Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

links redirected, page locks with warnings of infections


  • This topic is locked This topic is locked
18 replies to this topic

#1 Aurifex

Aurifex

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 10 September 2016 - 08:47 PM

Please help. I was looking for PIA PRO, a property investment program and was stung by this virus. 

My home page has changed, when I click on something, another page will open then lock with a warning message with a voice letting me know that my private details are at risk.

 

Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Silvana (administrator) on LENOVO-PC (11-09-2016 11:29:52)
Running from C:\Users\Silvana\Downloads
Loaded Profiles: Silvana (Available Profiles: Silvana & aurif_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\PCM3.0Agent\SCCM_Agent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PCMAgent\Server.exe
() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\windows\System32\igfxEM.exe
(Intel Corporation) C:\windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\windows\System32\spool\drivers\x64\3\E_YATIMDE.EXE
(Created By-   Arun Yadav (aruny308@hotmail.com)) C:\Users\Silvana\AppData\Local\Arun Programs\CPU_Meter\CPU_Meter_reYuf-7hbgj.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [384000 2012-03-28] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [226008 2014-07-04] (Realtek Semiconductor Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-04-14] ()
HKLM\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-06] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #1] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #0] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
Startup: C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPU_Meter.lnk [2016-09-11]
ShortcutTarget: CPU_Meter.lnk -> C:\Users\Silvana\AppData\Local\Arun Programs\CPU_Meter\CPU_Meter_reYuf-7hbgj.exe (Created By-   Arun Yadav (aruny308@hotmail.com))
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2336691969-2313138545-3035424032-1001] => hxxp://non-block.com/wpad.dat?037901ba3aa764c9541174636c88767016202462
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{7E98DE20-AF7E-4CC0-BE36-F0192CBC21D3}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{95191FA3-4164-4668-9B69-D5C8A1AB6286}: [DhcpNameServer] 10.1.1.1
ManualProxies: 0hxxp://non-block.com/wpad.dat?037901ba3aa764c9541174636c88767016202462
 
