Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus analysis and removal. Random virus pop-ups and internet connectivity issue


  • This topic is locked This topic is locked
7 replies to this topic

#1 thrasherpearl

thrasherpearl

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 01 August 2016 - 10:19 AM

Hello Bleepingcomputer! I am a long time user of PCHelpForum that has been reffered to this forum as a better alternative and I decided to check it out. There is definitely something funky going on with my computer, as I recieve virus infection pop ups occasionally, my computer will randomly say it has encountered an issue and needs to restart, and has had internet connectivity issues. I used to frequently use HijackThis! logs as a means of analysis, but it seems that this FRST application has taken over that niche. Please let me know what additional information you may need for your analysis. If there are any unneccessary files or programs installed that may be an issue as well, please let me know, as I am trying to do as much of a deep clean as possible. Thank you in advance for taking time to check out these problems.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Stellakinetic (administrator) on BLUEBALLOON (01-08-2016 10:32:31)
Running from C:\Users\Christian\Documents\AntiVirus
Loaded Profiles: Stellakinetic &  (Available Profiles: Stellakinetic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
( ) C:\Windows\System32\lxebcoms.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-04-10] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-04-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2015-04-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [S6000Mnt] => C:\windows\WebCam\S6000\S6000Mnt.exe [516608 2015-05-21] (Alcor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2856616 2014-12-22] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-25] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1010144 2016-05-31] (DivX, LLC)
HKU\S-1-5-21-2326167134-1873879114-1292005468-1002\...\Run: [AmoltoRecorder] => C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe [12516000 2015-11-27] (Amolto)
HKU\S-1-5-21-2326167134-1873879114-1292005468-1002\...\MountPoints2: {0292ef07-e398-11e4-8256-806e6f6e6963} - "E:\SETUP.EXE" 
HKU\S-1-5-21-2326167134-1873879114-1292005468-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AmoltoRecorder] => C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe [12516000 2015-11-27] (Amolto)
HKU\S-1-5-21-2326167134-1873879114-1292005468-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0292ef07-e398-11e4-8256-806e6f6e6963} - "E:\SETUP.EXE" 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DCCA545B-7E5A-43D4-8DB3-A267EED1D77B}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F9AB6E20-4633-4EA9-89A4-E775AF55B32A}: [DhcpNameServer] 10.10.10.2 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {9AEFF7E4-F075-4096-BEEC-C72716906492} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9AEFF7E4-F075-4096-BEEC-C72716906492} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2326167134-1873879114-1292005468-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2326167134-1873879114-1292005468-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2326167134-1873879114-1292005468-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2326167134-1873879114-1292005468-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-01] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-01] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Amolto Call Recorder for Skype\Skype4COM.dll [2015-11-27] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\oddlnhd5.default
FF Homepage: hxxps://us.yahoo.com/?fr=fp-comodo&type=33090001004_hp_sp
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2326167134-1873879114-1292005468-1002: SkypePlugin -> C:\Users\Christian\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2326167134-1873879114-1292005468-1002: SkypePlugin64 -> C:\Users\Christian\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi-x64.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2326167134-1873879114-1292005468-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin -> C:\Users\Christian\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2326167134-1873879114-1292005468-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin64 -> C:\Users\Christian\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi-x64.dll [2016-03-31] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://soundcloud.com/
CHR StartupUrls: Default -> "hxxps://us.yahoo.com/?fr=fpc-comodo&type=33090001006_hp_sp"
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-25]
CHR Extension: (Google Docs) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-25]
CHR Extension: (Google Drive) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
CHR Extension: (Skype Calling) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-04-11]
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-05-25] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-07] (Dropbox, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2016-03-08] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-04-10] (Lenovo(beijing) Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
R2 lxeb_device; C:\windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-04-10] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-04-10] (Lenovo)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2014-12-22] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-04-10] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-29] (Malwarebytes)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-14] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation                           )
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [899712 2015-05-21] (Bison)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-20 13:46 - 2016-07-20 13:46 - 00031168 _____ C:\Users\Christian\Desktop\state1.sav
2016-07-16 21:43 - 2016-07-02 00:29 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-16 21:43 - 2016-07-02 00:29 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 22:13 - 2016-05-25 09:22 - 00875712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-07-12 22:13 - 2016-05-25 09:22 - 00536768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-07-12 22:13 - 2016-05-25 09:12 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-07-12 22:13 - 2016-05-25 09:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-07-12 21:59 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-12 21:59 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-12 21:59 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-12 21:59 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-12 21:59 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-07-12 21:59 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-07-12 21:59 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2016-07-12 21:59 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2016-07-12 21:59 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2016-07-12 21:59 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2016-07-12 21:59 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2016-07-12 21:59 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2016-07-12 21:58 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-07-12 21:58 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-07-12 21:57 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-12 21:57 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-12 21:57 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-12 21:57 