Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

system/applications running slow

This is a discussion on system/applications running slow within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello TSF. My laptop is running extremely slowly. Starting up from ShutDown or from Sleep takes awhile longer than usual,


 
 
Thread Tools Search this Thread
Old 12-26-2017, 06:47 AM   #1
Registered Member
 
Join Date: May 2009
Location: Toronto, Canada
Posts: 46
OS: Windows 7



Hello TSF.

My laptop is running extremely slowly. Starting up from ShutDown or from Sleep takes awhile longer than usual, and opening any programs/applications is very, very slow. After I've been using the computer for awhile it runs better, but is still very sluggish.

I have done chkdsk, degrag, cleaned out programs (CCleaner) -- nothing has helped. The problems started shortly after I downloaded Inkster, a graphic manipulation software. I have removed that software but it had no effect. I added extra RAM to this computer a few months ago, so that's not the problem.

Below is the DDS report along with the attachment.

Thank you very much for your help with this situation.


Stephan Borau



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18838
Run by Andre at 9:24:39 on 2017-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7781.3918 [GMT -5:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\LPlatSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\LPlatSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
uSearch Bar = Bing
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
TB: <No Name>: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - LocalServer32 - <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe -update pepperplugin
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRunOnce: [SBrowserCheck] "C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe" /s /run_source=av_update /runonce /cgid 101
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-31.10.2-20000/training/ieatgpc1.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96}\24F6271657 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96}\4427F6F6A797E65647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96}\C496E64616F526723702E4564777F627B6 : DHCPNameServer = 10.0.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL
x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ResetACGauge] C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe /RESETACGAUGEREG
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\jffj5ocl.default-1396227097373-1513997583852\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login?.src=rog&.intl=ca&.lang=en-CA&.done=https%3A%2F%2Fca.rogers.yahoo.com&.partner=rogers-acs
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Users\Andre\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_26_0_0_131.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\Windows\System32\drivers\aswbidsha.sys [2017-3-17 198968]
R0 aswblog;aswblog;C:\Windows\System32\drivers\aswbloga.sys [2017-3-17 343288]
R0 aswbuniv;aswbuniv;C:\Windows\System32\drivers\aswbuniva.sys [2017-3-17 57728]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-8 84416]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2014-4-8 364464]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-6 19224]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-1-29 29496]
R1 aswArPot;aswArPot;C:\Windows\System32\drivers\aswArPot.sys [2017-11-21 183584]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-3-17 321032]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-4-8 41832]
R1 aswNetSec;aswNetSec;C:\Windows\System32\drivers\aswNetSec.sys [2016-2-13 570152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-8 1026232]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-8 455376]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2257016]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-8 148288]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-8 203976]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-11-21 281416]
R2 avast! Firewall;Avast Firewall Service;C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-11-21 332368]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-7-23 7760552]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-8-10 201376]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-6-1 169776]
R2 FoxitReaderService;Foxit Reader Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-11-24 1659456]
R2 FPLService;TrueSuiteService;C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2013-8-7 2139944]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-8-19 100864]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-6-1 129848]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-1 163608]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-7-8 58712]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-7-6 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-7-8 73048]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-27 133992]
R2 LPlatSvc;Lenovo Platform Service;C:\Windows\System32\LPlatSvc.exe [2017-2-20 711248]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-7-6 124400]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2014-7-6 126512]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-11-21 7549928]
R3 aswNetNd6;Avast Firewall NDIS6 Helper;C:\Windows\System32\drivers\aswNetNd6.sys [2017-7-12 38152]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-7-6 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-7-6 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-6 356632]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-6 789272]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-1 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-6 849992]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-6-1 879760]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-7-6 33008]
R3 SuperIO;Lenovo ASD HWM Driver;C:\Windows\System32\drivers\spio.sys [2009-6-5 11848]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-7-22 401704]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-8-30 103552]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-8-30 124024]
S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\System32\drivers\hcw10cir.sys [2012-8-10 46080]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 aswHdsKe;aswHdsKe;C:\Windows\System32\drivers\aswHdsKe.sys [2017-3-29 85552]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 47008]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-6-1 70416]
S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\System32\drivers\hcw10bda.sys [2012-8-10 632704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-11-15 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2014-7-6 533760]