Internet Explorer:
==================
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001 -> DefaultScope {462C4343-66BA-44E8-8623-8D2A9B7D5036} URL = 
SearchScopes: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001 -> {462C4343-66BA-44E8-8623-8D2A9B7D5036} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Google Docs) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Google Drive) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Slither.io Mods) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlenmmkifnhllnjfoangnjokeadhbbk [2016-05-15]
CHR Extension: (Google Sheets) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Video DownloadHelper) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-03-26]
CHR Extension: (Norton Safe) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [101592 2014-07-04] ()
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-06-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-04-14] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27464 2013-09-17] (Lenovo)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-06] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
R2 PCM3.0 for SCCM Agent; C:\Program Files (x86)\Lenovo\PCM3.0Agent\SCCM_Agent.exe [571712 2014-03-04] ()
R2 PCMAgent; C:\Program Files (x86)\Lenovo\PCMAgent\Server.exe [902952 2015-03-15] (Lenovo)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-06] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-06] (Lenovo Group Limited)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [137216 2010-05-05] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [16200 2013-09-17] (Lenovo)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)
R1 NetWorkLocker; C:\windows\syswow64\drivers\NetworkLocker_x64.sys [20392 2015-03-15] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-04-19] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation                           )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-11 11:29 - 2016-09-11 11:30 - 00019070 _____ C:\Users\Silvana\Downloads\FRST.txt
2016-09-11 11:27 - 2016-09-11 11:29 - 00000000 ____D C:\FRST
2016-09-11 11:25 - 2016-09-11 11:26 - 02397696 _____ (Farbar) C:\Users\Silvana\Downloads\FRST64.exe
2016-09-11 11:24 - 2016-09-11 11:25 - 01747968 _____ (Farbar) C:\Users\Silvana\Downloads\FRST.exe
2016-09-10 14:33 - 2016-09-10 14:34 - 00000000 ____D C:\ProgramData\FileFinder
2016-09-10 14:33 - 2016-09-10 14:33 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-10 14:24 - 2016-09-10 14:36 - 00015381 _____ C:\Users\Silvana\Desktop\Investment-Property-Income-Expenses.xlsx
2016-09-10 14:16 - 2016-09-10 14:16 - 00014813 _____ C:\Users\Silvana\Downloads\Investment-Property-Income-Expenses.xlsx
2016-09-08 15:18 - 2016-09-08 16:02 - 00000000 ____D C:\Users\Silvana\Desktop\jewellery photos 8.9.2016
2016-09-03 12:28 - 2016-09-03 12:28 - 00493011 _____ C:\Users\Silvana\Downloads\Employment Contract Sam (1).pdf
2016-09-03 12:06 - 2016-09-03 12:07 - 00493011 _____ C:\Users\Silvana\Downloads\Employment Contract Sam.pdf
2016-08-31 11:28 - 2016-08-31 11:28 - 00070266 _____ C:\Users\Silvana\Downloads\1_11_CleaningJewellery_Signoff_Task_Learner (1).pdf
2016-08-31 11:27 - 2016-08-31 11:27 - 00070266 _____ C:\Users\Silvana\Downloads\1_11_CleaningJewellery_Signoff_Task_Learner.pdf
2016-08-31 11:10 - 2016-08-31 11:11 - 03626421 _____ C:\Users\Silvana\Downloads\81399e299bea482557289b8b38ba04be_1_ER018664_Wild Hearts Cheat Sheet_HiRes.pdf
2016-08-27 16:34 - 2016-08-27 16:34 - 00193546 _____ C:\Users\Silvana\Downloads\1_Consumer Law Compliance Policy Acknowledgment.pdf
2016-08-24 13:45 - 2016-08-24 13:45 - 00000025 _____ C:\Users\Silvana\Downloads\ATT00001.txt
2016-08-24 09:30 - 2016-08-24 09:30 - 00294577 _____ C:\Users\Silvana\Downloads\Ticket Order.pdf
2016-08-19 12:55 - 2016-08-19 12:55 - 00586018 _____ C:\Users\Silvana\Downloads\9 CT HOOP SELECTION 19.8.2016.xlsx
2016-08-15 19:37 - 2016-08-15 19:37 - 00036799 _____ C:\Users\Silvana\Desktop\TaxTools_3120179_2015_2016.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-11 11:30 - 2016-03-14 06:14 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-11 11:23 - 2016-03-12 07:54 - 00000000 ____D C:\Users\Silvana\AppData\Local\SweetLabs App Platform
2016-09-11 11:03 - 2016-03-14 06:14 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-11 11:03 - 2016-03-12 10:53 - 00000000 ___RD C:\Users\Silvana\OneDrive
2016-09-11 11:03 - 2016-03-12 07:54 - 00000000 ____D C:\Users\Silvana
2016-09-11 10:56 - 2016-03-14 08:56 - 00000939 _____ C:\windows\Tasks\EPSON WF-2630 Series Update {E7D9FCE2-036A-4305-A65C-84FC965D1D25}.job
2016-09-11 09:40 - 2016-03-12 11:04 - 00003794 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{BD06261E-6FCA-4195-AE5C-CCDC809BBF97}
2016-09-10 15:31 - 2013-08-23 01:36 - 00000000 ____D C:\windows\AppReadiness
2016-09-10 15:00 - 2016-03-12 08:02 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2336691969-2313138545-3035424032-1001
2016-09-10 14:33 - 2016-03-14 06:19 - 00002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-10 14:33 - 2016-03-12 07:57 - 00001551 _____ C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-10 14:11 - 2014-11-21 14:44 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-10 14:11 - 2013-08-22 23:36 - 00000000 ____D C:\windows\Inf
2016-09-10 14:05 - 2015-03-15 10:01 - 00041544 _____ C:\windows\system32\wpbbin.exe
2016-09-10 14:05 - 2015-03-15 10:01 - 00017408 ____N C:\windows\SysWOW64\rpcnetp.exe
2016-09-10 14:05 - 2015-03-15 10:01 - 00017408 ____N C:\windows\system32\rpcnetp.exe
2016-09-10 14:05 - 2013-08-23 00:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-10 11:57 - 2013-08-22 23:25 - 00786432 ___SH C:\windows\system32\config\BBI
2016-09-10 10:41 - 2016-03-14 09:38 - 03456512 ___SH C:\Users\Silvana\Desktop\Thumbs.db
2016-09-08 14:36 - 2016-07-06 13:34 - 00000000 ____D C:\Users\Silvana\Desktop\New Stock
2016-08-30 19:26 - 2016-03-14 09:37 - 00000000 ____D C:\Users\Silvana\Desktop\Sams Stuff
2016-08-24 13:46 - 2016-03-14 19:22 - 00386048 ___SH C:\Users\Silvana\Downloads\Thumbs.db
2016-08-21 15:04 - 2016-07-29 16:26 - 00000000 ____D C:\Users\Silvana\Documents\Michael Hill
2016-08-19 13:28 - 2013-08-23 01:20 - 00000000 ____D C:\windows\CbsTemp
2016-08-15 14:55 - 2013-08-23 00:44 - 00481120 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-15 14:51 - 2013-08-23 01:36 - 00000000 ___RD C:\windows\ToastData
2016-08-15 14:51 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2016-08-15 10:23 - 2016-04-06 14:54 - 00000000 ____D C:\windows\system32\MRT
2016-08-15 10:09 - 2016-04-06 14:54 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-08-12 12:18 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
 
==================== Files in the root of some directories =======
 
2016-03-12 07:57 - 2016-09-11 11:05 - 0450993 _____ () C:\Users\Silvana\AppData\Local\BTServer.log
2016-08-11 10:15 - 2016-08-11 10:15 - 0000218 _____ () C:\Users\Silvana\AppData\Local\recently-used.xbel
2015-03-15 10:22 - 2015-03-15 10:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Silvana\AppData\Local\Temp\e23d-8a4e-49d0-b860.exe
C:\Users\Silvana\AppData\Local\Temp\oct6D39.tmp.exe
C:\Users\Silvana\AppData\Local\Temp\oct9279.tmp.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 10:01
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 11 September 2016 - 12:40 PM

Hi Aurifex :)

 

My name is polskamachina and I would like to welcome you back to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#3 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 11 September 2016 - 08:36 PM

Hello polskamachina,

 

Thank you for your response, I look forward to further instructions from you shortly.

 

Thanks again.

 

Ben



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 11 September 2016 - 09:37 PM

Hi Ben :)
 
Let's start with a couple of programs to clean things up a bit.

