Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection that locks up computer


  • This topic is locked This topic is locked
13 replies to this topic

#1 Kenickie

Kenickie

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 20 June 2016 - 04:40 PM

My laptop has an unknown infection that locks it up shortly after bootup has finished. After about 30 seconds the hard drive indicator light comes on permanently, and the laptop becomes extremely unresponsive. It takes 10-20 seconds to respond to mouse movement, and does not respond at all to mouse clicks or key presses. It appears to shut down Task Manager if it is open, and prevents AVG from downloading updated virus definitions.

 

The laptop can be successfully booted in Safe Mode, which is how I ran FRST. When booted in Safe Mode with networking, AVG did update its virus definitions and I could run the command line virus scan. This returned about 100 infections but didn't seem to clear them - when I ran it again I got a similar number. Malwarebytes is also prevented from running, automatically cancelling the scan after 1 second.

 

I've tried using System Restore to revert to the earliest restore point I have, but this hasn't helped.

 

Any help would be much appreciated!!

 

Edit:

I've now tried running the ESET online scanner in Safe Mode with networking. If I just run it without selecting "Download latest version of ESET" it runs through and reports the system clean (which I don't believe for a second). If I select the "Download latest version" option the application quits.

 

Thanks,

 

Andy

 

-------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01

Ran by Danny (administrator) on LAPTOP2 (20-06-2016 19:53:47)
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-07-02] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-15] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-14] (Lenovo)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2127704 2013-12-18] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-05-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\...\MountPoints2: {c12e76bd-2aae-11e2-98ca-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\...\MountPoints2: {d7b219e1-7c8b-11e2-8e16-806e6f6e6963} - E:\autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012-11-09]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8856E03B-1E7E-4655-84DB-AB3627D5CE30}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F36B9494-CB23-4DE0-902C-2760F957C477}: [NameServer] 152.71.2.3,152.71.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3786967400-2573056568-1124458252-1000 -> DefaultScope {09327C38-11FE-4EC8-B567-7049B01118A6} URL = 
SearchScopes: HKU\S-1-5-21-3786967400-2573056568-1124458252-1000 -> {09327C38-11FE-4EC8-B567-7049B01118A6} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-08-27] (Lenovo Group Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://ntuanywhere.ntu.ac.uk/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-05-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-05-04] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-05-04] (AVG Technologies CZ, s.r.o.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-24] (Lenovo.)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-02-11] (Lenovo Group Limited) [File not signed]
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-11-29] (Juniper Networks)
S4 jnprTdi_748_42127; C:\Windows\system32\Drivers\jnprTdi_748_42127.sys [108336 2013-12-18] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-11-29] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-11-29] (Juniper Networks, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-09] ()
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-30] ()
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-21 04:46 - 2016-06-21 04:46 - 00001732 _____ C:\tvtpktfilter.dat
2016-06-20 19:53 - 2016-06-20 19:54 - 00018031 _____ C:\Users\Danny\Desktop\FRST.txt
2016-06-20 19:53 - 2016-06-20 19:53 - 00000000 ____D C:\FRST
2016-06-20 19:53 - 2016-06-20 19:37 - 02387456 _____ (Farbar) C:\Users\Danny\Desktop\FRST64.exe
2016-06-19 21:50 - 2016-06-20 19:52 - 00607852 _____ C:\Windows\ntbtlog.txt
2016-06-19 17:28 - 2016-06-20 00:08 - 00008900 _____ C:\Users\Danny\Desktop\avgrep.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-21 04:46 - 2012-11-09 22:00 - 00000000 ____D C:\swshare
2016-06-20 19:48 - 2013-08-06 11:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-20 19:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-19 21:58 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-19 21:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-06-19 21:52 - 2014-04-17 22:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-19 21:31 - 2015-07-24 16:47 - 00000000 ____D C:\ProgramData\MFAData
2016-06-19 21:30 - 2012-11-09 22:46 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-06-19 21:29 - 2014-08-19 12:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-19 21:27 - 2013-08-06 11:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-19 21:27 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-19 21:27 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-19 21:26 - 2013-08-06 11:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-19 21:26 - 2013-08-06 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-19 21:24 - 2012-11-09 22:46 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-06-19 21:16 - 2013-07-06 18:31 - 00000000 ____D C:\Users\Danny
2016-06-19 21:14 - 2016-05-14 22:18 - 00000000 ____D C:\Users\Danny\AppData\Roaming\IrfanView
2016-06-19 21:14 - 2015-07-24 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-19 21:14 - 2015-04-08 22:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-19 21:14 - 2015-04-08 22:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-19 21:14 - 2014-12-13 19:48 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-19 21:14 - 2012-11-09 22:10 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-06-19 21:14 - 2012-11-09 21:29 - 00000000 ____D C:\ProgramData\Lenovo
2016-06-19 21:14 - 2010-11-21 08:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-19 21:14 - 2010-11-21 08:16 - 00000000 ____D C:\Windows\ShellNew
2016-06-19 21:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-06-19 21:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-06-19 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-06-19 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-19 21:08 - 2016-05-14 22:18 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-05-21 21:52 - 2014-03-23 12:53 - 00000000 ___RD C:\Stuff
 
