Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generally sluggish PC


  • This topic is locked This topic is locked
9 replies to this topic

#1 kanderna

kanderna

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 04 January 2016 - 02:55 PM

PC is generally slow and sluggish overall. It's a Lenovo ThinkPad T510 running Win 7 Pro 64-bit w/ SP1. 4GB RAM. Notice it mostly as I'm using Chrome.  Typically not more than 7-8 tabs.  It's incredibly bad when waking from sleep state or coming out of screen saver mode.  Consists of a lot of brief locks/freezes, busy ring, etc. I've seen periods of high-90% memory use, as well as periods of abnormally high CPU usage. I've performed everything detailed in the "It May Not be Malware" thread.  Just looking for some relief. :)  Here is my FRST log, and Addition.txt is attached.  Thanks!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by kanderna (administrator) on KANDERNA-THINK (04-01-2016 13:37:36)
Running from C:\Users\kanderna\Downloads
Loaded Profiles: kanderna (Available Profiles: UpdatusUser & kanderna)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
() C:\Users\kanderna\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\kanderna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Amazon Digital Services, LLC.) C:\Users\kanderna\AppData\Local\Apps\2.0\T9WGDLZB.N0D\OWK29B9X.2NL\amaz..tion_f2fa081ea2183235_0002.0004_0c018c80838139f6\AmazonCloudDrive.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Sun Microsystems, Inc.) C:\Users\kanderna\AppData\Local\Apps\2.0\T9WGDLZB.N0D\OWK29B9X.2NL\amaz..tion_f2fa081ea2183235_0002.0004_0c018c80838139f6\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [5990200 2011-06-10] (Lenovo Group Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\...\MountPoints2: D - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\...\MountPoints2: F - F:\TL-Bootstrap.exe
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\...\MountPoints2: {9f18c098-1d44-11e0-bd3a-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [301936 2010-11-10] (Microsoft Corporation)
Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kanderna\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-01-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2012-03-03]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\kanderna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms [2013-07-12] ()
Startup: C:\Users\kanderna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\kanderna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5377D94B-842E-4CF2-8FCB-51F033469B4D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EEDCAD09-5E24-4170-86F3-75554EA99424}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {D694F00E-E205-4E07-B7E5-EAFF465798B4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {D694F00E-E205-4E07-B7E5-EAFF465798B4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D8B2C6F1-7A2A-446F-B9A5-B427843284F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D8B2C6F1-7A2A-446F-B9A5-B427843284F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {D8B2C6F1-7A2A-446F-B9A5-B427843284F3} URL = 
SearchScopes: HKU\S-1-5-21-2700577085-2334638331-2386605034-1002 -> DefaultScope {1F431295-E68A-43A5-98CD-C1D2E839D703} URL = 
SearchScopes: HKU\S-1-5-21-2700577085-2334638331-2386605034-1002 -> {D694F00E-E205-4E07-B7E5-EAFF465798B4} URL = 
SearchScopes: HKU\S-1-5-21-2700577085-2334638331-2386605034-1002 -> {D8B2C6F1-7A2A-446F-B9A5-B427843284F3} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2011-06-10] (Lenovo Group Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.winkflash.com/PHOTO/loaders/ImageUploader5.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} hxxps://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {8D59819B-2067-4A6B-84F4-7F84570E3C30} hxxp://192.168.1.25/img/LinksysMLViewer.cab
DPF: HKLM-x32 {D2F7A5D7-651D-4044-A3C6-3F818B2052C5} hxxp://192.168.1.69/adm/LinksysMLAlertCfg.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2700577085-2334638331-2386605034-1002: @tools.google.com/Google Update;version=3 -> C:\Users\kanderna\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2700577085-2334638331-2386605034-1002: @tools.google.com/Google Update;version=9 -> C:\Users\kanderna\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2700577085-2334638331-2386605034-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\kanderna\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-12] [not signed]
FF HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://mail.yahoo.com/","hxxp://mail.google.com/","hxxp://www.hotmail.com/","hxxp://my.ebay.com/","hxxps://twitter.com/"
CHR Profile: C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (*Split Screen*) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eachfleknamlcepmplpdghagngjfjkin [2014-10-13]
CHR Extension: (Google Sheets) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-08-29]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2015-03-31]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\kanderna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKU\S-1-5-21-2700577085-2334638331-2386605034-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.QOSTI5TJUAEHR5XKGP3C6FW5TE - C:\Users\kanderna\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-09-03] (Lenovo.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-11-11] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed]
S2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw01.sys [11532704 2015-03-12] (Intel Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-01-10] ()
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-04 13:37 - 2016-01-04 13:37 - 02370560 _____ (Farbar) C:\Users\kanderna\Downloads\FRST64.exe
2016-01-04 13:37 - 2016-01-04 13:37 - 00035154 _____ C:\Users\kanderna\Downloads\FRST.txt
2016-01-04 11:45 - 2016-01-04 13:37 - 00000000 ____D C:\FRST
2016-01-03 11:46 - 2016-01-03 11:47 - 00404480 _____ C:\Users\kanderna\Downloads\FootballBowl15-16 (3).xls
2015-12-31 12:37 - 2016-01-03 08:23 - 00400896 _____ C:\Users\kanderna\Downloads\FootballBowl15-16 (2).xls
2015-12-28 15:48 - 2015-12-28 15:48 - 00126340 _____ C:\Users\kanderna\Downloads\Statement_11-17-2015 (2).PDF
2015-12-28 15:28 - 2015-12-28 15:28 - 00126340 _____ C:\Users\kanderna\Downloads\Statement_11-17-2015 (1).PDF
2015-12-28 15:27 - 2015-12-28 15:27 - 00125472 _____ C:\Users\kanderna\Downloads\Statement_10-16-2015.PDF
2015-12-28 15:26 - 2015-12-28 15:26 - 00184266 _____ C:\Users\kanderna\Downloads\Statement_11-06-2014.PDF
2015-12-28 15:15 - 2015-12-28 15:15 - 00126340 _____ C:\Users\kanderna\Downloads\Statement_11-17-2015.PDF
2015-12-28 15:12 - 2015-12-28 15:12 - 00174171 _____ C:\Users\kanderna\Downloads\Statement_10-06-2014 (1).PDF
2015-12-28 15:04 - 2015-12-28 15:04 - 00053426 _____ C:\Users\kanderna\Downloads\Statement_12-27-2015 (1).PDF
2015-12-28 15:03 - 2015-12-28 15:03 - 00052501 _____ C:\Users\kanderna\Downloads\Statement_12-27-2015.PDF
2015-12-28 14:42 - 2015-12-28 14:42 - 00174171 _____ C:\Users\kanderna\Downloads\Statement_10-06-2014.PDF
2015-12-27 21:46 - 2015-12-27 21:46 - 00250085 _____ C:\Users\kanderna\Desktop\3DayPottyTraining (3).pdf
2015-12-27 21:45 - 2015-12-27 21:45 - 00250085 _____ C:\Users\kanderna\Downloads\3DayPottyTraining (3).pdf