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-12 21:57 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-12 21:57 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-12 21:57 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-12 21:57 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-07-12 21:57 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-12 21:57 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-12 21:57 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-12 21:57 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-12 21:57 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-07-12 21:57 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-12 21:57 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-12 21:57 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-12 21:57 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-12 21:57 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-12 21:57 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-12 21:57 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-07-12 21:57 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-12 21:57 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-07-12 21:57 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-12 21:57 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-12 21:57 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-12 21:57 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-12 21:57 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-12 21:57 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-12 21:57 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-12 21:57 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-12 21:57 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-12 21:57 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-12 21:57 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-12 21:57 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-12 21:57 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-12 21:53 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-11 22:49 - 2016-07-11 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-09 18:25 - 2016-07-09 18:26 - 00281520 _____ C:\windows\Minidump\070916-25109-01.dmp
2016-07-07 00:40 - 2016-07-07 00:40 - 00281464 _____ C:\windows\Minidump\070716-17781-01.dmp
2016-07-04 21:09 - 2016-07-04 21:09 - 00000000 ____D C:\Users\Christian\Downloads\Diablo_2_Patch_1.10
2016-07-04 21:08 - 2016-07-04 21:09 - 06098752 _____ C:\Users\Christian\Downloads\Diablo_2_Patch_1.10.zip
2016-07-04 21:06 - 2016-07-04 21:07 - 06816148 _____ C:\Users\Christian\Downloads\Unconfirmed 972308.crdownload
2016-07-04 21:06 - 2016-07-04 21:06 - 06343200 _____ (Blizzard Entertainment) C:\Users\Christian\Downloads\LODPatch_114d.exe
2016-07-04 21:03 - 2016-07-04 21:03 - 00249856 ____N (Microsoft Corporation) C:\windows\Setup1.exe
2016-07-04 21:03 - 2016-07-04 21:03 - 00073216 _____ (Microsoft Corporation) C:\windows\ST6UNST.EXE
2016-07-04 21:03 - 2016-07-04 21:03 - 00000000 ____D C:\Users\Christian\Downloads\Hero_Editor_Full_V96
2016-07-04 21:03 - 2016-07-04 21:03 - 00000000 ____D C:\Program Files (x86)\Hero Editor
2016-07-04 21:01 - 2016-07-04 21:02 - 05727123 _____ C:\Users\Christian\Downloads\Hero_Editor_Full_V96.zip
2016-07-04 20:31 - 2016-07-04 20:31 - 00021840 _____ C:\windows\SysWOW64\SIntfNT.dll
2016-07-04 20:31 - 2016-07-04 20:31 - 00017212 _____ C:\windows\SysWOW64\SIntf32.dll
2016-07-04 20:31 - 2016-07-04 20:31 - 00012067 _____ C:\windows\SysWOW64\SIntf16.dll
2016-07-04 20:29 - 2016-07-04 20:29 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-07-04 20:20 - 2016-07-04 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-07-04 20:20 - 2016-07-04 20:30 - 00038928 _____ C:\windows\DIIUnin.dat
2016-07-04 20:20 - 2016-07-04 20:20 - 00094208 _____ (Blizzard Entertainment) C:\windows\DIIUnin.exe
2016-07-04 20:20 - 2016-07-04 20:20 - 00002829 _____ C:\windows\DIIUnin.pif
2016-07-04 19:56 - 2016-07-05 22:24 - 00000000 ____D C:\Program Files (x86)\Diablo II
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-01 10:32 - 2016-05-30 20:52 - 00000000 ____D C:\FRST
2016-08-01 10:32 - 2016-05-30 18:29 - 00000000 ____D C:\Users\Christian\Documents\AntiVirus
2016-08-01 10:31 - 2016-03-28 17:01 - 01158232 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-01 10:31 - 2015-12-25 12:49 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-01 10:31 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-08-01 10:30 - 2016-01-07 10:24 - 00000942 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-30 10:58 - 2015-12-25 12:36 - 00000000 ____D C:\Users\Christian
2016-07-30 00:14 - 2015-12-25 12:49 - 00000930 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-30 00:01 - 2016-03-25 13:09 - 00049152 ___SH C:\Users\Christian\Desktop\Thumbs.db
2016-07-29 13:43 - 2015-12-25 12:44 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326167134-1873879114-1292005468-1002
2016-07-29 13:40 - 2016-06-01 22:58 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-29 13:39 - 2015-04-10 09:12 - 01518958 _____ C:\windows\SysWOW64\rootpa.e2e
2016-07-29 13:36 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-29 13:29 - 2016-01-07 10:24 - 00000946 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-28 22:09 - 2015-12-25 12:49 - 00003902 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 22:09 - 2015-12-25 12:49 - 00003666 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 12:07 - 2015-12-25 12:38 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages
2016-07-27 15:25 - 2016-06-02 02:59 - 00504488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-07-22 18:35 - 2016-05-12 21:19 - 00000000 ____D C:\Users\Christian\Documents\OneNote Notebooks
2016-07-17 12:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2016-07-16 21:50 - 2016-06-01 22:53 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-16 21:49 - 2016-06-01 22:53 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-16 21:42 - 2013-08-22 10:44 - 00484264 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-16 21:35 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-15 12:38 - 2015-04-10 09:33 - 00006656 _____ C:\windows\system32\VfService.trf
2016-07-15 09:38 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-07-13 12:12 - 2015-12-28 17:10 - 00000000 ____D C:\windows\system32\MRT
2016-07-13 11:59 - 2015-12-28 17:10 - 144749672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-12 22:18 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2016-07-11 22:50 - 2016-01-07 10:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-09 18:25 - 2016-06-05 16:12 - 699566828 _____ C:\windows\MEMORY.DMP
2016-07-09 18:25 - 2016-06-05 16:12 - 00000000 ____D C:\windows\Minidump
2016-07-08 16:00 - 2016-01-07 09:46 - 00000000 ____D C:\Users\Christian\Documents\Harvey Plexico
2016-07-07 01:23 - 2015-04-10 09:56 - 00000000 ____D C:\ProgramData\LU
2016-07-07 00:52 - 2016-06-25 02:00 - 00002112 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-07-07 00:52 - 2015-04-10 09:32 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2016-07-07 00:52 - 2015-04-10 09:32 - 00000000 ____D C:\windows\Downloaded Installations
2016-07-07 00:52 - 2015-04-10 09:32 - 00000000 ____D C:\Program Files\Lenovo
2016-07-07 00:51 - 2015-12-25 12:38 - 00001283 _____ C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-07-03 15:53 - 2016-01-07 11:34 - 00000000 ____D C:\Users\Christian\Documents\Books
2016-07-03 15:53 - 2016-01-07 10:31 - 00000000 ___RD C:\Users\Christian\Dropbox
2016-07-02 19:16 - 2015-12-25 13:18 - 00000000 ____D C:\Users\Christian\AppData\Local\CyberLink
 