==================== Files in the root of some directories =======
 
2014-01-04 22:53 - 2014-01-04 22:53 - 0007625 _____ () C:\Users\Danny\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Danny\AppData\Local\Temp\avg-ef92c374-0a0b-4c42-96e6-1d447d08f033.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08114140897.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08117197958.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081220949289.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08140235172.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081654185615.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081781328155.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081892853669.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08272906042.exe
C:\Users\Danny\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Danny\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Danny\AppData\Local\Temp\SIntf16.dll
C:\Users\Danny\AppData\Local\Temp\SIntf32.dll
C:\Users\Danny\AppData\Local\Temp\SIntfNT.dll
C:\Users\Danny\AppData\Local\Temp\SRLDetectionLibrary5330084333708152100.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-09 21:47
 
==================== End of FRST.txt ============================

Attached Files


Edited by Kenickie, 21 June 2016 - 06:57 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:32 AM

Posted 24 June 2016 - 06:36 AM

Kenickie:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall. I would like to address you by your first name, if that is alright with you since we will be working together.

I will be assisting you with your computer issues. All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:32 AM

Posted 25 June 2016 - 10:30 AM

Kenickie:

Thank you for your patience while I analyzed your FRST logs and consulted with the Malware Response Instructor assigned to supervise me while I deal with your issues.

Unfortunately, since your computer could not run the FRST scans in "Normal Mode", malware could be hiding that I can't detect from the "Safe Mode" FRST scan logs. We need to try to get your computer booting normally, as our first step. It could take some time for us to resolve all of your computer issues. It is not wise to try to do too much at one time as malware removal is unpredictable, so please only do as much as I ask, and no more. We will have to take a step-by-step approach to fixing your computer.

Before we proceed further, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please boot your computer into "Safe Mode With Networking". Then, please download RKill by Grinler and save it to your desktop.

Please then boot your computer normally and then launch RKill immediately when your desktop appears so that perhaps it can execute prior to any possible malware. That would be the best possible outcome.

If you can't launch RKill from a normal boot, then boot into "Safe Mode With Networking" and try running RKill.

Please download Rkill by Grinler from one of the 3 links below (if one of them does not work, try another...) and save it to your desktop:

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista or above, please right-click on it and select Run As Administrator.)
  • Note: You may have to run Rkill a few times before it is successful. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (the file is also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

If RKill did run successfully from a normal boot and reported bad processes, files, etc. that it terminated, please skip step :step2: and proceed to step :step3:

.

:step2: Let's see if a startup program might be interfering with your computer booting normally. Please go to this link and follow the instructions on how to do a "Clean Boot" of Windows 7 (scroll down to the Windows 7 section). If the computer does not boot normally, please report back to me any errors or symptoms that you observe - do not proceed any further with these instructions, but please let me know if you have a Windows 7 Startup Repair Disk?

If the computer does boot normally, I want you to proceed to the next step.

.

:step3: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: Check the Task Manager to ensure that AVG is not running. If so instructions to disable it can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK
  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply

Don't forget to re-enable your antivirus when finished!

.

Good luck with RKill! Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 Kenickie

Kenickie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 26 June 2016 - 12:43 PM

Hi Phil,

 

Thanks for getting back to me. The contents of the Rkill log are pasted at the bottom of this post.

 

The clean boot seemed to work and started the laptop up in a usable condition. I therefore ran ESET, which reported no infections. Interestingly, the laptop now *appears* to be functioning nearly normally. I've got it on normal boot now and the only unusual behaviour is that the automatic update of AVG virus definitions fails: I have to go into the AVG interface and update them manually, and this works OK.

 

Malwarebytes updates and appears to scan OK - I started a scan to see if anything shut it down but it seemed fine, so I then stopped it manually because you said not to run any scans.

 

The constant running of the disk and the total unresponsiveness of the laptop has stopped.

 

Rkill log below.

 

Thanks,

 

Andy

 

--------------------------------------------------

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/25/2016 05:50:57 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/25/2016 05:58:07 PM
Execution time: 0 hours(s), 7 minute(s), and 10 seconds(s)


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:32 AM

Posted 27 June 2016 - 11:34 AM

Andy:
 
That is great news that you got a good clean, negative, ESET scan run.    :thumbup2:
 
It is possible that your AVG installation is corrupted, because you did say it reported finding over 100 threats.  There are better anti-virus products available than AVG, but I leave that to your consideration.  At a minimum, further along, if you are going to keep AVG, we should try and repair or reinstall it, but I really do recommend removing AVG and obtaining a better AV product.  I would recommend that you read this post about AVG by Quietman7, one of Bleeping Computer's foremost experts.

 

I commend you for aborting the MBAM scan, but given what you have reported, I think that now we should try an MBAM scan and see what, if anything, it detects.