2015-12-27 21:44 - 2015-12-27 21:45 - 00250085 _____ C:\Users\kanderna\Downloads\3DayPottyTraining (2).pdf
2015-12-26 22:00 - 2015-12-26 23:32 - 00000000 ____D C:\Users\kanderna\AppData\Local\Microsoft Games
2015-12-23 23:16 - 2015-12-23 23:16 - 01182890 _____ C:\Users\kanderna\Downloads\050102081605.mp4
2015-12-22 17:36 - 2015-12-22 17:36 - 00615846 _____ C:\Users\kanderna\Downloads\Application.pdf
2015-12-22 11:44 - 2015-12-22 11:44 - 01613343 _____ C:\Users\kanderna\Downloads\151222114053.mp4
2015-12-21 15:19 - 2015-12-21 15:19 - 01145298 _____ C:\Users\kanderna\Downloads\scan0003.pdf
2015-12-19 20:59 - 2015-12-31 01:07 - 00221184 _____ C:\Users\kanderna\Downloads\FootballBowl15-16 (1).xls
2015-12-18 21:59 - 2015-12-18 21:59 - 00183612 _____ C:\Users\kanderna\Downloads\gx4100-coffee-herb-and-spice-grinder.pdf
2015-12-18 12:27 - 2015-12-18 12:27 - 00195219 _____ C:\Users\kanderna\Downloads\EligibilityNotice (4).pdf
2015-12-18 12:19 - 2015-12-18 12:19 - 00195219 _____ C:\Users\kanderna\Downloads\EligibilityNotice (3).pdf
2015-12-18 12:12 - 2015-12-18 12:12 - 00195219 _____ C:\Users\kanderna\Downloads\EligibilityNotice (2).pdf
2015-12-18 12:09 - 2015-12-18 12:09 - 00195219 _____ C:\Users\kanderna\Downloads\EligibilityNotice (1).pdf
2015-12-18 12:06 - 2015-12-18 12:06 - 00195219 _____ C:\Users\kanderna\Downloads\EligibilityNotice.pdf
2015-12-18 07:27 - 2015-12-18 09:33 - 00219648 _____ C:\Users\kanderna\Downloads\FootballBowl15-16.xls
2015-12-15 18:38 - 2015-12-15 18:38 - 00198651 _____ C:\Users\kanderna\Downloads\Installing_and_Using_Type_To_Learn_4_at_Home.pdf
2015-12-15 08:47 - 2015-12-15 08:47 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-15 08:47 - 2015-12-15 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-15 08:46 - 2015-12-15 08:47 - 00000000 ____D C:\Program Files\iTunes
2015-12-15 08:46 - 2015-12-15 08:46 - 00000000 ____D C:\Program Files\iPod
2015-12-15 08:46 - 2015-12-15 08:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-12 16:43 - 2015-12-12 16:43 - 04194304 _____ C:\Users\kanderna\Downloads\DYRH08-510-100101.bin
2015-12-11 22:10 - 2015-12-11 22:10 - 00000000 ____D C:\Windows\rescache
2015-12-11 14:45 - 2015-12-11 14:46 - 00010921 _____ C:\Users\kanderna\Downloads\Kyle-Andernacht.pdf
2015-12-10 19:35 - 2015-12-10 19:35 - 00000000 ____D C:\Users\kanderna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 08:19 - 2016-01-02 16:04 - 00082944 _____ C:\Users\kanderna\Desktop\28 Club TEMP.xls
2015-12-09 08:35 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 08:35 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 08:34 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 08:34 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 08:34 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 08:34 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 08:34 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 08:34 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 08:34 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 08:34 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 08:34 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 08:34 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 08:33 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 08:33 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 08:33 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 08:33 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 08:33 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 08:33 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 08:33 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 08:33 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 08:33 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 08:33 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 08:33 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 08:33 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 08:33 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 08:33 - 2015-10-08 17:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-09 08:33 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 08:33 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 08:33 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 08:33 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 08:33 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 08:33 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 08:33 - 2015-10-08 17:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-09 08:33 - 2015-10-08 13:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 08:33 - 2015-10-08 12:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-09 08:32 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 08:32 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 08:32 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 08:32 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 08:32 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 08:32 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 08:32 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 08:32 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 08:32 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 08:32 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 08:32 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 08:32 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 08:32 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 08:32 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 08:32 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 08:32 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 08:32 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 08:32 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 08:32 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 08:32 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 08:32 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 08:32 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 08:32 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 08:32 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 08:32 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 08:32 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 08:32 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 08:32 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 08:32 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 08:32 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 08:32 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 08:32 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 08:32 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 08:32 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 08:32 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 08:32 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 08:32 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 08:32 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 08:32 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 08:32 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 08:32 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 08:32 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 08:32 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 08:32 