  • Copy and paste in its entirety, the following text into an empty Notepad window.
CloseProcesses:
CreateRestorePoint:
RemoveProxy:
AutoConfigURL: [S-1-5-21-2336691969-2313138545-3035424032-1001] => hxxp://non-block.com/wpad.dat?037901ba3aa764c9541174636c88767016202462
ManualProxies: 0hxxp://non-block.com/wpad.dat?037901ba3aa764c9541174636c88767016202462
2016-09-10 14:33 - 2016-09-10 14:33 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-10 14:33 - 2016-09-10 14:34 - 00000000 ____D C:\ProgramData\FileFinder
2015-03-15 10:22 - 2015-03-15 10:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001 -> DefaultScope {462C4343-66BA-44E8-8623-8D2A9B7D5036} URL = 
SearchScopes: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001 -> {462C4343-66BA-44E8-8623-8D2A9B7D5036} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
  • Save the file as fixlist.txt to your Downloads folder Note: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
  • Run FRST64
  • Let the program update if it requests to do so.
  • Click on the Fix button
  • It should only take a few moments to complete the fix.
  • If you are prompted to restart the computer, let it restart.
  • When the computer has rebooted, a file named Fixlog.txt will appear in your Downloads folder.
  • Copy and paste the contents of that file in your next reply to me

 Next:

  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Right-click AdwCleaner.exe and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open with a list of logfile(s)
  • Make sure the Scan tab is selected at the top of the window
  • Double-click the log at the top of the list and the log will appear in Notepad. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile into your next reply to me.
  • A copy of all logfiles are saved to C:\AdwCleaner.

Next:

  • Run FRST64 again
  • Check the box for Addition.txt
  • Click on the Scan button
  • When the scan has completed, two logs FRST.txt and Addition.txt will appear
  • Copy and paste the contents of the logs into your next reply to me

In summary I will need from you:

  • Fixlog.txt
  • AdwCleaner scan log
  • FRST.txt
  • Addition.txt
  • How is your computer performing now?

Let me know if you have any questions.

 

polskamachina


Edited by polskamachina, 11 September 2016 - 11:25 PM.


#5 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 02:53 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Silvana (12-09-2016 17:51:53) Run:1
Running from C:\Users\Silvana\Downloads
Loaded Profiles: Silvana (Available Profiles: Silvana & aurif_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
RemoveProxy:
AutoConfigURL: [S-1-5-21-2336691969-2313138545-3035424032-1001] => hxxp://non-block.com/wpad.dat?037901ba3aa764c9541174636c88767016202462
ManualProxies: 0hxxp://non-block.com/wpad.dat?037901ba3aa764c9541174636c88767016202462
2016-09-10 14:33 - 2016-09-10 14:33 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-10 14:33 - 2016-09-10 14:34 - 00000000 ____D C:\ProgramData\FileFinder
2015-03-15 10:22 - 2015-03-15 10:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001 -> DefaultScope {462C4343-66BA-44E8-8623-8D2A9B7D5036} URL = 
SearchScopes: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001 -> {462C4343-66BA-44E8-8623-8D2A9B7D5036} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
*****************
 
Processes closed successfully.
Restore point was successfully created.
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
C:\ProgramData\Webitar Production Inc => moved successfully
C:\ProgramData\FileFinder => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{462C4343-66BA-44E8-8623-8D2A9B7D5036}" => key removed successfully
HKCR\CLSID\{462C4343-66BA-44E8-8623-8D2A9B7D5036} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
"HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 17:52:29 ====


#6 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 03:05 AM

# AdwCleaner v6.010 - Logfile created 12/09/2016 at 18:07:35
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-11.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Silvana - LENOVO-PC
# Running from : C:\Users\Silvana\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Silvana\AppData\Local\SweetLabs App Platform
Folder Found:  C:\Users\aurif_000\AppData\Local\SweetLabs App Platform
Folder Found:  C:\ProgramData\pokki
Folder Found:  C:\ProgramData\Pokki
Folder Found:  C:\ProgramData\Application Data\pokki
Folder Found:  C:\ProgramData\Application Data\Pokki
Folder Found:  C:\Users\Default User\AppData\Local\Pokki
Folder Found:  C:\Users\Default\AppData\Local\Pokki
 
 
***** [ Files ] *****
 
File Found:  C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
File Found:  C:\Users\aurif_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  SweetLabs App Platform
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\SweetLabs App Platform
Key Found:  HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found:  HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found:  HKCU\Software\SweetLabs App Platform
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Value Found:  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1]
Key Found:  HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found:  HKCU\Software\Classes\Directory\shell\pokki
Key Found:  HKCU\Software\Classes\Drive\shell\pokki
Key Found:  HKCU\Software\Classes\lnkfile\shell\pokki
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2443 Bytes] - [12/09/2016 18:07:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2516 Bytes] ##########