==================== Files in the root of some directories =======
 
2016-05-31 02:54 - 2016-08-01 10:30 - 0127935 _____ () C:\Users\Christian\AppData\Local\BTServer.log
2016-03-26 12:18 - 2016-03-26 12:18 - 0003319 _____ () C:\Users\Christian\AppData\Local\recently-used.xbel
2015-04-10 09:07 - 2015-04-10 09:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-06 17:56 - 2016-03-22 14:59 - 0001251 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\binkw32.dll
C:\Users\Christian\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Christian\AppData\Local\Temp\d2l_Install.exe
C:\Users\Christian\AppData\Local\Temp\libeay32.dll
C:\Users\Christian\AppData\Local\Temp\msvcr120.dll
C:\Users\Christian\AppData\Local\Temp\SIntf16.dll
C:\Users\Christian\AppData\Local\Temp\SIntf32.dll
C:\Users\Christian\AppData\Local\Temp\SIntfNT.dll
C:\Users\Christian\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-21 00:57
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 thrasherpearl

thrasherpearl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 01 August 2016 - 10:38 AM

Thank you for deleting the extra copy of this post. Once I hit post, my internet connection was lost and it must have double posted when I reconnected. Also, it may be worth noting that normally when I run antivirus software, there is generally a little bit of malware or spyware that is found, but recently when I run a multitude of different scan programs absolutely nothing shows up. Either my computer is squeaky clean after nearly 6 months without scans, or something is blocking/hiding from the scanners. It seems to be the latter, as I have mentioned that I am having issues with my laptop shutting down intermittently, virus warning popups, and internet connectivity issues stemming from something altering my connection preferences.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 02 August 2016 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the logs and include the Addition.txt log created by the Farbar tool. I need to review it.

Please me know what problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 08 August 2016 - 07:10 AM

Are you still with me?