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 08:32 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 08:32 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 08:32 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 08:32 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 08:32 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 08:32 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 08:32 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 08:32 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 08:32 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 08:32 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 08:32 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 08:32 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 08:32 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 08:32 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 08:32 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 08:32 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 08:32 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 08:32 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 08:32 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 08:32 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 08:26 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 08:26 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 21:25 - 2015-12-08 21:25 - 00000000 ____D C:\Users\kanderna\AppData\Roaming\VSRevoGroup
2015-12-08 20:21 - 2015-12-08 20:21 - 00001279 _____ C:\Users\kanderna\Desktop\Revo Uninstaller.lnk
2015-12-08 20:21 - 2015-12-08 20:21 - 00000000 ____D C:\Users\kanderna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-08 20:21 - 2015-12-08 20:21 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-08 20:17 - 2015-12-08 20:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\kanderna\Downloads\revosetup.exe
2015-12-08 18:15 - 2015-12-08 18:15 - 00008419 _____ C:\Users\kanderna\Downloads\pagedfrg.hlp
2015-12-08 16:43 - 2015-12-08 16:43 - 00089600 _____ C:\Users\kanderna\Downloads\Football15 wk14 Final Standings.xls
2015-12-08 10:18 - 2015-12-08 10:18 - 00042074 _____ C:\Users\kanderna\Downloads\Building Use Agreement (1).pdf
2015-12-08 10:15 - 2015-12-08 10:16 - 00042074 _____ C:\Users\kanderna\Downloads\Building Use Agreement.pdf
2015-12-08 10:03 - 2015-12-08 10:03 - 04647180 _____ C:\Users\kanderna\Downloads\Training Outline_v5.pptx
2015-12-08 09:42 - 2015-12-08 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-05 08:50 - 2015-12-08 14:33 - 00079872 _____ C:\Users\kanderna\Downloads\Football15 wk14 (2).xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-04 13:35 - 2011-01-11 00:10 - 00000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-01-04 13:33 - 2015-02-28 08:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 13:28 - 2011-01-11 00:10 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-01-04 13:24 - 2012-08-18 06:44 - 00000000 ____D C:\Users\kanderna\AppData\Local\Deployment
2016-01-04 13:23 - 2014-11-09 13:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-04 13:19 - 2009-07-13 22:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-04 13:19 - 2009-07-13 22:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-04 13:17 - 2012-08-18 06:45 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2700577085-2334638331-2386605034-1002UA.job
2016-01-04 13:12 - 2015-06-20 11:01 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2700577085-2334638331-2386605034-1002UA.job
2016-01-04 12:38 - 2011-01-23 13:52 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2CB0B0BF-805F-456B-9B7C-89EB28EED6C6}
2016-01-04 12:23 - 2014-11-09 13:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-04 11:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-04 11:13 - 2009-07-13 23:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-04 11:13 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-04 10:54 - 2011-02-15 23:50 - 00000000 ____D C:\ProgramData\MFAData
2016-01-04 10:27 - 2015-12-03 17:00 - 00000000 ___RD C:\Users\kanderna\Google Drive
2016-01-04 10:25 - 2012-12-06 22:10 - 00000000 ___RD C:\Users\kanderna\Dropbox
2016-01-04 10:24 - 2012-12-06 22:07 - 00000000 ____D C:\Users\kanderna\AppData\Roaming\Dropbox
2016-01-04 10:21 - 2014-10-04 22:39 - 00000000 ____D C:\Users\kanderna\AppData\Local\HTC MediaHub
2016-01-04 10:17 - 2011-01-10 23:51 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-04 10:17 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 07:26 - 2015-06-20 11:00 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2700577085-2334638331-2386605034-1002Core.job
2016-01-03 22:17 - 2012-08-18 06:45 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2700577085-2334638331-2386605034-1002Core.job
2015-12-31 10:47 - 2011-01-24 23:41 - 00000000 ____D C:\Users\kanderna\AppData\Roaming\SoftGrid Client
2015-12-28 16:22 - 2015-11-29 21:20 - 00003438 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2015-12-23 23:19 - 2014-10-23 06:43 - 02565632 ___SH C:\Users\kanderna\Downloads\Thumbs.db
2015-12-23 09:55 - 2011-01-25 21:28 - 00000000 ____D C:\Users\kanderna\Documents\Personal
2015-12-22 11:28 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-19 20:22 - 2012-12-22 23:30 - 00001345 _____ C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2015-12-19 19:22 - 2011-09-09 06:12 - 00000000 ____D C:\Users\kanderna\AppData\Roaming\dvdcss
2015-12-18 03:29 - 2014-11-09 13:51 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-18 03:22 - 2015-04-05 22:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 03:22 - 2015-04-05 22:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-15 22:16 - 2012-08-18 06:45 - 00002401 _____ C:\Users\kanderna\Desktop\Google Chrome.lnk
2015-12-15 08:46 - 2011-01-23 14:57 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-10 08:22 - 2015-05-14 06:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-10 03:49 - 2009-07-13 23:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-10 03:48 - 2009-07-13 22:45 - 00365392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 03:47 - 2012-05-12 11:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 03:47 - 2012-05-12 11:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 03:26 - 2012-05-12 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 03:22 - 2013-07-12 17:08 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 03:07 - 2011-02-11 20:36 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:51 - 2011-01-23 17:49 - 00000000 ____D C:\Users\kanderna\AppData\Roaming\Trillian
2015-12-08 22:21 - 2011-01-23 13:42 - 00102592 _____ C:\Users\kanderna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-08 22:12 - 2011-02-22 23:32 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2015-12-08 22:10 - 2011-02-22 23:33 - 00000000 ____D C:\Users\kanderna\AppData\Local\Research In Motion
2015-12-08 14:47 - 2014-05-27 21:03 - 00000000 ____D C:\Users\kanderna\AppData\LocalLow\Company
2015-12-08 13:47 - 2015-02-28 08:37 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-08 13:47 - 2015-02-28 08:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-08 13:47 - 2012-04-26 21:56 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2015-12-08 13:27 - 2011-01-23 21:55 - 00000000 ____D C:\Program Files (x86)\PathSync
 