 
 
:step1: Malwarebytes Anti-Malware Free and Malwarebytes Chameleon Including External Drive

----------

  • Download Malwarebytes Anti-Malware Free and save it to your Desktop.
  • Double click the desktop icon, click Run, then Yes.
  • Click OK for English, then click Next.
  • Select I accept the agreement, then continue to click Next, then finally click Install.
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium, if you do not want the free trial of the paid version, then click Finish.
  • On the Dashboard, select Settings.
  • Click on Detection and Protection.
  • Ensure that Scan for rootkits is checked. If not, check it.
  • If you are notified the Database is out of date, click Update Now.
  • Attach any external drives you want to scan, if not already attached.
  • Click the Scan button near the top.
  • Select Custom Scan, then click Configure Scan.
  • Place a check mark in any additonal drives you would like to scan.
  • Click Scan now.

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP), then type mbam.
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan.

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed, click the down arrow on Export Log and select Text file (*.txt).
  • Save the file to your desktop as MBAM.txt.
  • Click Apply Actions, then restart your computer, if requested.
  • Please copy and paste the contents of MBAM.txt into your next reply.

.

:step2: Please reboot your computer and re-run a FRST scan in Normal Boot mode. Please ensure that "Addition.txt" is checked as well. It is only checked the first time FRST is run, by default.

Please copy and paste the FRST.txt and the Addition.txt file contents into your next reply. I want to thoroughly analyze the new logs to ensure that there is no malware lurking on your computer.

If FRST won't run from Normal Boot mode, try rebooting normally and running RKill again, and then try running a FRST scan again, with "Addition.txt" checked.

Let me know how it goes.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 Kenickie

Kenickie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 28 June 2016 - 03:21 PM

I'll look into the AVG issue once I'm confirmed clean. :)

 

MBAM ran fine and returned a clean result. The FRST log and addition file contents follow.

 

Thanks,

 

Andy

 