#7 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 03:09 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Silvana (administrator) on LENOVO-PC (12-09-2016 18:13:58)
Running from C:\Users\Silvana\Downloads
Loaded Profiles: Silvana (Available Profiles: Silvana & aurif_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\PCM3.0Agent\SCCM_Agent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PCMAgent\Server.exe
() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Intel Corporation) C:\windows\System32\igfxEM.exe
(Intel Corporation) C:\windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Pokki) C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\windows\System32\spool\drivers\x64\3\E_YATIMDE.EXE
(Created By-   Arun Yadav (aruny308@hotmail.com)) C:\Users\Silvana\AppData\Local\Arun Programs\CPU_Meter\CPU_Meter_reYuf-7hbgj.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [384000 2012-03-28] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [226008 2014-07-04] (Realtek Semiconductor Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-04-14] ()
HKLM\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-06] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #1] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #0] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)
Startup: C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPU_Meter.lnk [2016-09-12]
ShortcutTarget: CPU_Meter.lnk -> C:\Users\Silvana\AppData\Local\Arun Programs\CPU_Meter\CPU_Meter_reYuf-7hbgj.exe (Created By-   Arun Yadav (aruny308@hotmail.com))
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{7E98DE20-AF7E-4CC0-BE36-F0192CBC21D3}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{95191FA3-4164-4668-9B69-D5C8A1AB6286}: [DhcpNameServer] 10.1.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Google Docs) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Google Drive) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Slither.io Mods) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlenmmkifnhllnjfoangnjokeadhbbk [2016-05-15]
CHR Extension: (Google Sheets) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Video DownloadHelper) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-03-26]
CHR Extension: (Norton Safe) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [101592 2014-07-04] ()
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-06-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-04-14] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27464 2013-09-17] (Lenovo)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-06] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
R2 PCM3.0 for SCCM Agent; C:\Program Files (x86)\Lenovo\PCM3.0Agent\SCCM_Agent.exe [571712 2014-03-04] ()
R2 PCMAgent; C:\Program Files (x86)\Lenovo\PCMAgent\Server.exe [902952 2015-03-15] (Lenovo)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-06] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-06] (Lenovo Group Limited)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [137216 2010-05-05] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [16200 2013-09-17] (Lenovo)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)
R1 NetWorkLocker; C:\windows\syswow64\drivers\NetworkLocker_x64.sys [20392 2015-03-15] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-04-19] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation                           )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-12 18:13 - 2016-09-12 18:14 - 00017843 _____ C:\Users\Silvana\Downloads\FRST.txt
2016-09-12 18:04 - 2016-09-12 18:07 - 00000000 ____D C:\AdwCleaner
2016-09-12 18:01 - 2016-09-12 18:03 - 03826240 _____ C:\Users\Silvana\Desktop\AdwCleaner.exe
2016-09-12 17:51 - 2016-09-12 17:52 - 00004435 _____ C:\Users\Silvana\Downloads\Fixlog.txt
2016-09-12 17:48 - 2016-09-12 17:48 - 00000000 _____ C:\Users\Silvana\Desktop\New Text Document.txt
2016-09-11 11:31 - 2016-09-11 11:32 - 00037658 _____ C:\Users\Silvana\Desktop\Addition.txt
2016-09-11 11:29 - 2016-09-11 11:32 - 00026309 _____ C:\Users\Silvana\Desktop\FRST.txt
2016-09-11 11:27 - 2016-09-12 18:13 - 00000000 ____D C:\FRST
2016-09-11 11:25 - 2016-09-11 11:26 - 02397696 _____ (Farbar) C:\Users\Silvana\Downloads\FRST64.exe
2016-09-10 14:24 - 2016-09-10 14:36 - 00015381 _____ C:\Users\Silvana\Desktop\Investment-Property-Income-Expenses.xlsx
2016-09-10 14:16 - 2016-09-10 14:16 - 00014813 _____ C:\Users\Silvana\Downloads\Investment-Property-Income-Expenses.xlsx