==================== Files in the root of some directories =======
 
2011-02-22 23:33 - 2011-10-11 22:22 - 0000616 _____ () C:\Users\kanderna\AppData\Roaming\Rim.Desktop.Exception.log
2011-02-22 23:33 - 2015-12-08 22:08 - 0004229 _____ () C:\Users\kanderna\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-06-09 21:47 - 2011-10-11 22:22 - 0000231 _____ () C:\Users\kanderna\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-03-29 08:18 - 2013-08-12 16:21 - 0893239 _____ () C:\Users\kanderna\AppData\Local\a.zip
2013-03-29 08:18 - 2013-08-12 16:21 - 2162416 _____ (Catalina Marketing Corp) C:\Users\kanderna\AppData\Local\BcsKtYcHW.dll
2011-02-22 23:34 - 2011-10-11 22:19 - 0012288 _____ () C:\Users\kanderna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-27 21:10 - 2014-05-27 21:10 - 0000058 _____ () C:\Users\kanderna\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2012-06-14 20:23 - 2012-06-14 20:23 - 0034764 _____ () C:\Users\kanderna\AppData\Local\dt.dat
2011-05-12 19:07 - 2015-10-20 17:01 - 0002040 _____ () C:\ProgramData\hpzinstall.log
2012-01-21 22:51 - 2014-12-29 01:25 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
ZeroAccess:
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\00000001.@
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\80000000.@
 
ZeroAccess:
C:\Users\kanderna\AppData\Local\{460c0666-a216-9c3b-c5f5-7fa5ae023185}
C:\Users\kanderna\AppData\Local\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@
 
Some files in TEMP:
====================
C:\Users\kanderna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2jpmwl.dll
C:\Users\kanderna\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-30 13:32
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 04 January 2016 - 08:15 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello kanderna,

Welcome to Bleeping Computer!  My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 04 January 2016 - 09:47 PM

Hello kanderna,

 

 

Backup your registry using TCRB

  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

 

 

Next..

 

 

RogueKiller

  • Please download RogueKiller and save it to your desktop.
  • Right-click on RogueKiller.exe and select Run as administrator
  • The tool will now start to run a Prescan, wait until it is finished.
  • When the Prescan is over, select Scan.
  • Once the Scan has finished, click on Report.
  • A window entitled Rogue Killer will open, please post the contents in your next reply.


I need you to run an online scan..


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to  ESET online scannner

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

 

 

-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Rogue Killer report
  • ESET log

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 kanderna

kanderna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 January 2016 - 02:29 PM

Hi mAL,

Just a quick update. Running ESET now. 5.5 hrs in at 31%. Is that expected?

Also, I haven't been using my PC at all during the process due to your "do not use mouse or keyboard" instruction. Assume I should continue to not use?

#5 kanderna

kanderna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 January 2016 - 02:56 PM

Oddly enough, shortly after posting that update, ESET finished about 20 minutes later... the final 69% must have flown by.

 

I had no problems running any of the above steps. The only detail not outlined was the install of OnlineScanner.cab after hitting Start on ESET.

 

Here is the RK report:

 