S3 LSC.Services.SystemService;Lenovo Solution Center System Service;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [2016-6-2 273232]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-12-27 1669920]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-12-27 1664800]
S3 semav6msr64;semav6msr64;C:\Windows\System32\drivers\semav6msr64.sys [2016-8-16 21984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-12-23 15:25:36 334488 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2017-12-19 01:56:20 -------- d-----w- C:\Users\Andre\AppData\Local\ElevatedDiagnostics
2017-12-19 00:07:03 21160 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.en-us.dll
2017-12-18 11:57:42 -------- d-----w- C:\Program Files (x86)\Auslogics
2017-12-18 11:57:35 -------- d-----w- C:\ProgramData\Auslogics
2017-12-08 03:44:16 460456 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-12-08 03:44:06 29864 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-12-08 03:40:22 208040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-12-06 15:32:13 -------- d-----w- C:\Program Files\Common Files\Avast Software
2017-12-04 04:44:08 87728 ----a-w- C:\Windows\System32\vcruntime140.dll
2017-12-04 04:44:08 641696 ----a-w- C:\Windows\System32\msvcp140.dll
2017-12-04 04:44:08 389296 ----a-w- C:\Windows\System32\vccorlib140.dll
2017-12-04 04:44:08 331432 ----a-w- C:\Windows\System32\concrt140.dll
2017-12-04 04:38:22 263856 ----a-w- C:\Windows\SysWow64\vccorlib140.dll
2017-12-04 04:38:20 83792 ----a-w- C:\Windows\SysWow64\vcruntime140.dll
2017-12-04 04:38:20 440128 ----a-w- C:\Windows\SysWow64\msvcp140.dll
2017-12-04 04:38:20 242496 ----a-w- C:\Windows\SysWow64\concrt140.dll
.
==================== Find3M ====================
.
2017-11-22 21:10:02 127017032 -c--a-w- C:\Windows\System32\MRT-KB890830.exe
2017-11-22 00:46:32 84416 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2017-11-22 00:46:32 47008 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2017-11-22 00:46:32 364464 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2017-11-22 00:46:32 203976 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2017-11-22 00:46:32 183584 ----a-w- C:\Windows\System32\drivers\aswArPot.sys
2017-11-22 00:46:32 148288 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2017-11-22 00:46:31 110376 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2017-11-22 00:46:03 1026232 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2017-11-22 00:45:58 570152 ----a-w- C:\Windows\System32\drivers\aswNetSec.sys
2017-11-22 00:45:56 57728 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-11-22 00:45:56 343288 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-11-22 00:45:56 321032 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-11-22 00:45:56 198968 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-10-18 0257 344064 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2017-10-18 0246 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2017-10-18 0240 56320 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2017-10-18 0240 327168 ----a-w- C:\Windows\System32\drivers\usbport.sys
2017-10-18 0239 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2017-10-18 0237 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2017-10-18 0235 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2017-10-16 23:07:21 1680616 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2017-10-16 22:34:01 3222528 ----a-w- C:\Windows\System32\win32k.sys
2017-10-16 21:55:15 339968 ----a-w- C:\Windows\SysWow64\msexcl40.dll
2017-10-14 08:23:45 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-10-14 08:23:37 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-10-14 08:12:05 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-10-14 08:11:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-10-14 08:11:27 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-10-14 08:11:27 417792 ----a-w- C:\Windows\System32\html.iec
2017-10-14 08:11:00 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-10-14 08:09:27 5979648 ----a-w- C:\Windows\System32\jscript9.dll
2017-10-14 08:01:18 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-10-14 08:01:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-10-14 08:00:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-10-14 07:55:55 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-10-14 07:47:21 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-10-14 07:47:00 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-10-14 07:28:00 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-10-14 07:27:51 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-10-14 07:21:58 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-10-14 07:03:12 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-10-14 06:53:24 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-10-14 06:53:05 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-10-14 06:52:38 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-10-14 06:52:31 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-10-14 06:51:50 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-10-14 06:45:19 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-10-14 06:45:05 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-10-14 06:35:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-10-14 06:35:07 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-10-14 06:33:00 4542464 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-10-14 06:23:38 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-10-14 06:23:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-10-14 06:10:41 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-10-12 00:58:25 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-10-12 00:40:31 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-10-12 00:39:11 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-10-12 00:38:44 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-10-12 00:38:15 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-10-12 00:26:21 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-10-12 00:26:07 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-10-12 00:25:47 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-10-12 00:25:28 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2017-10-12 00:24:38 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2017-10-12 00:24:37 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2017-10-12 00:20:09 113152 ----a-w- C:\Windows\System32\drivers\luafv.sys
2017-10-12 00:16:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 9:25:13.58 ===============
Attached Files
File Type: txt attach.txt (8.0 KB, 12 views)
sborau is offline  
Sponsored Links
Advertisement
 
