2016-01-01 03:05 - 00000000 ____D C:\Users\User\Desktop\maps
2016-01-01 02:54 - 2016-01-01 02:56 - 78184856 _____ C:\Users\User\Downloads\vmdras_tm.zip
2015-12-30 11:31 - 2015-12-30 11:32 - 00000000 ____D C:\dc3a40917b12017a12416fa0da
2015-12-29 10:42 - 2015-12-29 10:42 - 00001074 _____ C:\Users\User\Desktop\GWX Control Panel.lnk
2015-12-29 10:42 - 2015-12-29 10:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2015-12-29 10:42 - 2015-12-29 10:42 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
2015-12-29 10:41 - 2015-12-29 10:41 - 02393976 _____ C:\Users\User\Downloads\GwxControlPanelSetup.exe
2015-12-29 01:01 - 2015-12-29 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-29 00:42 - 2015-12-29 00:42 - 02870984 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2015-12-29 00:42 - 2015-12-29 00:42 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-29 00:07 - 2015-12-29 00:07 - 00000936 _____ C:\Users\User\Desktop\reply.txt
2015-12-28 01:41 - 2015-12-28 01:41 - 00012122 _____ C:\Users\User\Desktop\install.txt
2015-12-28 01:38 - 2015-12-28 01:39 - 00021524 _____ C:\Users\User\Desktop\startup2.txt
2015-12-28 01:38 - 2015-12-28 01:38 - 00004370 _____ C:\Users\User\Desktop\startup.txt
2015-12-28 01:25 - 2015-12-28 01:25 - 00038646 _____ C:\Users\User\Desktop\JRT.txt
2015-12-28 01:17 - 2015-12-29 00:37 - 00000000 ____D C:\AdwCleaner
2015-12-28 01:04 - 2015-12-28 01:04 - 00000000 ____D C:\Program Files\CCleaner
2015-12-28 01:03 - 2015-12-28 01:03 - 01599336 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2015-12-28 01:02 - 2015-12-28 01:02 - 01743360 _____ C:\Users\User\Downloads\AdwCleaner.exe
2015-12-27 10:38 - 2015-12-27 10:38 - 00985600 _____ C:\Users\User\Downloads\MicrosoftFixit50123.msi
2015-12-27 00:45 - 2015-12-27 00:45 - 00010796 _____ C:\Users\User\Documents\s2c.odt
2015-12-27 00:44 - 2015-12-18 18:51 - 00444310 _____ C:\Users\User\Documents\untitled_1.odt
2015-12-27 00:44 - 2015-11-20 10:12 - 00015114 _____ C:\Users\User\Documents\microsquirt%20bits.odt_0.odt
2015-12-26 23:38 - 2015-12-30 00:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-26 23:38 - 2015-12-29 23:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-26 23:37 - 2015-12-26 23:37 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-26 23:37 - 2015-12-26 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-26 23:37 - 2015-12-26 23:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-26 23:37 - 2015-12-26 23:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-26 23:37 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-26 23:37 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-26 23:37 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-26 23:35 - 2015-12-26 23:36 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-26 22:42 - 2015-05-11 13:56 - 02508432 ____N (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\procexp.exe
2015-12-26 22:41 - 2015-12-26 22:41 - 01186640 _____ C:\Users\User\Downloads\ProcessExplorer.zip
2015-12-26 22:41 - 2015-12-26 22:41 - 01186640 _____ C:\Users\User\Downloads\ProcessExplorer(1).zip
2015-12-26 22:12 - 2015-12-26 22:12 - 00000991 _____ C:\Users\User\Desktop\CPUCooL.lnk
2015-12-26 22:12 - 2015-12-26 22:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPUCooL
2015-12-26 22:11 - 2015-12-26 22:11 - 04200348 _____ C:\Users\User\Downloads\CPUCOOL9.EXE
2015-12-26 21:59 - 2015-07-20 13:50 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-26 20:47 - 2015-12-26 20:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Avira
2015-12-26 20:45 - 2015-12-26 20:45 - 00000000 ____D C:\ProgramData\Avira
2015-12-26 20:45 - 2015-12-26 20:45 - 00000000 ____D C:\Program Files (x86)\Avira
2015-12-26 19:55 - 2015-12-26 19:55 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG
2015-12-26 19:52 - 2015-12-26 21:56 - 00000000 ____D C:\ProgramData\Avg
2015-12-26 19:52 - 2015-12-26 20:21 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-26 19:51 - 2015-12-26 20:21 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2015-12-26 19:51 - 2015-12-26 19:53 - 00000000 ____D C:\Users\User\AppData\Local\AvgSetupLog