RogueKiller V11.0.6.0 [Jan  4 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : kanderna [Administrator]
Started from : C:\Users\kanderna\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/05/2016 01:47:20
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 22 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG SafeGuard toolbar -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG Security Toolbar -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2700577085-2334638331-2386605034-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2700577085-2334638331-2386605034-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo.msn.com  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2700577085-2334638331-2386605034-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2700577085-2334638331-2386605034-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[ZeroAccess][File] C:\Windows\installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@ -> Found
[ZeroAccess][File] C:\Users\kanderna\AppData\Local\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@ -> Found
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] feeae33c843c055ef62ddc84bc4108c6
[BSP] bf3f796ae5ff359a6a4dc95ff5db2e58 : Lenovo|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 463737 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 952195072 | Size: 12000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
========================================ESET LOG=============================
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=cb3b0b403fc9c84ca749515cff5f3425
# end=init
# utc_time=2016-01-05 01:27:29
# local_time=2016-01-05 07:27:29 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27501
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=cb3b0b403fc9c84ca749515cff5f3425
# end=updated
# utc_time=2016-01-05 01:52:46
# local_time=2016-01-05 07:52:46 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=cb3b0b403fc9c84ca749515cff5f3425
# engine=27501
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-05 07:50:26
# local_time=2016-01-05 01:50:26 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 77656245 203566876 0 0
# scanned=732799
# found=32
# cleaned=0
# scan_time=21458
sh=A542B94C7286009E09CF4707DBC9E1B00ACF4B77 ft=1 fh=f3e8f5faf657ebd7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Documents and Settings\kanderna\AppData\LocalLow\Sun\Java\jre1.7.0_10\java_sp.dll"
sh=36DB0DAF28589B0DE8BC499A09E9D9BCD59B911D ft=1 fh=25bb24e89fdb0a45 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Documents and Settings\kanderna\Desktop\FreemakeVideoConverterSetup.exe"
sh=9C99718BFF3930BF4F1A058AFF6B8EAFD070727D ft=1 fh=07c8e023c3c3d787 vn="a variant of Win32/Keygen.AQ potentially unsafe application" ac=I fn="C:\Documents and Settings\kanderna\Documents\Application Executables\From Torrent\Sony Vegas 6.0c + DVD Architect 3.0c\Sony DVD Architect 3.0c\SonyProducts-Keygen.exe"
sh=9C99718BFF3930BF4F1A058AFF6B8EAFD070727D ft=1 fh=07c8e023c3c3d787 vn="a variant of Win32/Keygen.AQ potentially unsafe application" ac=I fn="C:\Documents and Settings\kanderna\Documents\Application Executables\From Torrent\Sony Vegas 6.0c + DVD Architect 3.0c\Sony Vegas 6.0c\SonyProducts-Keygen.exe"
sh=44E34A85C91844078026BF34BDA80A70171E8AE1 ft=1 fh=3dc820cef94303cb vn="Win32/Joke.Flash.A potentially unsafe application" ac=I fn="C:\Documents and Settings\kanderna\Documents\Personal\Email Fun\IAmGay.EXE"
sh=AE2D4F5383CE23382006DA6ED368C3D45239C11C ft=1 fh=2a7a9ac07cbef117 vn="Joke.Mona.A potentially unsafe application" ac=I fn="C:\Documents and Settings\kanderna\Documents\Personal\Email Fun\MonaLisa.exe"
sh=52F9246D2AA019A5033F719CA022224770970955 ft=1 fh=64173cc1341c8712 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Documents and Settings\kanderna\Downloads\CouponPrinter.exe"
sh=F029289591CAA8AD07D1CB2D238E0B514CB718E1 ft=1 fh=fedaa6dd4669df08 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Documents and Settings\kanderna\Downloads\CouponPrinterCPS (1).exe"
sh=F029289591CAA8AD07D1CB2D238E0B514CB718E1 ft=1 fh=fedaa6dd4669df08 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Documents and Settings\kanderna\Downloads\CouponPrinterCPS.exe"