Old 12-26-2017, 12:34 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Are you aware you have no System Restore Points?

Did you disable System Restore? If it is disabled, are you able to turn it back on?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-26-2017, 07:03 PM   #3
Registered Member
 
Join Date: May 2009
Location: Toronto, Canada
Posts: 46
OS: Windows 7



Hello chemist.

Thank you for your support with my situation.

I did notice there was no restore point -- I did attempt to restore my system and found out it was not an option. I don't know why there are no restore points. I did set one for today.

Here are the reports for Adwcleaner and Farbar Recovery Tool:


# AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 26 23:37:39 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-26-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Andre\AppData\Local\VirtualStore\Program Files (x86)\otshot
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Application Data\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Program Files (x86)\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Windows\SysNative\Tasks\Auslogics
PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\System32\lavasofttcpservice.dll
PUP.Optional.Legacy, C:\Windows\SysWOW64\lavasofttcpservice.dll
PUP.Optional.Legacy, C:\Windows\SysNative\LavasoftTcpService64.dll
PUP.Optional.Legacy, C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\b7lt604j.default\searchplugins\yahoo_ff.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Auslogics, Auslogics\BoostSpeed\Scan and Repair


***** [ Registry ] *****

PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-CBF4ABB4456D}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-863B4A40A1A1}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-3E73B9855F90}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\TYPELIB\{F2C6F7D1-ED32-49E5-9919-00DB857103B2}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\INTERFACE\{6855F0CE-00B1-483F-8633-33B650EE4310}
PUP.Optional.AuslogicsBoostSpeed, [Key] - HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes | URL
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes | SuggestionsURL_JSON
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\SearchScopes | URL
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\SearchScopes | SuggestionsURL_JSON
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\SearchScopes | URL
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\SearchScopes | SuggestionsURL_JSON
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\DownLite
PUP.Optional.Legacy, [Key] - HKCU\Software\DownLite
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitSearchProtect
PUP.Optional.Uniblue, [Key] - HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\UniblueDriverScanner
PUP.Optional.Auslogics, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
PUP.Optional.WebWatcher, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2666 B] - [2014/4/1 0:18:30]
C:/AdwCleaner/AdwCleaner[S1].txt - [1101 B] - [2014/4/1 0:52:35]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########





Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Andre (administrator) on STEPHANANDLINDA (26-12-2017 18:38:12)
Running from C:\Users\Andre\Desktop
Loaded Profiles: Andre (Available Profiles: Andre)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Adobe\Adobe Captivate 9 x64\CPCefHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [ResetACGauge] => C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [147456 2014-03-14] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-21] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LenovoFSC] => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-06-25] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2017-11-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [1286656 2017-09-13] (Adobe Systems Incorporated)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
CHR HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{92F673CE-E11E-4426-ADF8-302E64838A96}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/
HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP59E9AE25-F41B-407D-91D5-ED835B842385&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.ca/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA491
SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_cnet_150317&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> {F1DFEC00-A055-40F7-99CC-833BEB01DD22} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-18] (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-21] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-12-18] (Microsoft Corporation)
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-21] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-12-18] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-31.10.2-20000/training/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL No File