2015-12-26 18:48 - 2015-12-26 22:12 - 00000000 ____D C:\Program Files (x86)\CPUCooL
2015-12-05 10:24 - 2015-11-20 19:40 - 00157696 _____ C:\Windows\ERUNT.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 00:49 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2016-01-03 00:48 - 2015-05-31 20:48 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-01-03 00:41 - 2009-07-14 04:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 00:41 - 2009-07-14 04:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-30 01:38 - 2015-01-24 14:30 - 00000000 ____D C:\Program Files (x86)\SIW
2015-12-29 10:48 - 2009-07-14 05:13 - 00782362 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-29 10:48 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-29 10:43 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-29 10:42 - 2009-07-14 05:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-29 10:24 - 2013-11-06 23:06 - 00000000 ____D C:\Users\User\Documents\pics
2015-12-29 09:48 - 2013-09-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-29 09:22 - 2013-09-17 18:59 - 00187887 _____ C:\QcOSD.txt
2015-12-29 00:10 - 2013-12-15 17:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 00:10 - 2013-09-17 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-29 00:09 - 2013-12-15 17:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-29 00:03 - 2015-11-12 15:03 - 00003344 _____ C:\Windows\System32\Tasks\{05048E44-C7DD-414F-BAE0-3EA0C57910AC}
2015-12-29 00:03 - 2014-09-26 07:39 - 00003142 _____ C:\Windows\System32\Tasks\{BFC7781F-786B-46D1-95BA-F0562A195C5C}
2015-12-29 00:03 - 2014-03-29 20:02 - 00002888 _____ C:\Windows\System32\Tasks\{590D32C4-B139-44BA-8C72-51465DF7BD10}
2015-12-29 00:03 - 2014-02-23 20:10 - 00003116 _____ C:\Windows\System32\Tasks\{E0543823-0756-40F1-A75D-D76BFAB83634}
2015-12-29 00:02 - 2013-10-17 15:58 - 00003232 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-12-28 23:59 - 2014-12-28 01:32 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-28 23:59 - 2013-12-15 17:11 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-28 23:59 - 2013-12-15 17:11 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-28 23:59 - 2013-11-18 20:31 - 00003500 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User
2015-12-28 23:59 - 2013-09-17 22:38 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-28 09:57 - 2013-09-17 19:02 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-12-28 01:04 - 2014-09-24 22:04 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-27 10:55 - 2013-10-22 18:16 - 00000000 ____D C:\Windows\Minidump
2015-12-26 23:48 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-26 22:36 - 2013-09-06 00:48 - 00001945 _____ C:\Windows\epplauncher.mif
2015-12-26 21:59 - 2015-01-25 00:17 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-26 21:59 - 2015-01-25 00:16 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-26 21:56 - 2015-12-03 16:51 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-26 21:56 - 2015-12-03 16:51 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-26 21:56 - 2015-06-14 00:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-26 21:56 - 2015-04-04 18:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-26 21:56 - 2013-12-15 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-26 21:56 - 2013-09-18 19:01 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-12-26 21:56 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2015-12-26 20:19 - 2013-10-17 06:09 - 00000000 ____D C:\ProgramData\MFAData
2015-12-13 12:35 - 2013-10-31 16:25 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-12-09 16:38 - 2013-09-17 22:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 16:38 - 2013-09-17 22:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-10-17 15:58 - 2014-06-24 07:31 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-12-28 01:27 - 2015-01-24 14:39 - 0007629 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\User\tsMS.reg


Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\{63B3AE0F-6916-4ED8-AC57-7AFD4E92805D}-47.0.2526.106_chrome_installer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 11:35

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by User (2016-01-03 00:50:54)
Running from C:\Users\User\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-09-05 21:48:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-357035105-4179914726-231070807-500 - Administrator - Disabled)
Guest (S-1-5-21-357035105-4179914726-231070807-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-357035105-4179914726-231070807-1002 - Limited - Enabled)
User (S-1-5-21-357035105-4179914726-231070807-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{9B0EAC89-4331-A96E-C7D3-754192589BEE}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.792.5.2-120504a-138564C-Lenovo - ATI Technologies, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.0.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 7.5.4.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
BBC iPlayer Downloads (HKLM-x32\...\{797389EC-980E-423A-AFC1-1C351339DCB6}) (Version: 1.14.1 - BBC)
ccc-core-static (x32 Version: 2012.0504.2334.40448 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Convert Audio Free WMA to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free WMA to MP3_is1) (Version: 1.0 - )
CPUCooL (remove only) (HKLM-x32\...\CPUCooL) (Version:  - )
Creeper World DEMO (HKLM-x32\...\CreeperWorldDEMO.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1) (Version: 0182 - UNKNOWN)
Creeper World DEMO (x32 Version: 0182 - UNKNOWN) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free ISO Creator version 1.0 (HKLM-x32\...\{FBEF93EA-D52F-45B5-91D3-ABEACE4C7615}_is1) (Version: 1.0 - freeisocreator.com)
FrostWire 5.7.2 (HKLM-x32\...\FrostWire 5) (Version: 5.7.2.1 - FrostWire LLC)
get_iplayer 4.9 (HKLM-x32\...\get_iplayer) (Version: 4.9 - infradead.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kate's Video Toolkit 7.0 (HKLM-x32\...\VideoToolkit_is1) (Version: 7.0.0 - Web Solution Mart)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.50 - AuthenTec, Inc.)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-GB)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-GB)) (Version: 38.5.0 - Mozilla)
MS-I/II Download Utility 2.00 (HKLM-x32\...\MS-I/II Download 2.00_is1) (Version: 2.00 - Eric Fahlgren <eric@wryday.com>)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version:  - )
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Perfect Free Alarm Clock 2.0 (HKLM-x32\...\{91D277AB-FE96-4D9A-85BE-FC6E7F15EE5D}_is1) (Version: 2.0 - Celescom.com)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.61.1 - Lenovo Group Limited)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-357035105-4179914726-231070807-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Sims (HKLM-x32\...\The Sims) (Version:  - )
TunerStudio MS 2.6.19 (HKLM-x32\...\{16994070-EF3D-486D-9C26-5D5A76481726}_is1) (Version:  - EFI Analytics)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.01 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
Wondershare Streaming Audio Recorder(Build 2.2.0) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.2.0.4 - Wondershare Software)
wxMP3gain v2.4.3 (HKLM-x32\...\{A8DA0F4D-7A25-4FB1-91ED-D6481CB7CD35}_is1) (Version: 2.4.3 - Cristiano Nunes)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {075A0414-1F95-4A05-88B1-C918C809D869} - System32\Tasks\avastBCLRestartS-1-5-21-357035105-4179914726-231070807-1001 => Firefox.exe
Task: {08EECA9B-3D74-47CE-AD30-C1E99C479946} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {1F337E7A-2816-416A-A7FD-23F2AAC86817} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {2D1A9CB3-0B2E-47B0-8E69-23220D311789} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {32C73171-0240-4F2E-88E5-E154DE393059} - System32\Tasks\{590D32C4-B139-44BA-8C72-51465DF7BD10} => D:\Setup.exe
Task: {3E7A9B4A-6F50-4091-9FA6-988CFCFA00B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4C87FB07-E57C-4F08-8B4C-287F9DC8589F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-26] (AVAST Software)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5FC3F66B-61FE-4B61-AB34-06BC569162D6} - System32\Tasks\{05048E44-C7DD-414F-BAE0-3EA0C57910AC} => pcalua.exe -a C:\Users\User\Downloads\Serialio.com_PL2303_DriverInstaller_v1210\PL2303_Prolific_DriverInstaller_v1210.exe -d C:\Users\User\Downloads\Serialio.com_PL2303_DriverInstaller_v1210
Task: {66915B9A-191A-4EC7-B70C-780CE7F118B2} - System32\Tasks\{E0543823-0756-40F1-A75D-D76BFAB83634} => pcalua.exe -a C:\Users\User\Downloads\sp53631.exe -d C:\Users\User\Downloads
Task: {6EB52016-D9F6-4ACB-AFD1-F7EE4F88F136} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6FDED0A9-53D2-4E37-BFD4-FAA805BD9B0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {82916BC2-CCA9-4527-AEBE-907443560940} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {85257767-C033-4D21-80E5-3619CD2F52E1} - System32\Tasks\{BFC7781F-786B-46D1-95BA-F0562A195C5C} => pcalua.exe -a C:\Users\User\Downloads\mp3gain-win-1_2_5(1).exe -d C:\Users\User\Downloads
Task: {981FD07D-959F-416D-AF1C-03ACB5273EC8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {BA0AD8C0-5BB1-4F19-AF62-EF499EA3751C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {C775F8B8-559F-4C61-991E-7767EF351246} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F9D9E710-BE3B-4692-A398-3E5D30678AFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {FEDB8F28-CE0B-4738-92DD-A1C6E8FE206D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-06-14] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5\FrostWire 5.7.2-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 5\frostwire.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2011-12-01 16:11 - 2011-12-01 16:11 - 00743936 _____ () C:\Program Files (x86)\CPUCooL\CooLSrv.exe