----------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016
Ran by Danny (administrator) on LAPTOP2 (28-06-2016 18:01:42)
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-07-02] (Lenovo.)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-15] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-14] (Lenovo)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-05-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2127704 2013-12-18] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\...\MountPoints2: {c12e76bd-2aae-11e2-98ca-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\...\MountPoints2: {d7b219e1-7c8b-11e2-8e16-806e6f6e6963} - E:\autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012-11-09]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8856E03B-1E7E-4655-84DB-AB3627D5CE30}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F36B9494-CB23-4DE0-902C-2760F957C477}: [NameServer] 152.71.2.3,152.71.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {09327C38-11FE-4EC8-B567-7049B01118A6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3786967400-2573056568-1124458252-1000 -> DefaultScope {09327C38-11FE-4EC8-B567-7049B01118A6} URL = 
SearchScopes: HKU\S-1-5-21-3786967400-2573056568-1124458252-1000 -> {09327C38-11FE-4EC8-B567-7049B01118A6} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-08-27] (Lenovo Group Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://ntuanywhere.ntu.ac.uk/dana-cached/sc/JuniperSetupClient.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-05-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-05-04] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-05-04] (AVG Technologies CZ, s.r.o.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-24] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-02-11] (Lenovo Group Limited) [File not signed]
U2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-11-29] (Juniper Networks)
S4 jnprTdi_748_42127; C:\Windows\system32\Drivers\jnprTdi_748_42127.sys [108336 2013-12-18] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-11-29] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-11-29] (Juniper Networks, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-09] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-30] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-28 18:01 - 2016-06-28 18:02 - 00022894 _____ C:\Users\Danny\Desktop\FRST.txt
2016-06-28 18:01 - 2016-06-28 18:01 - 00000000 ____D C:\Users\Danny\Desktop\FRST-OlderVersion
2016-06-25 20:21 - 2016-05-24 00:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-25 20:21 - 2016-05-23 23:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-25 20:21 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-25 20:21 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-25 20:21 - 2016-05-20 23:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-25 20:21 - 2016-05-20 23:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-25 20:21 - 2016-05-20 23:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-25 20:21 - 2016-05-20 23:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-25 20:21 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-25 20:21 - 2016-05-20 23:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-25 20:21 - 2016-05-20 23:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-25 20:21 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-25 20:21 - 2016-05-20 23:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-25 20:21 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-25 20:21 - 2016-05-20 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-25 20:21 - 2016-05-20 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-25 20:21 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-25 20:21 - 2016-05-20 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-25 20:21 - 2016-05-20 22:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-25 20:21 - 2016-05-20 22:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-25 20:21 - 2016-05-20 22:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-25 20:21 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-25 20:21 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-25 20:21 - 2016-05-20 22:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-25 20:21 - 2016-05-20 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-25 20:21 - 2016-05-20 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-25 20:21 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-25 20:21 - 2016-05-20 22:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-25 20:21 - 2016-05-20 22:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-25 20:21 - 2016-05-20 22:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-25 20:21 - 2016-05-20 22:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-25 20:21 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-25 20:21 - 2016-05-20 22:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-25 20:21 - 2016-05-20 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-25 20:21 - 2016-05-20 22:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-25 20:21 - 2016-05-20 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-25 20:21 - 2016-05-20 22:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-25 20:21 - 2016-05-20 22:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-25 20:21 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-25 20:21 - 2016-05-20 22:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-25 20:21 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-25 20:21 - 2016-05-20 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-25 20:21 - 2016-05-20 22:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-25 20:21 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-25 20:21 - 2016-05-20 22:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-25 20:21 - 2016-05-20 22:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-25 20:21 - 2016-05-20 22:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-25 20:21 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-25 20:21 - 2016-05-20 22:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-25 20:21 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-25 20:21 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-25 20:21 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-25 20:21 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-25 20:21 - 2016-05-20 22:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-25 20:21 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-25 20:21 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-25 20:21 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-25 20:21 - 2016-05-20 22:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-25 20:21 - 2016-05-20 22:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-25 20:21 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-25 20:21 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-25 20:21 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-25 20:21 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-25 20:21 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-25 20:21 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-25 20:21 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-25 17:59 - 2016-06-25 17:59 - 02870984 _____ (ESET) C:\Users\Danny\Desktop\esetsmartinstaller_enu.exe
2016-06-25 17:39 - 2016-06-25 21:14 - 00000000 ____D C:\Windows\pss
2016-06-25 17:36 - 2016-05-12 18:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-25 17:36 - 2016-05-12 16:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-25 17:34 - 2016-05-12 18:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-25 17:34 - 2016-05-12 18:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-25 17:34 - 2016-05-12 18:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-25 17:34 - 2016-05-12 18:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-25 17:34 - 2016-05-12 18:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-25 17:34 - 2016-05-12 18:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-25 17:34 - 2016-05-12 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-25 17:34 - 2016-05-12 16:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-25 17:34 - 2016-05-12 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-25 17:34 - 2016-05-12 15:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-25 17:34 - 2016-05-12 15:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-25 17:34 - 2016-05-12 15:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-25 17:34 - 2016-05-12 15:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-25 17:34 - 2016-05-12 15:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-25 17:34 - 2016-05-12 15:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-25 17:34 - 2016-05-12 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-25 17:34 - 2016-05-12 15:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-25 17:34 - 2016-05-12 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-25 17:34 - 2016-05-12 14:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-25 17:34 - 2016-05-12 14:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-25 17:34 - 2016-05-12 14:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-25 17:31 - 2016-04-14 17:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-25 17:31 - 2016-04-14 17:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-25 17:30 - 2016-04-14 16:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-25 17:30 - 2016-04-14 16:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-25 17:30 - 2016-04-14 16:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-25 17:30 - 2016-04-14 16:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-25 17:30 - 2016-04-14 16:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-25 17:29 - 2016-04-14 17:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-25 17:29 - 2016-04-14 17:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-25 17:29 - 2016-04-14 17:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-25 17:29 - 2016-04-14 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-25 17:29 - 2016-04-14 16:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-25 17:26 - 2016-05-11 18:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-25 17:26 - 2016-05-11 18:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-25 17:26 - 2016-05-11 18:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-25 17:26 - 2016-05-11 16:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-25 17:26 - 2016-05-11 16:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-25 17:26 - 2016-05-11 16:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-25 17:26 - 2016-05-11 16:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-25 17:26 - 2016-05-11 16:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-25 17:26 - 2016-05-11 15:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-25 17:25 - 2016-05-11 18:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-25 17:25 - 2016-05-11 16:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-25 17:24 - 2016-06-06 17:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-25 17:24 - 2016-06-06 17:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-25 17:24 - 2016-06-03 14:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-25 17:24 - 2016-05-27 14:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-25 17:24 - 2016-05-27 14:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-25 17:24 - 2016-05-27 14:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-25 17:24 - 2016-05-27 14:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-25 17:24 - 2016-05-22 14:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-25 17:24 - 2016-05-13 23:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-25 17:24 - 2016-05-13 23:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-25 17:24 - 2016-05-13 23:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-25 17:24 - 2016-05-13 23:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-25 17:24 - 2016-05-13 23:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-25 17:24 - 2016-05-13 22:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-25 17:24 - 2016-05-13 22:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-25 17:24 - 2016-05-13 22:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-25 17:24 - 2016-05-13 22:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-25 17:24 - 2016-05-13 22:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-25 17:24 - 2016-05-12 18:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-25 17:24 - 2016-05-12 18:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-25 17:24 - 2016-05-12 18:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-25 17:24 - 2016-05-12 18:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-25 17:24 - 2016-05-12 18:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-25 17:24 - 2016-05-12 18:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-25 17:24 - 2016-05-12 18:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-25 17:24 - 2016-05-12 18:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-25 17:24 - 2016-05-12 16:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-25 17:24 - 2016-05-12 16:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-25 17:24 - 2016-05-12 16:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-25 17:24 - 2016-05-12 16:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-25 17:24 - 2016-05-12 16:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-25 17:24 - 2016-05-12 16:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-25 17:24 - 2016-05-12 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-25 17:24 - 2016-05-12 15:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-25 17:24 - 2016-03-09 20:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-25 17:24 - 2016-03-09 19:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-25 17:23 - 2016-05-18 17:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-25 17:23 - 2016-05-18 17:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-25 17:23 - 2016-05-12 16:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-25 17:20 - 2016-04-09 07:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-25 17:20 - 2016-04-09 07:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-25 17:20 - 2016-04-09 07:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-25 17:20 - 2016-04-09 07:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-25 17:20 - 2016-04-09 06:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-25 17:20 - 2016-04-09 06:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-25 17:16 - 2016-06-25 17:58 - 00002416 _____ C:\Users\Danny\Desktop\Rkill.txt
2016-06-25 17:14 - 2016-06-25 17:05 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Danny\Desktop\rkill.exe
2016-06-21 07:46 - 2016-06-21 07:46 - 00001218 _____ C:\Users\Danny\Desktop\esetonlinescanner_enu - Shortcut.lnk
2016-06-21 04:46 - 2016-06-21 04:46 - 00001732 _____ C:\tvtpktfilter.dat
2016-06-20 22:19 - 2016-06-20 22:19 - 00000000 ____D C:\Users\Danny\AppData\Local\ESET
2016-06-20 22:18 - 2016-06-20 22:18 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Danny\Downloads\esetonlinescanner_enu.exe
2016-06-20 19:53 - 2016-06-28 18:01 - 02389504 _____ (Farbar) C:\Users\Danny\Desktop\FRST64.exe
2016-06-20 19:53 - 2016-06-28 18:01 - 00000000 ____D C:\FRST
2016-06-19 21:50 - 2016-06-22 09:02 - 01117122 _____ C:\Windows\ntbtlog.txt
2016-06-19 17:28 - 2016-06-21 10:00 - 00007529 _____ C:\Users\Danny\Desktop\avgrep.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-28 18:03 - 2015-07-24 16:47 - 00000000 ____D C:\ProgramData\MFAData
2016-06-28 18:02 - 2012-11-09 22:46 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-06-28 18:01 - 2012-11-09 22:46 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-06-28 17:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-27 22:58 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-27 22:58 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-27 22:29 - 2014-08-19 12:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-27 22:26 - 2013-08-06 11:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-27 20:26 - 2014-04-17 22:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 18:48 - 2014-01-04 22:53 - 00007655 _____ C:\Users\Danny\AppData\Local\Resmon.ResmonCfg
2016-06-26 11:30 - 2014-08-19 12:29 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-26 11:30 - 2014-08-19 12:29 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-25 21:23 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 21:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-06-25 20:58 - 2009-07-14 05:45 - 00312968 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-25 20:55 - 2015-04-08 22:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-25 20:55 - 2015-04-08 22:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-25 20:55 - 2014-12-13 19:48 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-25 20:24 - 2013-07-06 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-25 20:23 - 2013-07-06 18:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 20:23 - 2013-07-06 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-25 17:47 - 2013-08-07 18:35 - 00000000 ____D C:\Windows\system32\MRT
2016-06-25 17:23 - 2013-08-06 21:23 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-21 07:11 - 2012-11-09 22:00 - 00000000 ____D C:\swshare
2016-06-19 21:27 - 2013-08-06 11:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-19 21:26 - 2013-08-06 11:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-19 21:26 - 2013-08-06 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-19 21:16 - 2013-07-06 18:31 - 00000000 ____D C:\Users\Danny
2016-06-19 21:14 - 2016-05-14 22:18 - 00000000 ____D C:\Users\Danny\AppData\Roaming\IrfanView
2016-06-19 21:14 - 2015-07-24 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-19 21:14 - 2012-11-09 22:10 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2016-06-19 21:14 - 2012-11-09 21:29 - 00000000 ____D C:\ProgramData\Lenovo
2016-06-19 21:14 - 2010-11-21 08:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-19 21:14 - 2010-11-21 08:16 - 00000000 ____D C:\Windows\ShellNew
2016-06-19 21:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-06-19 21:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-06-19 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-06-19 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-19 21:08 - 2016-05-14 22:18 - 00000000 ____D C:\Program Files (x86)\IrfanView
 