FireFox:
========
FF DefaultProfile: jffj5ocl.default-1396227097373-1513997583852
FF ProfilePath: C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\jffj5ocl.default-1396227097373-1513997583852 [2017-12-26]
FF Homepage: Mozilla\Firefox\Profiles\jffj5ocl.default-1396227097373-1513997583852 -> hxxps://login.yahoo.com/config/login?.src=rog&.intl=ca&.lang=en-CA&.done=https%3A%2F%2Fca.rogers.yahoo.com&.partner=rogers-acs
FF Extension: (Avast SafePrice) - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\jffj5ocl.default-1396227097373-1513997583852\Extensions\[email protected] [2017-12-24]
FF Extension: (Avast Online Security) - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\jffj5ocl.default-1396227097373-1513997583852\Extensions\[email protected] [2017-11-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-23] ()
FF Plugin-x32: @Adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2013-08-07] (AuthenTec, Inc)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-4014854054-1783419796-1492105317-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Andre\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-18] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://ca.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://www.youtube.com/"
CHR DefaultSearchURL: Default -> hxxps://classic.startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=opensearch&language=english
CHR DefaultSearchKeyword: Default -> classic.startpage.com
CHR Profile: C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default [2017-12-26]
CHR Extension: (Anti Miner - No 1 Coin Minerblock) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\abgnbkcdbiafipllamhhmikhgjolhdaf [2017-11-19]
CHR Extension: (Docs) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (Screen Capture, Screenshot & Record - Bukket ) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkknpjjkdiodnjnkkabgnkfdhcokden [2017-10-27]
CHR Extension: (YouTube) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Avast SafePrice) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Clear Session) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\maejjihldgmkjlfmgpgoebepjchengka [2017-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-21] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [332368 2017-11-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-06-06] (Freemake) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711248 2017-02-20] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2012-02-06] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-21] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-21] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-21] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [85552 2017-03-29] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-21] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-12] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [570152 2017-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-21] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-21] (AVAST Software)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
S3 hcw10bda; C:\Windows\System32\drivers\hcw10bda.sys [632704 2010-09-27] (Hauppauge Computer Works, Inc.)
S2 hcw10cir; C:\Windows\System32\drivers\hcw10cir.sys [46080 2010-05-10] (Hauppauge Computer Works, Inc.)
S0 hzgqpf; no ImagePath
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-26] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-12-07] (Duplex Secure Ltd.)
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [334488 2017-10-17] (Trend Micro Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S0 zlnimc; no ImagePath
S0 zvijcv; no ImagePath
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 18:38 - 2017-12-26 18:46 - 000029671 _____ C:\Users\Andre\Desktop\FRST.txt
2017-12-26 18:38 - 2017-12-26 18:38 - 000000000 ____D C:\FRST
2017-12-26 18:37 - 2017-12-26 18:37 - 000007721 _____ C:\Users\Andre\Desktop\AdwCleaner[S2].txt
2017-12-26 18:35 - 2017-12-26 18:35 - 002391552 _____ (Farbar) C:\Users\Andre\Desktop\FRST64.exe
2017-12-26 18:34 - 2017-12-26 18:34 - 008172032 _____ (Malwarebytes) C:\Users\Andre\Desktop\AdwCleaner.exe
2017-12-26 09:25 - 2017-12-26 09:25 - 000030097 _____ C:\Users\Andre\Desktop\dds.txt
2017-12-26 09:25 - 2017-12-26 09:25 - 000008215 _____ C:\Users\Andre\Desktop\attach.txt
2017-12-26 09:21 - 2017-12-26 09:24 - 000688992 ____R (Swearware) C:\Users\Andre\Desktop\dds.scr
2017-12-23 22:01 - 2017-12-23 22:01 - 000791609 _____ C:\Users\Andre\AppData\Local\census.cache
2017-12-23 21:59 - 2017-12-23 21:59 - 000277074 _____ C:\Users\Andre\AppData\Local\ars.cache
2017-12-23 11:07 - 2017-12-23 18:10 - 000000010 _____ C:\Users\Andre\AppData\Local\sponge.last.runtime.cache
2017-12-23 11:04 - 2017-12-23 11:04 - 000000033 _____ C:\Users\Andre\Desktop\Ending Corporate Governance.txt
2017-12-23 10:25 - 2017-12-23 10:25 - 000000036 _____ C:\Users\Andre\AppData\Local\housecall.guid.cache
2017-12-23 10:25 - 2017-10-17 11:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-12-23 10:24 - 2017-12-23 10:25 - 002527376 _____ (Trend Micro Inc.) C:\Users\Andre\Desktop\HousecallLauncher64.exe
2017-12-22 21:56 - 2017-12-22 21:56 - 000000000 ____D C:\Users\Andre\Desktop\Old Firefox Data
2017-12-18 20:56 - 2017-12-22 21:03 - 000000000 ____D C:\Users\Andre\AppData\Local\ElevatedDiagnostics