2013-11-01 23:18 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-09-06 00:00 - 2013-06-14 05:01 - 00104448 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-04 22:33 - 2012-05-04 22:33 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-07-20 13:50 - 2015-07-20 13:50 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 13:50 - 2015-07-20 13:50 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-28 21:59 - 2015-12-28 21:59 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122802\algo.dll
2015-12-29 09:44 - 2015-12-29 09:44 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122900\algo.dll
2016-01-01 23:56 - 2016-01-01 23:56 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010101\algo.dll
2015-07-20 13:50 - 2015-07-20 13:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-29 01:01 - 2015-12-29 01:01 - 00153768 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-12-29 01:01 - 2015-12-29 01:01 - 00023208 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-12-09 16:38 - 2015-12-09 16:38 - 17647296 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
2015-12-02 16:58 - 2015-11-16 18:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-357035105-4179914726-231070807-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ADMonitor => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: ATService => 2
MSCONFIG\Services: dtsvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HTCMonitorService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: FingerPrintSoftwareSplashScreen => "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{010D45F2-38F8-4362-9A69-06F79B04F855}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{16B44C48-7847-435A-B06D-C8A2C8ABD1AC}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [TCP Query User{91A9C855-CB58-47F2-9B7C-FB2D4A4CE386}C:\program files (x86)\frostwire 5\frostwire.exe] => (Allow) C:\program files (x86)\frostwire 5\frostwire.exe
FirewallRules: [UDP Query User{1E60D0B1-D3A8-4313-98D2-F13F99D0034A}C:\program files (x86)\frostwire 5\frostwire.exe] => (Allow) C:\program files (x86)\frostwire 5\frostwire.exe
FirewallRules: [TCP Query User{8D4FC5D5-8431-403B-9F8B-64213070484B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E7AFDB61-1AA7-48D4-BFD1-AC5314E96204}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{A8CD80AB-BCAD-44B2-94C2-21F93CD04D57}C:\users\user\desktop\u1304.exe] => (Allow) C:\users\user\desktop\u1304.exe
FirewallRules: [UDP Query User{812402CC-9E11-4F7A-93AB-8132E93622CF}C:\users\user\desktop\u1304.exe] => (Allow) C:\users\user\desktop\u1304.exe
FirewallRules: [{C5BD6E20-F63A-4342-89FE-2B6CFBA68B68}] => (Allow) C:\Users\User\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{7A0C8BC1-9B93-4B28-BD87-ED34EA56B05E}] => (Allow) C:\Users\User\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{FAC69A8F-B62B-4DC4-B73E-14B7AE7D8EE3}] => (Allow) C:\Users\User\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{DF06C2FB-7CB1-4B80-8294-6DA7FD095E6E}] => (Allow) C:\Users\User\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{5BFA7775-1205-446D-BB2D-6806566974F4}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{5B32F9FA-2117-408A-B490-AB6A287B5B9C}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{CAC02008-43C1-4F4E-8565-9438D1303427}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E6258B1A-AA95-4CEE-B409-C2827C485A3C}] => (Allow) LPort=2869
FirewallRules: [{473AE24B-7F89-4293-B43B-9949EE41D1F0}] => (Allow) LPort=1900
FirewallRules: [{60C33D49-0216-4CF7-88BC-37CFE467E5E0}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{CF048F83-CCF6-4807-A44B-C62C6E8BE059}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [UDP Query User{ED3BAE33-D632-4FCC-A298-1062B7568C4F}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{CB66E65A-909D-4BEE-B1E7-F7647DFE68C2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{08BB2E7B-42CF-4137-A2F7-65BEA50CB121}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{387B9180-6876-4A79-84AA-50DF1B6743A9}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [{691666FE-FEF6-44B6-B0F5-740F4CB56D1B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{BB51499B-2A6C-4F5E-A6DA-56E6661C6454}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FFEC6B5E-7F1A-4F3B-8E2C-3002F43C273E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E84C3B6C-6FAB-4BA2-911A-4B059438F9BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2720192F-AD44-4A6E-9A8B-3FE8B30B4FD1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7121BEF2-F52B-4B2E-B630-E1935B40B649}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5799D09B-156B-464B-90EB-A93591FBD8D7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DD1F4948-6E37-4E7A-903F-53924F2429B2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1F5E868D-F987-4B86-B067-AF9769BD6DCC}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3D4B745B-AFE0-4C00-9BAF-39C1938E7350}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E1183FB5-F20A-4C5D-A84B-808F73D832BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCCAC7B8-E500-4AFF-BFFE-94979A847650}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB9E7F06-08E8-4798-9A66-814C77D1BF7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9951B29A-6865-43A2-BFA1-C552D730FD63}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1984F1DD-318C-46C2-BE9B-FB371ECA3C38}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE714290-73FB-44BD-BCA2-ACA185CCC83D}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E06CFA97-6E83-47F9-B161-4A75C2654EC6}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DEFB27A1-EB17-4471-A359-558F0441DD13}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{82693AB3-EADD-4BA9-ACCA-648709050814}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