==================== Files in the root of some directories =======
 
2014-01-04 22:53 - 2016-06-26 18:48 - 0007655 _____ () C:\Users\Danny\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Danny\AppData\Local\Temp\avg-ef92c374-0a0b-4c42-96e6-1d447d08f033.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08114140897.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08117197958.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081220949289.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08140235172.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081654185615.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081781328155.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_081892853669.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08272906042.exe
C:\Users\Danny\AppData\Local\Temp\avguirn_08473111142.exe
C:\Users\Danny\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Danny\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Danny\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Danny\AppData\Local\Temp\SIntf16.dll
C:\Users\Danny\AppData\Local\Temp\SIntf32.dll
C:\Users\Danny\AppData\Local\Temp\SIntfNT.dll
C:\Users\Danny\AppData\Local\Temp\SRLDetectionLibrary5330084333708152100.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-09 21:47
 
==================== End of FRST.txt ============================
 
-------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by Danny (2016-06-28 18:03:57)
Running from C:\Users\Danny\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-07-06 17:31:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3786967400-2573056568-1124458252-500 - Administrator - Disabled)
Danny (S-1-5-21-3786967400-2573056568-1124458252-1000 - Administrator - Enabled) => C:\Users\Danny
Guest (S-1-5-21-3786967400-2573056568-1124458252-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
AVG (Version: 16.71.7597 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7597 - AVG Technologies)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Football Manager 2010 (HKLM-x32\...\Football Manager 2010) (Version: 10.0.0.0 - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2154 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\...\Neoteris_Host_Checker) (Version: 7.4.0.28485 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\...\Juniper_Setup_Client) (Version: 7.4.8.42127 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Junos Pulse 4.0 (HKLM-x32\...\Junos Pulse 4.0) (Version: 4.0.42127 - Juniper Networks, Inc.)
Junos Pulse Core Components (x32 Version: 4.0.42127 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (Version: 4.0.42127 - Juniper Networks) Hidden
Junos Pulse Host Checker Plugin Add-On (x32 Version: 4.0.42127 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (x32 Version: 4.0.42127 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (x32 Version: 4.0.42127 - Juniper Networks) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.10.01 - )
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Robot Wars Extreme Destruction (HKLM-x32\...\{5C13AD07-5129-11D5-96DB-AE99AF79C743}) (Version: 1.0.0 - )
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0030 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.83 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.72 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}) (Version: 5.9.3.6264 - UPEK Inc.)
VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net  (06/22/2010 11.5.10.1012) (HKLM\...\3C4C8BB88656F616D170176E1905526541B60FDF) (Version: 06/22/2010 11.5.10.1012 - Intel)
Windows Driver Package - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Driver Package - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E6E6D2E-0913-4ECB-B46B-4DA122940C97} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {1DA4C2E7-E81C-40E6-9F75-647424DE93CB} - System32\Tasks\TVT\UpdateRnR => C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsetsched.exe [2009-08-28] ()
Task: {2D5CFAB4-48AC-4D1D-A53E-BE5534BF7932} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {2D7E0D29-1C2E-4494-93A2-04CBFBB55E2B} - System32\Tasks\TVT\ChangePWD => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {58CF0D5B-C0F2-436C-BD9B-27B14FA9A925} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {78FF9B06-E39D-42AE-8662-F9398A7EA649} - System32\Tasks\{6E8EB469-7B45-4328-B713-1DD2E47964D1} => E:\setup.exe [2008-11-27] (Sports Interactive)
Task: {815C984E-9A0A-4593-8B26-55C2317ECC75} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {8978D29C-D1BF-4169-AFE4-5B180B6D1502} - System32\Tasks\LaunchCSS => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-27] (Lenovo Group Limited)
Task: {AEF33AFE-1B07-48A8-B0E5-F2C211BE0C48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B8E3DA6E-1C56-4371-9985-E615DA06E849} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-19] (Adobe Systems Incorporated)
Task: {C089F9A1-7AC9-46F7-9B8B-4EE8C1877E62} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {C19363CF-C49E-40F5-807F-35994F9D8212} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {D50B25CA-3E0E-40BD-A1AD-F6CB71FEAC7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DA751E96-E1E8-4E96-8DE2-3AC2BFD96B9D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {F4B574F7-8D6C-42F9-A961-F867AA103956} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-07-20 01:48 - 2010-07-20 01:48 - 01501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-09 21:57 - 2010-08-24 19:30 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2009-08-12 01:59 - 2009-08-12 01:59 - 00173344 ____N () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 ____N () C:\Windows\System32\IccLibDll_x64.dll
2011-04-14 21:15 - 2011-04-14 21:15 - 00086016 ____N () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-10-24 14:23 - 2016-04-07 22:00 - 40500224 ____N () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-03-26 15:10 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3786967400-2573056568-1124458252-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{112E254A-28D8-4365-B4B0-AE61944E634C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0FC64D37-769D-4E21-808B-8279FFBF9ECD}] => (Allow) LPort=2869
FirewallRules: [{310F87EC-2E60-4A99-9902-9B83CEB0DAE0}] => (Allow) LPort=1900
FirewallRules: [{B6B7DBE4-3BFC-4F88-918E-D7B9A72CE131}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7D2340B8-5CAB-4392-95F8-70837AAA3929}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8953E383-D1D8-4E53-BF08-8859729BDE69}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2010\fm.exe
FirewallRules: [{F469A3AF-1E0A-4CEA-985B-80746E035AF9}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2010\fm.exe
FirewallRules: [{C258FBF6-98DF-41FE-B013-AC17C883D258}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C915544C-A3C6-4845-BDD7-B12F32D17A39}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0F5CAC0F-F991-4EAD-B4A7-A20D03ACB06D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{715BF380-64C9-445D-A1E5-8D5460E6ADAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9EAA682D-0C79-449B-879B-605617415CC3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{46858757-E6E0-41A1-B01E-7CABAB102228}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{732E9645-4B89-4567-B556-C9089F4200CC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{E3583682-0063-4A7B-A551-E41236B0489A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D4DFB8B2-2C84-4AA8-81BF-1CC71957C242}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{3EB3F1BA-7872-4BE5-94B5-7BFA6DB51901}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{57F194A4-86CD-4E4A-8DAA-D663E5EE9A67}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CD22AA8D-8896-426C-8084-E503B7A4B3AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{6D8DDB6A-AC73-4213-95C1-FCF018078B90}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{4E895897-02F7-4C76-8EAF-0087059E270D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CB75625A-7842-4A75-994D-56C2E905E427}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-06-2016 20:19:06 Windows Update
25-06-2016 21:31:06 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2016 06:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2016 08:15:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2016 05:55:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2016 11:05:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2016 09:16:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2016 08:59:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2016 06:01:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (06/25/2016 06:01:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (06/25/2016 06:01:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (06/25/2016 05:59:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (06/28/2016 06:01:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (06/28/2016 06:00:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/27/2016 08:15:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/26/2016 05:56:39 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/26/2016 05:56:39 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/26/2016 05:56:39 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/26/2016 05:56:39 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/26/2016 05:56:39 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/26/2016 05:56:39 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
Error: (06/26/2016 05:56:39 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 3891.67 MB
Available physical RAM: 1838.52 MB
Total Virtual: 7781.53 MB
Available Virtual: 5636.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:271.52 GB) (Free:182.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FM2010) (CDROM) (Total:2.3 GB) (Free:0 GB) UDF
Drive q: (Lenovo_Recovery) (Fixed) (Total:25.39 GB) (Free:17.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 3506A6EE)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=271.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:32 AM