2016-09-08 15:18 - 2016-09-08 16:02 - 00000000 ____D C:\Users\Silvana\Desktop\jewellery photos 8.9.2016
2016-09-03 12:28 - 2016-09-03 12:28 - 00493011 _____ C:\Users\Silvana\Downloads\Employment Contract Sam (1).pdf
2016-09-03 12:06 - 2016-09-03 12:07 - 00493011 _____ C:\Users\Silvana\Downloads\Employment Contract Sam.pdf
2016-08-31 11:28 - 2016-08-31 11:28 - 00070266 _____ C:\Users\Silvana\Downloads\1_11_CleaningJewellery_Signoff_Task_Learner (1).pdf
2016-08-31 11:27 - 2016-08-31 11:27 - 00070266 _____ C:\Users\Silvana\Downloads\1_11_CleaningJewellery_Signoff_Task_Learner.pdf
2016-08-31 11:10 - 2016-08-31 11:11 - 03626421 _____ C:\Users\Silvana\Downloads\81399e299bea482557289b8b38ba04be_1_ER018664_Wild Hearts Cheat Sheet_HiRes.pdf
2016-08-27 16:34 - 2016-08-27 16:34 - 00193546 _____ C:\Users\Silvana\Downloads\1_Consumer Law Compliance Policy Acknowledgment.pdf
2016-08-24 13:45 - 2016-08-24 13:45 - 00000025 _____ C:\Users\Silvana\Downloads\ATT00001.txt
2016-08-24 09:30 - 2016-08-24 09:30 - 00294577 _____ C:\Users\Silvana\Downloads\Ticket Order.pdf
2016-08-19 12:55 - 2016-08-19 12:55 - 00586018 _____ C:\Users\Silvana\Downloads\9 CT HOOP SELECTION 19.8.2016.xlsx
2016-08-15 19:37 - 2016-08-15 19:37 - 00036799 _____ C:\Users\Silvana\Desktop\TaxTools_3120179_2015_2016.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-12 18:06 - 2016-03-12 11:04 - 00003794 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{BD06261E-6FCA-4195-AE5C-CCDC809BBF97}
2016-09-12 18:00 - 2014-11-21 14:44 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-12 18:00 - 2013-08-22 23:36 - 00000000 ____D C:\windows\Inf
2016-09-12 17:58 - 2016-03-14 06:14 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-12 17:58 - 2016-03-12 10:53 - 00000000 ___RD C:\Users\Silvana\OneDrive
2016-09-12 17:56 - 2016-03-14 08:56 - 00000939 _____ C:\windows\Tasks\EPSON WF-2630 Series Update {E7D9FCE2-036A-4305-A65C-84FC965D1D25}.job
2016-09-12 17:54 - 2013-08-23 00:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-12 17:53 - 2015-03-15 10:01 - 00041544 _____ C:\windows\system32\wpbbin.exe
2016-09-12 17:53 - 2015-03-15 10:01 - 00017408 ____N C:\windows\SysWOW64\rpcnetp.exe
2016-09-12 17:53 - 2015-03-15 10:01 - 00017408 ____N C:\windows\system32\rpcnetp.exe
2016-09-12 17:53 - 2013-08-22 23:25 - 00786432 ___SH C:\windows\system32\config\BBI
2016-09-12 17:38 - 2016-03-12 07:54 - 00000000 ____D C:\Users\Silvana\AppData\Local\SweetLabs App Platform
2016-09-12 17:30 - 2016-03-14 06:14 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-11 11:03 - 2016-03-12 07:54 - 00000000 ____D C:\Users\Silvana
2016-09-10 15:31 - 2013-08-23 01:36 - 00000000 ____D C:\windows\AppReadiness
2016-09-10 15:00 - 2016-03-12 08:02 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2336691969-2313138545-3035424032-1001
2016-09-10 14:33 - 2016-03-14 06:19 - 00002314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-10 14:33 - 2016-03-12 07:57 - 00001551 _____ C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-10 10:41 - 2016-03-14 09:38 - 03456512 ___SH C:\Users\Silvana\Desktop\Thumbs.db
2016-09-08 14:36 - 2016-07-06 13:34 - 00000000 ____D C:\Users\Silvana\Desktop\New Stock
2016-08-30 19:26 - 2016-03-14 09:37 - 00000000 ____D C:\Users\Silvana\Desktop\Sams Stuff
2016-08-24 13:46 - 2016-03-14 19:22 - 00386048 ___SH C:\Users\Silvana\Downloads\Thumbs.db
2016-08-21 15:04 - 2016-07-29 16:26 - 00000000 ____D C:\Users\Silvana\Documents\Michael Hill
2016-08-19 13:28 - 2013-08-23 01:20 - 00000000 ____D C:\windows\CbsTemp
2016-08-15 14:55 - 2013-08-23 00:44 - 00481120 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-15 14:51 - 2013-08-23 01:36 - 00000000 ___RD C:\windows\ToastData
2016-08-15 14:51 - 2013-08-23 01:36 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2016-08-15 10:23 - 2016-04-06 14:54 - 00000000 ____D C:\windows\system32\MRT
2016-08-15 10:09 - 2016-04-06 14:54 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-03-12 07:57 - 2016-09-12 18:00 - 0461167 _____ () C:\Users\Silvana\AppData\Local\BTServer.log
2016-08-11 10:15 - 2016-08-11 10:15 - 0000218 _____ () C:\Users\Silvana\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\Silvana\AppData\Local\Temp\e23d-8a4e-49d0-b860.exe
C:\Users\Silvana\AppData\Local\Temp\oct6D39.tmp.exe
C:\Users\Silvana\AppData\Local\Temp\oct9279.tmp.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 10:01
 