sh=C376A99075B8ED683475F34CEA5CC8B73BCB5DC5 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.IX potentially unwanted application" ac=I fn="C:\Documents and Settings\kanderna\Downloads\The+Goldbergs+S02E18+avi.ace"
sh=F45076B2F1F60EB182AD7964BA3CC9378308CBA4 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan" ac=I fn="C:\Documents and Settings\kanderna\Favorites\Brew\Wort-O-Matic.url"
sh=E0B37C57E99FE566CE70DE1FE6B0A8E222BC133A ft=1 fh=040dd3f1fe168480 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll"
sh=A542B94C7286009E09CF4707DBC9E1B00ACF4B77 ft=1 fh=f3e8f5faf657ebd7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\kanderna\AppData\LocalLow\Sun\Java\jre1.7.0_10\java_sp.dll"
sh=36DB0DAF28589B0DE8BC499A09E9D9BCD59B911D ft=1 fh=25bb24e89fdb0a45 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\kanderna\Desktop\FreemakeVideoConverterSetup.exe"
sh=9C99718BFF3930BF4F1A058AFF6B8EAFD070727D ft=1 fh=07c8e023c3c3d787 vn="a variant of Win32/Keygen.AQ potentially unsafe application" ac=I fn="C:\Users\kanderna\Documents\Application Executables\From Torrent\Sony Vegas 6.0c + DVD Architect 3.0c\Sony DVD Architect 3.0c\SonyProducts-Keygen.exe"
sh=9C99718BFF3930BF4F1A058AFF6B8EAFD070727D ft=1 fh=07c8e023c3c3d787 vn="a variant of Win32/Keygen.AQ potentially unsafe application" ac=I fn="C:\Users\kanderna\Documents\Application Executables\From Torrent\Sony Vegas 6.0c + DVD Architect 3.0c\Sony Vegas 6.0c\SonyProducts-Keygen.exe"
sh=44E34A85C91844078026BF34BDA80A70171E8AE1 ft=1 fh=3dc820cef94303cb vn="Win32/Joke.Flash.A potentially unsafe application" ac=I fn="C:\Users\kanderna\Documents\Personal\Email Fun\IAmGay.EXE"
sh=AE2D4F5383CE23382006DA6ED368C3D45239C11C ft=1 fh=2a7a9ac07cbef117 vn="Joke.Mona.A potentially unsafe application" ac=I fn="C:\Users\kanderna\Documents\Personal\Email Fun\MonaLisa.exe"
sh=52F9246D2AA019A5033F719CA022224770970955 ft=1 fh=64173cc1341c8712 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Users\kanderna\Downloads\CouponPrinter.exe"
sh=F029289591CAA8AD07D1CB2D238E0B514CB718E1 ft=1 fh=fedaa6dd4669df08 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Users\kanderna\Downloads\CouponPrinterCPS (1).exe"
sh=F029289591CAA8AD07D1CB2D238E0B514CB718E1 ft=1 fh=fedaa6dd4669df08 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Users\kanderna\Downloads\CouponPrinterCPS.exe"
sh=C376A99075B8ED683475F34CEA5CC8B73BCB5DC5 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.IX potentially unwanted application" ac=I fn="C:\Users\kanderna\Downloads\The+Goldbergs+S02E18+avi.ace"
sh=F45076B2F1F60EB182AD7964BA3CC9378308CBA4 ft=0 fh=0000000000000000 vn="LNK/Agent.CH trojan" ac=I fn="C:\Users\kanderna\Favorites\Brew\Wort-O-Matic.url"
sh=50F7ECDEFD781BF41BEBDC15F589D1B085D65CD2 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\209caa22.msi"
sh=A8BF1B83256AD9B04605A52A3595599E16B12456 ft=1 fh=6a77b069009f22dc vn="Win64/Sirefef.AI trojan" ac=I fn="C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\00000001.@"
sh=041E31A5767DAAE7B2DCDD9342CC526518DED675 ft=1 fh=64c30ce391be3cb6 vn="Win64/Sirefef.AE trojan" ac=I fn="C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\80000000.@"
sh=ED4DF25BD05FCE872039EAAE6F0CE23A55FDBD84 ft=0 fh=0000000000000000 vn="HTML/Hoax.FastDownload.C.Gen application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L190SZ0T\firstload_com[1].htm"
sh=62757368F4E2FEC1714D09699B3A95DA66930E59 ft=0 fh=0000000000000000 vn="JS/Agent.NEY trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH7VPCTZ\201fgro[1].htm"
sh=A13209FBFF5585ECBE0190D080BF7BFC6C00BA43 ft=0 fh=0000000000000000 vn="JS/Agent.NEY trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH7VPCTZ\201fgro[2].htm"
sh=F105D478ADB83EC6EBBBAE1BB12A9426FDD7C4A8 ft=0 fh=0000000000000000 vn="HTML/Iframe.B trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RH7VPCTZ\index7[1].htm"
sh=FBEF54C6E48E403C141A1F3A09AC632AE8D15F82 ft=0 fh=0000000000000000 vn="JS/Agent.NEY trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRC9TTBI\371n0ry[1].htm"
 