2017-12-18 07:05 - 2017-12-18 07:05 - 002001544 _____ C:\Users\Andre\Desktop\pc-decrapifier-3.0.1.exe
2017-12-18 07:04 - 2017-12-18 07:04 - 000001277 _____ C:\Users\Andre\Desktop\Auslogics BoostSpeed 10.lnk
2017-12-18 07:04 - 2017-12-18 07:04 - 000000000 ____D C:\Windows\System32\Tasks\Auslogics
2017-12-18 06:57 - 2017-12-18 07:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-12-18 06:57 - 2017-12-18 07:04 - 000000000 ____D C:\ProgramData\Auslogics
2017-12-18 06:57 - 2017-12-18 07:04 - 000000000 ____D C:\Program Files (x86)\Auslogics
2017-12-18 06:57 - 2017-12-18 06:57 - 000001415 _____ C:\Users\Andre\Desktop\Auslogics Duplicate File Finder.lnk
2017-12-11 21:19 - 2017-12-11 21:19 - 000768943 _____ C:\Users\Andre\Desktop\Okichitaw Red Belt.pptx
2017-12-06 22:05 - 2017-12-06 22:05 - 000000336 _____ C:\Users\Andre\Desktop\okichitaw text.txt
2017-12-06 10:32 - 2017-12-06 10:32 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-05 21:59 - 2017-12-05 21:59 - 000024513 _____ C:\Users\Andre\AppData\Local\recently-used.xbel
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-11-26 20:42 - 2017-11-26 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-11-26 20:37 - 2017-11-26 20:38 - 087434623 _____ C:\Users\Andre\Downloads\kodi-17.3-Krypton-armeabi-v7a.apk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-26 18:44 - 2017-01-18 12:59 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4014854054-1783419796-1492105317-1000.job
2017-12-26 18:37 - 2014-03-31 19:16 - 000000000 ____D C:\AdwCleaner
2017-12-26 18:28 - 2012-07-07 02:34 - 000000000 ____D C:\Users\Andre\AppData\Local\Adobe
2017-12-26 18:27 - 2017-01-18 12:59 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4014854054-1783419796-1492105317-1000.job
2017-12-26 17:56 - 2017-01-30 08:52 - 000000000 ____D C:\Users\Andre\Documents\Adobe Captivate Cached Projects
2017-12-26 17:47 - 2009-07-13 23:45 - 000031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-26 17:47 - 2009-07-13 23:45 - 000031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-26 17:42 - 2017-01-30 08:51 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-12-26 17:32 - 2016-11-21 13:39 - 000000000 ____D C:\Users\Andre\AppData\LocalLow\Mozilla
2017-12-26 08:07 - 2017-03-17 20:22 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-12-26 08:07 - 2012-06-01 20:31 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-12-25 10:30 - 2009-07-14 00:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-25 10:30 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-23 10:13 - 2017-07-11 11:50 - 000000000 ____D C:\Users\Andre\AppData\Local\GoToMeeting
2017-12-22 22:10 - 2017-01-18 12:59 - 000003670 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4014854054-1783419796-1492105317-1000
2017-12-22 22:10 - 2017-01-18 12:59 - 000003574 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4014854054-1783419796-1492105317-1000
2017-12-22 22:10 - 2012-06-28 10:06 - 000000000 ____D C:\Users\Andre
2017-12-20 19:32 - 2014-03-18 19:59 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-20 19:18 - 2017-07-23 20:06 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-20 19:13 - 2017-07-23 19:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-18 16:38 - 2012-06-28 10:06 - 000000000 ____D C:\Users\Andre\AppData\LocalLow\AuthenTec
2017-12-18 16:38 - 2012-06-01 20:31 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-12-18 16:37 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-18 15:12 - 2016-11-21 13:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-18 15:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\security
2017-12-18 15:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Resources
2017-12-18 15:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2017-12-18 10:41 - 2015-02-16 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2017-12-18 10:41 - 2013-12-29 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2017-12-18 10:41 - 2012-08-19 22:12 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
2017-12-18 10:40 - 2014-03-07 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-12-18 07:02 - 2017-08-18 20:24 - 000000000 ____D C:\Users\Andre\Documents\Free YouTube Downloader
2017-12-17 21:49 - 2015-02-28 21:53 - 000000000 ____D C:\Users\Andre\AppData\Roaming\Kodi
2017-12-17 21:49 - 2012-08-09 20:47 - 000000000 ____D C:\Users\Andre\AppData\Local\CrashDumps
2017-12-15 09:44 - 2017-11-06 10:42 - 000000000 ____D C:\Users\Andre\Desktop\projects
2017-12-14 22:14 - 2017-11-10 21:15 - 000000000 ____D C:\Users\Andre\Desktop\Elearning Okichitaw
2017-12-12 13:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-12 12:42 - 2017-10-02 20:42 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-12 12:42 - 2014-03-16 09:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-11 21:32 - 2015-05-08 21:29 - 000000000 ____D C:\Users\Andre\AppData\Local\Articulate
2017-12-11 21:28 - 2015-05-08 21:28 - 000000000 ____D C:\Users\Andre\AppData\Roaming\Articulate
2017-12-06 10:32 - 2015-12-03 19:28 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-12-05 22:01 - 2012-08-19 22:13 - 000000000 ____D C:\Users\Andre\.gimp-2.8
2017-12-04 13:33 - 2013-12-25 22:06 - 000000000 ____D C:\Users\Andre\AppData\Roaming\Skype
2017-12-04 11:01 - 2013-12-25 22:06 - 000000000 ____D C:\ProgramData\Skype
2017-11-26 20:42 - 2015-02-28 21:48 - 000000000 ____D C:\Program Files (x86)\Kodi