Posted 30 June 2016 - 08:29 AM

Andy:

Thank you for the fresh set of FRST logs. The good news is that I am not seeing any active malware on your computer!  :thumbup2:

There are some issues that we should deal with, including removing your AVG and installing a more robust anti-virus application, but we can leave that to a bit later, if you so wish. If it was my computer, I would be doing that right away to ensure that the computer has maximum anti-virus protection.

.

:step1: Your version of Adobe Reader is out of dateOlder versions have vulnerabilities that malicious sites can use to exploit and infect your system. You are running Adobe Reader 9.2; the current version is Adobe Reader DC.

Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered.
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.

    If you are unsure of how to use Add or Remove Programs, the please see this tutorial: How To Remove An Installed Program From Your Computer

  • Then from your desktop double-click on Adobe Reader to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

.

:step2: Important Note: Your version of Java is out of date. You are running Java Version 8 Update 31. The current Java package is Version 8 Update 92.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
You also might want to consider uninstalling it altogether, unless you need it, as it is a security vulnerability. Personally I uninstalled Java from both of my computers about a year ago and I have never missed it.

Please follow these steps to update Java and remove any existing older versions, if you decide that you want to keep Java:

  • Click here to evaluate your current version of Java.
  • Click Free Java Download.
  • Click the Agree and Start Free Download.
  • Save the Java installer file to your desktop.
  • Double click the icon then click Run.
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next.
  • You should be notified "You have successfully installed Java"

If Java notifies you older versions of the program need to be removed, allow the program to complete the removal process.
Reboot your computer once all Java components are removed.

.

:step3: I am seeing CD-ROM controller errors in the System Errors portion of your Addition.txt file. Is your CD-ROM running properly? This might be indicative of a hardware failure.

.

Please post back to let me know how you made out. Then, if all went well, then next we will check out your Windows system file integrity as I am seeing some component errors as well, but let's not try to do too much at once.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 Kenickie

Kenickie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 01 July 2016 - 03:01 PM

Thanks for the latest instructions. Unfortunately it's going to take me a few days to get these things done, because things aren't going well at home - one of my friends died yesterday - so this isn't currently my top priority.

 

Please don't close this thread though - I'll do everything as soon as I can and report back when it's done.

 

Thanks,

 

Andy



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:32 AM

Posted 02 July 2016 - 12:15 PM

Andy:

 

Thank you for your post.  Please accept my sincere condolences, and that of the Malware Response Instructor who is supervising me, on the passing of your friend.

 

I will notify the Instructor.  We will be waiting here for you for you when you are ready to return.  There is ABSOLUTELY no rush.  Take the time you need to grieve and to be with family and friends at such a time.

 

If you are going to be away longer than two weeks, then please just post a brief note here and let me know, so that we know that you will be coming back to this topic.

 

Take care.  Once again, I express my sympathies to you.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 Kenickie

Kenickie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 06 July 2016 - 07:41 AM

Hi Phil,

 

Thank you for the understanding and sympathy. I have now been able to carry out your instructions and results are as follows:

 

1. Acrobat reader has successfully updated.

 

2. Java has successfully updated. It is something of a concern that it got this out of date, because I am always careful to update Java straight away whenever I get a notification. In this case I got no notifications and presumably this is linked to whatever was wrong with my laptop.

 

3. The CD-ROM runs properly most of the time, but not all. Occasionally it won't wake up and I have to eject it and close it again to make it work.

 

I've become increasingly disillusioned with AVG recently as it has started to generate endless notifications trying to lure me into buying the full version, which are clearly designed to make the "No Thanks" option as hard as possible to find/click. Therefore I'd gladly be rid of it - what do you recommend instead?