#6 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 05 January 2016 - 08:28 PM

Hello kanderna,

Your computer has been compromised by a "Remote Access Infection"..
 

From the FRST log:

ZeroAccess:
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\00000001.@
C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\80000000.@
 
ZeroAccess:
C:\Users\kanderna\AppData\Local\{460c0666-a216-9c3b-c5f5-7fa5ae023185}
C:\Users\kanderna\AppData\Local\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@


From the RogueKiller log:

[ZeroAccess][File] C:\Windows\installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@ -> Found
[ZeroAccess][File] C:\Users\kanderna\AppData\Local\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\@ -> Found


From the ESET log:

sh=A8BF1B83256AD9B04605A52A3595599E16B12456 ft=1 fh=6a77b069009f22dc vn="Win64/Sirefef.AI trojan" ac=I fn="C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\00000001.@"
sh=041E31A5767DAAE7B2DCDD9342CC526518DED675 ft=1 fh=64c30ce391be3cb6 vn="Win64/Sirefef.AE trojan" ac=I fn="C:\Windows\Installer\{460c0666-a216-9c3b-c5f5-7fa5ae023185}\U\80000000.@"

ZeroAccess, otherwise know as Sirefef is a very serious infection.  Please take the time to read and get acquainted with the following article: Remote Access Infections ... (why you should repave).