#5 thrasherpearl

thrasherpearl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 08 August 2016 - 09:53 AM

Sorry for taking so long, it has been a busy weekend. I did everything listed above. Attached is my new addition.txt and the adwcleaner log file. Below is my new FarBar scan. Thanks!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Stellakinetic (administrator) on BLUEBALLOON (08-08-2016 10:49:40)
Running from C:\Users\Christian\Documents\AntiVirus
Loaded Profiles: Stellakinetic (Available Profiles: Stellakinetic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
( ) C:\Windows\System32\lxebcoms.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-04-10] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-04-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2015-04-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [S6000Mnt] => C:\windows\WebCam\S6000\S6000Mnt.exe [516608 2015-05-21] (Alcor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2856616 2014-12-22] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-25] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23546672 2016-08-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1010144 2016-05-31] (DivX, LLC)
HKU\S-1-5-21-2326167134-1873879114-1292005468-1002\...\Run: [AmoltoRecorder] => C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe [12516000 2015-11-27] (Amolto)
HKU\S-1-5-21-2326167134-1873879114-1292005468-1002\...\MountPoints2: {0292ef07-e398-11e4-8256-806e6f6e6963} - "E:\SETUP.EXE" 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DCCA545B-7E5A-43D4-8DB3-A267EED1D77B}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F9AB6E20-4633-4EA9-89A4-E775AF55B32A}: [DhcpNameServer] 10.10.10.2 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {9AEFF7E4-F075-4096-BEEC-C72716906492} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9AEFF7E4-F075-4096-BEEC-C72716906492} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2326167134-1873879114-1292005468-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2326167134-1873879114-1292005468-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-01] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-01] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Amolto Call Recorder for Skype\Skype4COM.dll [2015-11-27] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\oddlnhd5.default
FF Homepage: hxxps://us.yahoo.com/?fr=fp-comodo&type=33090001004_hp_sp
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2326167134-1873879114-1292005468-1002: SkypePlugin -> C:\Users\Christian\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2326167134-1873879114-1292005468-1002: SkypePlugin64 -> C:\Users\Christian\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi-x64.dll [2016-03-31] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://soundcloud.com/
CHR StartupUrls: Default -> "hxxps://us.yahoo.com/?fr=fpc-comodo&type=33090001006_hp_sp"
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-25]
CHR Extension: (Google Docs) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-25]
CHR Extension: (Google Drive) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
CHR Extension: (Skype Calling) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-04-11]
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-30]
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-05-25] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950856 2016-07-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-07] (Dropbox, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2016-03-08] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-04-10] (Lenovo(beijing) Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
R2 lxeb_device; C:\windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-07-23] (Microsoft Corporation) [File not signed]
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-04-10] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-04-10] (Lenovo)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2014-12-22] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-04-10] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-29] (Malwarebytes)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-14] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation                           )
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [899712 2015-05-21] (Bison)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-07 15:19 - 2016-08-07 15:19 - 00000000 ____D C:\Users\Christian\.QtWebEngineProcess
2016-08-07 15:19 - 2016-08-07 15:19 - 00000000 ____D C:\Users\Christian\.LSC
2016-08-05 16:33 - 2016-08-05 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-05 13:16 - 2016-08-05 13:16 - 00281520 _____ C:\windows\Minidump\080516-25750-01.dmp
2016-07-20 13:46 - 2016-07-20 13:46 - 00031168 _____ C:\Users\Christian\Desktop\state1.sav
2016-07-16 21:43 - 2016-07-02 00:29 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-16 21:43 - 2016-07-02 00:29 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 22:13 - 2016-05-25 09:22 - 00875712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-07-12 22:13 - 2016-05-25 09:22 - 00536768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-07-12 22:13 - 2016-05-25 09:12 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-07-12 22:13 - 2016-05-25 09:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-07-12 21:59 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-12 21:59 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-12 21:59 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-12 21:59 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-12 21:59 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-07-12 21:59 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-07-12 21:59 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2016-07-12 21:59 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2016-07-12 21:59 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2016-07-12 21:59 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2016-07-12 21:59 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2016-07-12 21:59 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2016-07-12 21:58 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-07-12 21:58 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-07-12 21:57 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-12 21:57 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-12 21:57 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-12 21:57 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-12 21:57 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-12 