==================== End of FRST.txt ============================


#8 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 03:10 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Silvana (12-09-2016 18:15:19)
Running from C:\Users\Silvana\Downloads
Windows 8.1 (Update) (X64) (2016-03-11 21:56:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2336691969-2313138545-3035424032-500 - Administrator - Disabled)
aurif_000 (S-1-5-21-2336691969-2313138545-3035424032-1004 - Limited - Enabled) => C:\Users\aurif_000
Guest (S-1-5-21-2336691969-2313138545-3035424032-501 - Limited - Disabled)
Silvana (S-1-5-21-2336691969-2313138545-3035424032-1001 - Administrator - Enabled) => C:\Users\Silvana
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dropbox 15 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-2630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2630 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoPro (Version: 0.1.2371 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{701bfbd9-f576-470f-8fd0-eca3e608bd97}) (Version: 0.1.0.2371 - GoPro, Inc.)
GoPro Studio (x32 Version: 5.8.2371 - GoPro, Inc.) Hidden
Host App Service (HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\SweetLabs_AP) (Version: 0.269.7.978 - Pokki)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
Lenovo Bluetooth Lock (HKLM\...\Lenovo Bluetooth Lock_is1) (Version: 1.0.0718 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo Slim USB Keyboard (HKLM\...\{494D80C4-3557-4D73-A153-65FE4B3ECDC3}) (Version: 1.11 - Lenovo)
Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nitro Pro 9 (HKLM\...\{199748CD-E046-4D0F-A9D1-0712EE050EFC}) (Version: 9.5.1.5 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PCM3.0Agent (HKLM-x32\...\{0B0551FD-A800-4FF5-8809-DFF53DC50815}) (Version: 3.0.2014.0314 - Lenovo)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.8 - Bluefive software)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.003.11 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.816.818.071514 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7278 - Realtek Semiconductor Corp.)
Realtek Wireless LAN Adapter Software (HKLM-x32\...\{E462B252-195B-47EA-98E2-BAC3C2DF7D37}) (Version: 1.00.0045.0 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo)
Start Menu (HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.978 - Pokki)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Intel (TXEIx64) System  (01/12/2014 1.1.0.1064) (HKLM\...\A04016CD9BE001E1E26C1405AEC21A73CBE6DD0D) (Version: 01/12/2014 1.1.0.1064 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display  (06/11/2014 10.18.10.3643) (HKLM\...\4F0BF7D1EED28EE64C5CCA464CACEAFCC155E978) (Version: 06/11/2014 10.18.10.3643 - Intel Corporation)
Windows Driver Package - Intel hdc  (07/09/2013 9.4.4.1005) (HKLM\...\A4AEC978028FE7680C8A71014EBFDC1BC919B90E) (Version: 07/09/2013 9.4.4.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.4.4.1005) (HKLM\...\46642347D8079286471ADD59EEC613AF8F7F2C70) (Version: 07/09/2013 9.4.4.1005 - Intel)
Windows Driver Package - Intel System  (07/09/2013 9.4.4.1005) (HKLM\...\62A6FFF8BA9ACE2A6A3789D9FFCC692588A13128) (Version: 07/09/2013 9.4.4.1005 - Intel)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {085B8C76-030A-4C00-9B41-7AB9B206B600} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CD49F6F-F3FE-4FE1-8103-46B12DBD00E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {297A237D-ED68-49C1-A990-61E37655D365} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-06] (Lenovo Group Limited)
Task: {2A891DDF-07A2-48A1-97C5-36AFF8EC62AE} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2014-12-13] ()
Task: {3F9325CC-617F-4C2B-B620-EEB6450BA8C1} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {518FAFED-AC6F-4448-9E75-ED4108C11C8D} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe
Task: {5A6F7A5F-5939-4AB9-A2E0-C9D9E0044F05} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-06-13] (Realtek Semiconductor)
Task: {6341D8CD-6BCC-4FD7-A7C6-95796AB3C3E8} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe
Task: {6BFF4839-ECD6-42C8-BB8E-D0A171859EAC} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {713ACE05-FA49-45BC-B44C-C9FECEB7B20A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {722591A4-7129-4160-80CD-5BC106355181} - System32\Tasks\SweetLabs App Platform => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-07-28] (Pokki)
Task: {8FE182F1-E4ED-40ED-8901-B65AF2BF44C4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-06-19] (Realtek Semiconductor)
Task: {95308A5F-6AE6-4DE8-A632-053F9316D9D2} - System32\Tasks\EPSON WF-2630 Series Update {E7D9FCE2-036A-4305-A65C-84FC965D1D25} => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {BDC6BC28-6DC0-410E-97A6-3CC4161C8FD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-08] (Lenovo)
Task: {C7068FA4-2269-47BC-94F5-510EBAC65533} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {DD32C1F5-6B39-4836-AF95-1BE961D9E416} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] ()
Task: {E3D4CFF4-6646-40FA-9076-2D7674DFC0D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {F3531E3B-96A3-485C-90A0-B20A25C8280B} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo)
Task: {FB4795D3-374C-4210-BDFC-B99FE8B63645} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {FC1FB49E-C0FE-4261-AF9E-7D1E63EE0079} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\EPSON WF-2630 Series Update {E7D9FCE2-036A-4305-A65C-84FC965D1D25}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{E7D9FCE2-036A-4305-A65C-84FC965D1D25} /F:Update WORKGROUP\LENOVO-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Silvana\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2748945483_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=google&cc=AU&setlang=en-US&inlang=en-AU&adlt=moderate&scale=100&contrast=none&hw=1080%2C1920&CVID=0BDF7A387DA14ED586578D6D344D0129
 