 

Thanks,

 

Andy



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:32 AM

Posted 06 July 2016 - 04:23 PM

Andy:
 
Thank you for your response.  I hope that you are doing OK after what has happened.  I really hadn't expected a response from you so soon, but everyone deals with grieving in a different way.  There is no "right way."
 
I am glad that your updates went well.  Java is a strange "animal".  Java does not always notify you, nor did it always notify me when I had it installed in my computers, that there were updates.  Not being notified of Java updates is NOT indicative of malware activity.  I can't see any reason to conclude that malware was/is responsible for you not being notified of a Java update, because I cannot detect any active malware on your computer, based on your FRST logs.
 
Some folks around here recommend Secunia Personal Inspector to keep programs updated.  I used it for awhile to keep my programs updated, but, being freeware, it was/is also prone to its own issues, so I finally discarded it.  I make it a point, before commencing my weekly Friday system images, to individually check all of my software apps for updates.  As I indicated to you, unless you are visiting websites or using programs that require Java, I would ditch it.  It is a significant security vulnerability.
 
The Event Logs do show that your CD-ROM drive has a controller error from time to time, and that is usually indicative of impending, or actual, hardware failure.  You could check your computer manufacturer's website to see if there is an updated CD-ROM driver, just in case an outdated driver is incompatible with your updated OS (Windows 7 SP1 x64) and that is what is causing the sporadic controller errors.  Not unheard of.  Again, not malware.
 

I've become increasingly disillusioned with AVG recently as it has started to generate endless notifications trying to lure me into buying the full version, which are clearly designed to make the "No Thanks" option as hard as possible to find/click. Therefore I'd gladly be rid of it - what do you recommend instead?

 
There are many here, including me and Quietman7, one of our foremost Bleeping Computer experts, who no longer recommend AVG. Quietman7 has posted here on the subject of AVG.
 
If you are looking for a free product, I would recommend Bitdefender Free.  Personally, I pay for my protection (Bitdefender Total Security + Malwarebytes Anti-Malware Premium, + Malwarebytes Anti-Exploit Premium).  It is what is known as layered security, but the most important component is the interface between the chair and the keyboard!  :)  No combination of protection software can protect anyone 100 percent, and the biggest security weakness is people.
 
All of that said, security software is a very personal decision.  You should find what meets your expectations, your computer's horsepower, and is a package that you are comfortable using.  Quietman7 has written an excellent article, here, on selecting security software.
 
Bleeping Computer, and other reputable sites, do not recommend one specific set of packages because user needs are individual.  Were I to ditch Bitdefender, which has suffered in the past from less than stellar customer support (it is improving in recent months), I would seriously look at the Emsisoft package, and I was seriously considering doing just that before things started turning around at Bitdefender, in terms of customer support.  The fact that I still had over two years to go on my 3-computer Bitdefender subscription made me reluctant to jump ship, despite the poor support, because I am familiar with the product and its detection rates are top-notch.
 
So really Andy, it is your decision.  It is your computer.  I would definitely agree that you should replace AVG and I would encourage you to do so.  The issue is that there are few free, effective, products out there.  In your case, you would be better off, if you are not a fan of Bitdefender Free, to go with Windows Defender, which is free and delivers its updates via Windows Update.  Make sure you set your Windows Updates to "Automatic."  The Windows 7 version of Windows Defender is a credible free security suite.
 
Personally, although I am anal-retentive about making weekly system images, I would rather not have to recover from a catastrophic infection.  I would rather prevent it, so I am more than happy to pay for real-time protection.  In the scheme of things, it is a small price.  You will recognize, that as a malware removal student, I have been witness to so many, losing so much, to ransomware, trojans, spyware, and other assorted malware.  I think it is better to prevent than to recover ... and so many folks who come here for assistance have no backups whatsoever.
 
If there are any other issues that you would like me to address, I would be happy to do so.  There is no active malware on your computer, as of the time your last FRST logs were run.  That is the GOOD news!  :thumbup2:
 
Have a great day.
 
Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#12 Kenickie

Kenickie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 09 July 2016 - 10:01 AM

Thanks very much for all the help and advice - I'll start looking into alternative virus software straight away. I haven't got a problem with paying for it, it's just that there never seemed to be a good reason to do so before. They're hardly prohibitively expensive though so I'll join the paid ranks rather than using something substandard.

 

No more issues - everything seems to be working fine now.

 

Thanks,

 

Andy



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:32 AM

Posted 10 July 2016 - 04:31 AM

Andy:

 

That is great news that all is well with your computer now.  :thumbsup:

 

It has been my pleasure, on behalf of Bleeping Computer, to assist you with your computer issues.  I would also like to acknowledge the guidance that was provided to me by the Malware Response Instructor who volunteered his time and expertise to supervise my handling of your topic.

 

I will ask a Moderator to close this topic, since your issues have been resolved.

 

Stay safe out there in cyberspace.  It can be a dangerous place!

 

Have a great weekend.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 AM

Posted 10 July 2016 - 09:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users