21:57 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-12 21:57 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-12 21:57 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-07-12 21:57 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-12 21:57 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-12 21:57 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-12 21:57 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-12 21:57 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-07-12 21:57 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-12 21:57 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-12 21:57 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-12 21:57 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-12 21:57 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-12 21:57 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-12 21:57 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-07-12 21:57 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-12 21:57 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-07-12 21:57 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-12 21:57 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-12 21:57 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-12 21:57 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-12 21:57 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-12 21:57 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-12 21:57 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-12 21:57 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-12 21:57 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-12 21:57 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-12 21:57 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-12 21:57 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-12 21:57 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-12 21:53 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-09 18:25 - 2016-07-09 18:26 - 00281520 _____ C:\windows\Minidump\070916-25109-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-08 10:49 - 2016-05-30 20:52 - 00000000 ____D C:\FRST
2016-08-08 10:45 - 2016-05-30 18:29 - 00000000 ____D C:\Users\Christian\Documents\AntiVirus
2016-08-08 10:44 - 2015-04-10 09:12 - 01647641 _____ C:\windows\SysWOW64\rootpa.e2e
2016-08-08 10:43 - 2016-01-07 10:24 - 00000942 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-08 10:43 - 2015-12-25 12:49 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-08 10:42 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-08 10:41 - 2016-05-30 20:39 - 00000000 ____D C:\AdwCleaner
2016-08-08 10:41 - 2015-04-10 09:33 - 00006656 _____ C:\windows\system32\VfService.trf
2016-08-08 10:38 - 2016-03-28 17:01 - 01158232 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-08 10:38 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-08-08 10:32 - 2016-03-25 13:09 - 00049152 ___SH C:\Users\Christian\Desktop\Thumbs.db
2016-08-08 10:30 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-08-08 10:29 - 2016-04-12 17:14 - 00000000 ____D C:\Users\Christian\AppData\LocalLow\Temp
2016-08-08 10:29 - 2016-01-07 10:24 - 00000946 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-08 10:14 - 2015-12-25 12:49 - 00000930 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-08 00:20 - 2015-12-25 12:44 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2326167134-1873879114-1292005468-1002
2016-08-07 16:43 - 2015-12-25 12:46 - 00000000 ____D C:\Users\Christian\AppData\Local\Lenovo
2016-08-07 15:19 - 2016-02-14 23:46 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Lenovo
2016-08-07 15:19 - 2015-12-25 12:36 - 00000000 ____D C:\Users\Christian
2016-08-05 16:33 - 2016-01-07 10:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-05 13:16 - 2016-06-05 16:12 - 00000000 ____D C:\windows\Minidump
2016-08-05 13:15 - 2016-06-05 16:12 - 773843692 _____ C:\windows\MEMORY.DMP
2016-08-04 11:50 - 2016-06-01 22:53 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-03 19:38 - 2016-01-07 09:46 - 00000000 ____D C:\Users\Christian\Documents\Harvey Plexico
2016-08-01 10:50 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-01 10:48 - 2015-04-10 09:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-29 13:40 - 2016-06-01 22:58 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-28 22:09 - 2015-12-25 12:49 - 00003902 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 22:09 - 2015-12-25 12:49 - 00003666 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 12:07 - 2015-12-25 12:38 - 00000000 ____D C:\Users\Christian\AppData\Local\Packages
2016-07-27 15:25 - 2016-06-02 02:59 - 00504488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-07-22 18:35 - 2016-05-12 21:19 - 00000000 ____D C:\Users\Christian\Documents\OneNote Notebooks
2016-07-17 12:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2016-07-16 21:50 - 2016-06-01 22:53 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-16 21:42 - 2013-08-22 10:44 - 00484264 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-15 09:38 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-07-13 12:12 - 2015-12-28 17:10 - 00000000 ____D C:\windows\system32\MRT
2016-07-13 11:59 - 2015-12-28 17:10 - 144749672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-12 22:18 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
 
==================== Files in the root of some directories =======
 
2016-05-31 02:54 - 2016-08-08 10:44 - 0143415 _____ () C:\Users\Christian\AppData\Local\BTServer.log
2016-03-26 12:18 - 2016-03-26 12:18 - 0003319 _____ () C:\Users\Christian\AppData\Local\recently-used.xbel
2015-04-10 09:07 - 2015-04-10 09:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-06 17:56 - 2016-03-22 14:59 - 0001251 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\libeay32.dll
C:\Users\Christian\AppData\Local\Temp\msvcr120.dll
C:\Users\Christian\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-06 23:22
 
==================== End of FRST.txt ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 09 August 2016 - 07:17 AM


Your Addition.txt file is clean of malware.

I suggest your update there programs.

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/flashplayer/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
===

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
===

Please let me know what problems persists.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 15 August 2016 - 06:53 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 21 August 2016 - 09:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users