ShortcutWithArgument: C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1473481540&a=1004373&src=sh&uuid=0acfdc71-710c-4518-ae7e-6b1a9d278ae5,1473481442975"
ShortcutWithArgument: C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://tech-connect.biz/?ssid=1473481540&a=1004373&src=sh&uuid=0acfdc71-710c-4518-ae7e-6b1a9d278ae5,1473481442975"
ShortcutWithArgument: C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1473481540&a=1004373&src=sh&uuid=0acfdc71-710c-4518-ae7e-6b1a9d278ae5,1473481442975"
ShortcutWithArgument: C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://tech-connect.biz/?ssid=1473481540&a=1004373&src=sh&uuid=0acfdc71-710c-4518-ae7e-6b1a9d278ae5,1473481442975"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://tech-connect.biz/?ssid=1473481540&a=1004373&src=sh&uuid=0acfdc71-710c-4518-ae7e-6b1a9d278ae5,1473481442975"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-15 10:24 - 2014-07-04 02:22 - 00101592 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-05-16 11:39 - 2014-05-16 11:39 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-03-15 10:44 - 2014-03-04 09:34 - 00571712 _____ () C:\Program Files (x86)\Lenovo\PCM3.0Agent\SCCM_Agent.exe
2010-05-05 03:47 - 2010-05-05 03:47 - 00137216 _____ () C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
2016-04-14 01:00 - 2016-04-14 01:00 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-14 01:00 - 2016-04-14 01:00 - 01088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2015-03-15 10:42 - 2014-03-06 01:55 - 00035688 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2016-05-11 10:33 - 2016-05-11 10:33 - 00569856 _____ () C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2016-05-11 10:33 - 2016-05-11 10:33 - 01400846 _____ () C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2016-05-11 10:33 - 2016-05-11 10:33 - 00151054 _____ () C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2016-05-11 10:33 - 2016-05-11 10:33 - 00222734 _____ () C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2016-08-04 11:32 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-04 11:32 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Silvana\Desktop\IMG_0790.JPG
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E921C1AC-8874-4C12-9911-8A99C0694964}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{77138DFF-5518-4C99-A478-3B9BE0DA07E4}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{6BCBC13B-FA8D-47AC-AC7B-69BC08D53F48}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{13DD8A1A-F9D1-4725-B5EF-2C2A3DBFEA85}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{3863690D-5358-4A8A-BFE5-D3222D9B4FC6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{98C37EBC-9F5F-4F2E-8801-6DF9C8F3B97B}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{B8F9D99F-6794-40EE-BF76-1E1EC14AA5D0}] => (Allow) C:\Users\Silvana\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{1AA14508-86F5-4E48-A441-B2389FB21248}] => (Allow) C:\Users\Silvana\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AA6025AB-BE68-484B-A623-802D332ADCA0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{7289A316-449B-413B-82DE-668A65846FE5}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{1FA67EBA-6D1E-4D35-A516-056CB9E4B690}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{026F71D3-0818-4275-8690-79B67487C06B}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{523E5B74-29BF-4D26-9CDF-B9FD12C14E2D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F8563BF-A83B-4D15-A28C-1973273458DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0B8A2039-0761-4956-8682-B5CD548833D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4D1832F4-2922-4647-A3A9-DC36ABE42881}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D66A2122-78A5-47D0-B49F-99F3E8884F8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C5E90426-1500-446B-83FC-92078D8D0955}] => (Allow) LPort=2869
FirewallRules: [{3A0182B0-28FA-4B05-8BE7-B29ECCCB7F72}] => (Allow) LPort=1900
FirewallRules: [{E7B476D0-FCA0-4E1B-B585-C42062261EC1}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{898C1028-E5C9-4B12-B5E8-88C63BCD27AF}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{E3334B2C-4F83-47FB-B235-0741DBE471AB}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{797758B6-7D45-4617-8377-ADA8EFB42B02}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [TCP Query User{2E1BD183-BF45-4BBD-BEA4-C0168162E2C8}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{BB77A29B-1539-4DAF-83E1-59531E857D80}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{12C75819-0A73-43A3-B0F4-CE28D55B5620}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{32EF5FC3-5206-4CBA-887B-EB821507FFB3}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{709526EA-1481-4E28-B2DA-7654E779753F}C:\program files (x86)\caplio software\rgatelxp.exe] => (Allow) C:\program files (x86)\caplio software\rgatelxp.exe
FirewallRules: [UDP Query User{F2C37BB7-34FA-48D4-81BD-228E875E201A}C:\program files (x86)\caplio software\rgatelxp.exe] => (Allow) C:\program files (x86)\caplio software\rgatelxp.exe
FirewallRules: [{D3440640-87AB-43FA-AD42-0092716720CB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6AAB3BEE-894C-4F0C-9B46-CE17D1849B7C}] => (Allow) C:\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
27-06-2016 11:25:08 Windows Update
03-07-2016 09:22:22 Installed Caplio Software
04-07-2016 14:27:08 Installed Caplio Software
12-07-2016 16:23:41 Installed Epson Software Updater
16-07-2016 09:35:50 Windows Update
22-07-2016 13:16:00 Windows Update
15-08-2016 09:53:40 Windows Update
19-08-2016 13:27:09 Windows Update
29-08-2016 13:21:01 Windows Update
12-09-2016 17:52:03 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2016 05:58:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (09/12/2016 05:58:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/12/2016 05:58:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (09/12/2016 05:58:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (09/12/2016 05:58:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (09/12/2016 05:58:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (09/12/2016 05:56:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (09/12/2016 05:56:42 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (09/12/2016 05:56:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (09/12/2016 05:56:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (09/12/2016 05:53:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (09/12/2016 05:53:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (09/12/2016 05:53:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (09/12/2016 05:52:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (09/12/2016 05:51:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nalpeiron Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/12/2016 05:51:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PCM3.0 for SCCM Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/12/2016 05:51:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo PCM Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/12/2016 05:51:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skdaemon Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/12/2016 05:51:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (09/12/2016 05:51:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-09-12 18:05:05.418
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 18:05:04.274
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 18:05:00.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 18:04:59.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 18:04:58.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 18:01:10.689
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 18:01:09.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 18:01:07.919
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 11:42:42.795
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-12 11:42:41.587
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU J2900 @ 2.41GHz
Percentage of memory in use: 47%
Total physical RAM: 4016 MB
Available physical RAM: 2118.74 MB
Total Virtual: 4720 MB
Available Virtual: 2660.85 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:453.46 GB) (Free:143.82 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C30B6651)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#9 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 12 September 2016 - 03:14 AM

Still infected :( Sorry 



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 12 September 2016 - 03:58 PM

Hi Ben,
 
Good job with the fix and the scans.  :thumbup2:
 
That first run through wasn't supposed to correct everything. Let's continue.
 