==================== Files in the root of some directories =======

2012-06-28 10:06 - 2013-11-01 18:25 - 000008434 _____ () C:\Users\Andre\AppData\Roaming\AbsoluteReminder.xml
2013-09-02 20:07 - 2013-09-02 20:07 - 000000268 ___RH () C:\Users\Andre\AppData\Roaming\Sync Schema
2012-08-20 21:02 - 2012-08-20 21:02 - 000033134 _____ () C:\Users\Andre\AppData\Roaming\UserTile.png
2017-12-23 21:59 - 2017-12-23 21:59 - 000277074 _____ () C:\Users\Andre\AppData\Local\ars.cache
2017-12-23 22:01 - 2017-12-23 22:01 - 000791609 _____ () C:\Users\Andre\AppData\Local\census.cache
2017-12-23 10:25 - 2017-12-23 10:25 - 000000036 _____ () C:\Users\Andre\AppData\Local\housecall.guid.cache
2017-12-05 21:59 - 2017-12-05 21:59 - 000024513 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2013-11-25 21:18 - 2017-10-15 10:03 - 000007600 _____ () C:\Users\Andre\AppData\Local\Resmon.ResmonCfg
2017-12-23 11:07 - 2017-12-23 18:10 - 000000010 _____ () C:\Users\Andre\AppData\Local\sponge.last.runtime.cache
2015-04-10 21:42 - 2015-04-10 21:42 - 000000032 RSHOT () C:\Users\Andre\AppData\Local\t70rc.dat
2016-08-01 19:18 - 2016-08-01 19:18 - 000000000 _____ () C:\Users\Andre\AppData\Local\{F84C1064-20D6-487D-923B-B9DD6A1A9AF3}

Some zero byte size files/folders:
==========================
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-10 16:44

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (50.7 KB, 7 views)
sborau is offline  
Sponsored Links
Advertisement
 
Old 12-27-2017, 05:39 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello sborau. I'm not seeing anything malicious here, so any problem is beyond malware.

And, if Inkster was your problem, I'm not seeing any remnants of it yet.