Whether you decide to reformat or clean your computer is up to you, but it's important that you make an informed decision.  Let me know what you want to do in your next post and we will proceed accordingly :)

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#7 kanderna

kanderna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 January 2016 - 08:57 PM

Wow... incredible.  Now, at least in the immediate term, I need to opt for the clean.  I will repave soon, but after I'm able to save some information from my HDD.


Edited by kanderna, 06 January 2016 - 12:50 PM.


#8 kanderna

kanderna
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 06 January 2016 - 12:50 PM

OK, I think I've got everything, so I'll go ahead and reformat.

 

I'm pretty comfortable with that process but would like your opinion...

 

- Thoughts on Windows 10? My PC keeps nagging me to do the free upgrade, but not sure if I should. If so, should I make that upgrade before reinstalling my software and/or updating drivers?

 

 

A few questions about the infection:

- Any way to tell how long I've had it or how I got it?

- Why didn't my Malware or Virus software pick up on it?

- Since I have it, does that mean, with 100% certainty that someone is using it?

- Does having my Remote Access services disabled have any effect on the infection?


Edited by kanderna, 06 January 2016 - 12:53 PM.


#9 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 06 January 2016 - 08:17 PM

Hello kanderna,
 

OK, I think I've got everything, so I'll go ahead and reformat.

This is a wise choice.  If it was my computer, I would do the same :)




Thoughts on Windows 10? My PC keeps nagging me to do the free upgrade, but not sure if I should. If so, should I make that upgrade before reinstalling my software and/or updating drivers?

When it comes to Windows 10, the opinions seem to be a bit mixed.  A lot of people say it is great and a lot say the opposite.  Personally, I have decided not to switch over to Windows 10 for several reasons.  One of them being, that I am quite satisfied with Windows 7 and I do not appreciate the fact that Microsoft is trying to "force" me to upgrade to Windows 10.  The choice is yours to make and before making any decision, it might be best to do some research.  If you are thinking about "upgrading" to Windows 10 after you have performed a Reformat, please take a look at the following thread:





A few questions about the infection:

These are all very good questions and I will try to answer them as best as I can.



- Any way to tell how long I've had it or how I got it?

By looking over the logs you provided, I am unable to say how long your computer has been infected with ZeroAccess.  As far as how your computer got infected in the first place, it could be any number of reasons.  However, I would like to warn you that using Peer-to-peer (P2P) programs such as Vuze is a sure way to get infected.  As you can see from the lines taken from your logs, Vuze is allowed to bypass your firewall.  This basically means that anything can go in and out of your computer without asking for your permission.  It's no surprise that most people who get infected are P2P users.  Please follow my advice and stay away from peer-to-peer software...it will save you a lot of headaches in the future.



FirewallRules: [TCP Query User{A5EC06F4-1F5A-4D17-B4CC-394971B1B60F}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{D325A4B5-F68D-4FE5-A291-E5978270D609}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe




- Why didn't my Malware or Virus software pick up on it?

Having an antivirus is a good first step to secure your computer, but unfortunately it's not enough.  The sad reality is that sometimes AVs do miss infections, therefore it is necessary to take other steps to prevent this type of situation from happening again.  Please take the time to familiarize yourself with the following topic: COMPUTER SECURITY - a short guide to staying safer online , which goes into depth on how to keep your computer secure.  I bookmarked it for easy reference and so should you.
 

- Since I have it, does that mean, with 100% certainty that someone is using it?

No, I can't say with a 100% certainty that your computer is being or has been "used" by someone else.  As the saying goes "Prevention is better than cure".  In the case of a Remote Access Infection, I sincerely believe this should apply.



- Does having my Remote Access services disabled have any effect on the infection?

Remote Access Infection are unpredictable.  As stated in the article COMPUTER SECURITY - a short guide to staying safer online :
 

It is impossible for us to know all the modifications that your attacker may have made to your computer whilst he had access to it, so although we can probably restore functionality to your machine, we can never give you an assurance that it is secure.



I hope I was able to answer all your questions.  If you have any more questions or would like me to elaborate on one of my answers, please feel free to ask :)  If you have no more questions, please let me know and I will close the thread.

mAL

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 07 January 2016 - 08:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users