Copy and paste in its entirety the text below into :Notepad

CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #1] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #0] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
C:\Users\Silvana\AppData\Local\SweetLabs App Platform
Task: {722591A4-7129-4160-80CD-5BC106355181} - System32\Tasks\SweetLabs App Platform => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-07-28] (Pokki)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTIONTask: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
C:\Users\Silvana\AppData\Local\Temp\e23d-8a4e-49d0-b860.exe
C:\Users\Silvana\AppData\Local\Temp\oct6D39.tmp.exe
C:\Users\Silvana\AppData\Local\Temp\oct9279.tmp.exe
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
  • Save the file as fixlist.txt to your Downloads folder.
  • Run FRST64
  • When the window opens, click on the Fix button.
  • After the fix has completed, please copy and paste Fixlog.txt into your next reply to me.

Next:

  • Run AdwCleaner again
  • Click on the Scan button
  • AdwCleaner will begin...be patient as the scan may take some time to complete
  • After the scan has finished and if there is anything you want to keep, uncheck the box next to it (them)
  • Click the Clean button
  • Press OK when asked to close all programs and follow the onscreen prompts
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report)
  • Copy and paste the contents of that log into your next reply to me
  • A copy of that log will also be saved in the C:\AdwCleaner folder

Next:
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
  • .
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Open Malwarebytes Anti-Malware.
    • Click the Scan Tab at the top.
    • Click the View detailed log link on the right.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

In summary I will need from you:

  • fixlist.txt
  • AdwCleaner log
  • Malwarebytes Anti-malware log
  • How is your computer running now?

Let me know if you have any questions.
 
polskamachina


Edited by polskamachina, 12 September 2016 - 04:52 PM.


#11 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 13 September 2016 - 03:18 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by Silvana (13-09-2016 18:20:36) Run:2
Running from C:\Users\Silvana\Downloads
Loaded Profiles: Silvana (Available Profiles: Silvana & aurif_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #1] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\...\RunOnce: [Application Restart #0] => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-07-28] (Pokki)
C:\Users\Silvana\AppData\Local\SweetLabs App Platform
Task: {722591A4-7129-4160-80CD-5BC106355181} - System32\Tasks\SweetLabs App Platform => C:\Users\Silvana\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-07-28] (Pokki)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTIONTask: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
C:\Users\Silvana\AppData\Local\Temp\e23d-8a4e-49d0-b860.exe
C:\Users\Silvana\AppData\Local\Temp\oct6D39.tmp.exe
C:\Users\Silvana\AppData\Local\Temp\oct9279.tmp.exe
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value removed successfully
HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => value removed successfully
C:\Users\Silvana\AppData\Local\SweetLabs App Platform => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{722591A4-7129-4160-80CD-5BC106355181}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{722591A4-7129-4160-80CD-5BC106355181}" => key removed successfully
C:\windows\System32\Tasks\SweetLabs App Platform => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
C:\Users\Silvana\AppData\Local\Temp\e23d-8a4e-49d0-b860.exe => moved successfully
C:\Users\Silvana\AppData\Local\Temp\oct6D39.tmp.exe => moved successfully
C:\Users\Silvana\AppData\Local\Temp\oct9279.tmp.exe => moved successfully
C:\Windows\SysWOW64\dlumd10.dll => moved successfully
C:\Windows\SysWOW64\dlumd11.dll => moved successfully
C:\Windows\SysWOW64\dlumd9.dll => moved successfully
C:\Windows\System32\dlumd10.dll => moved successfully
C:\Windows\System32\dlumd11.dll => moved successfully
C:\Windows\System32\dlumd9.dll => moved successfully
"C:\Windows\SysWOW64\dlumd10.dll" => not found.
"C:\Windows\SysWOW64\dlumd11.dll" => not found.
"C:\Windows\SysWOW64\dlumd9.dll" => not found.
"C:\Windows\System32\dlumd10.dll" => not found.
"C:\Windows\System32\dlumd11.dll" => not found.
"C:\Windows\System32\dlumd9.dll" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:21:19 ====


#12 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 13 September 2016 - 03:31 AM

# AdwCleaner v6.010 - Logfile created 13/09/2016 at 18:32:10
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-13.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Silvana - LENOVO-PC
# Running from : C:\Users\Silvana\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\aurif_000\AppData\Local\SweetLabs App Platform
[-] Folder deleted: C:\ProgramData\pokki
[#] Folder deleted on reboot: C:\ProgramData\Pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Pokki
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File deleted: C:\Users\aurif_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKU\S-1-5-21-2336691969-2313138545-3035424032-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2286 Bytes] - [13/09/2016 18:32:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [2595 Bytes] - [12/09/2016 18:07:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [2492 Bytes] - [13/09/2016 18:28:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2505 Bytes] ##########


#13 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 13 September 2016 - 04:22 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/09/2016
Scan Time: 6:47 PM
Logfile: mbam1.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.13.04
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Silvana
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346369
Time Elapsed: 17 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 13 September 2016 - 04:50 PM

Hi Ben :)

 

Does you machine still have the same issues? Has anything changed?

 

Let me know if you have any questions.

 

polskamachina



#15 Aurifex

Aurifex
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 14 September 2016 - 01:37 AM

Hi polskamachina,

 

Machine is much better, Issues seem to be gone.

 

I do have question.

my start menu on task bar no longer works. the house icon. is it possible to get it back?

 

 

Thank you Thank you thanks you

 

Ben

 


Edited by Aurifex, 14 September 2016 - 01:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users