28-12-2015 01:22:03 JRT Pre-Junkware Removal
30-12-2015 11:31:15 Windows Update

==================== Faulty Device Manager Devices =============

Name: ATI Mobility Radeon HD 3400 Series  
Description: ATI Mobility Radeon HD 3400 Series  
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2016 11:59:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/31/2015 01:22:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.3.5835, time stamp: 0x567b4c13
Faulting module name: mozglue.dll, version: 43.0.3.5835, time stamp: 0x567b3f6a
Exception code: 0x80000003
Fault offset: 0x0000ed56
Faulting process id: 0xe4c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/31/2015 09:53:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/30/2015 11:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.3.5835, time stamp: 0x567b4c13
Faulting module name: mozglue.dll, version: 43.0.3.5835, time stamp: 0x567b3f6a
Exception code: 0x80000003
Fault offset: 0x0000ed56
Faulting process id: 0x12c0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/30/2015 12:03:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/30/2015 12:54:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/30/2015 12:54:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/30/2015 12:54:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/30/2015 12:54:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/29/2015 10:44:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/31/2015 10:30:18 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F795197E-B8AB-4A2F-9A13-72644BA17E62}.
The backup browser is stopping.

Error: (12/30/2015 10:00:23 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F795197E-B8AB-4A2F-9A13-72644BA17E62}.
The backup browser is stopping.

Error: (12/30/2015 10:28:15 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F795197E-B8AB-4A2F-9A13-72644BA17E62}.
The backup browser is stopping.

Error: (12/30/2015 10:20:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (12/30/2015 01:40:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/30/2015 01:40:30 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/30/2015 01:40:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/30/2015 01:40:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/30/2015 01:40:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/30/2015 01:40:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8086.02 MB
Available physical RAM: 4902.67 MB
Total Virtual: 20213.23 MB
Available Virtual: 17053.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:130.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00034145)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

If anyone can take a look and offer an opinion, it will be much apreciated.

Thanks

Andrew

Attached Files



BC AdBot (Login to Remove)

 


#2 mowersman

mowersman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:05:51 PM

Posted 02 January 2016 - 08:13 PM

Apologies, I appear to have managed to post this twice. I retried as the first time I posted and error came up.

Cheers

Andrew



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,554 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 03 January 2016 - 10:25 AM

Duplicate posts. It will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users