You may need to seek help in one of our other forums.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/window...-windows-7.htm

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    CustomCLSID: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Andre\AppData\Local\Citrix\GoToMeeting\7155\G2MOutlookAddin64.dll => No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"]         -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"]         -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"]         -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"]         -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"]         -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"]         -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"]         -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"]         -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
    ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
    AlternateDataStreams: C:\Users\Andre\Downloads:Shareaza.GUID [16]
    FirewallRules: [{418E0C2E-208E-4C91-B01B-1330108F020D}] => (Allow) C:\Users\Andre\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
    FirewallRules: [{D5A8877B-7AD1-44E4-98BC-F836D50C618A}] => (Allow) C:\Users\Andre\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
    FirewallRules: [{BA216FC3-0C56-4119-96FE-CECC81031D1A}] => (Allow) C:\Users\Andre\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
    CHR HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP59E9AE25-F41B-407D-91D5-ED835B842385&q={searchTerms}&SSPV=
    BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll => No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL No File
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    C:\Windows\System32\dlumd10.dll
    C:\Windows\System32\dlumd11.dll
    C:\Windows\System32\dlumd9.dll
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    S0 hzgqpf; no ImagePath
    S0 zlnimc; no ImagePath
    S0 zvijcv; no ImagePath
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :regfind
    inkster
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-28-2017, 05:42 AM   #5
Registered Member
 
Join Date: May 2009
Location: Toronto, Canada
Posts: 46
OS: Windows 7



Hello chemist.

Here is the Fixlog, followed by the SystemLook log:


Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Andre (28-12-2017 08:25:12) Run:1
Running from C:\Users\Andre\Desktop\New folder
Loaded Profiles: Andre (Available Profiles: Andre)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Andre\AppData\Local\Citrix\GoToMeeting\7155\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\Andre\Downloads:Shareaza.GUID [16]
FirewallRules: [{418E0C2E-208E-4C91-B01B-1330108F020D}] => (Allow) C:\Users\Andre\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{D5A8877B-7AD1-44E4-98BC-F836D50C618A}] => (Allow) C:\Users\Andre\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{BA216FC3-0C56-4119-96FE-CECC81031D1A}] => (Allow) C:\Users\Andre\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
CHR HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP59E9AE25-F41B-407D-91D5-ED835B842385&q={searchTerms}&SSPV=
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-4014854054-1783419796-1492105317-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S0 hzgqpf; no ImagePath
S0 zlnimc; no ImagePath
S0 zvijcv; no ImagePath
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-4014854054-1783419796-1492105317-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}" => removed successfully
"HKU\S-1-5-21-4014854054-1783419796-1492105317-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File => Error: No automatic fix found for this entry.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}" => removed successfully
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
C:\Users\Andre\Downloads => ":Shareaza.GUID" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{418E0C2E-208E-4C91-B01B-1330108F020D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5A8877B-7AD1-44E4-98BC-F836D50C618A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA216FC3-0C56-4119-96FE-CECC81031D1A}" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => removed successfully
"HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKU\S-1-5-21-4014854054-1783419796-1492105317-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => removed successfully
"HKLM\Software\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Filter\text/xml" => removed successfully
"HKLM\Software\Classes\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
"HKLM\Software\MozillaPlugins @divx.com/DivX VOD Helper,version=1.0.0" => removed successfully
"HKLM\Software\MozillaPlugins @microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins @divx.com/DivX VOD Helper,version=1.0.0" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins @divx.com/DivX Web Player Plug-In,version=1.0.0" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins @microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins @microsoft.com/WLPG,version=15.4.3502.0922" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins @microsoft.com/WLPG,version=15.4.3508.1109" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins @microsoft.com/WLPG,version=15.4.3555.0308" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
C:\Windows\System32\dlumd10.dll => moved successfully
C:\Windows\System32\dlumd11.dll => moved successfully
C:\Windows\System32\dlumd9.dll => moved successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\System\CurrentControlSet\Services\hzgqpf" => removed successfully
hzgqpf => service removed successfully
"HKLM\System\CurrentControlSet\Services\zlnimc" => removed successfully
zlnimc => service removed successfully
"HKLM\System\CurrentControlSet\Services\zvijcv" => removed successfully
zvijcv => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9289481 B
Java, Flash, Steam htmlcache => 587 B
Windows/system/drivers => 375775027 B
Edge => 0 B
Chrome => 181569906 B
Firefox => 19352124 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 478985 B
LocalService => 16384 B
NetworkService => 0 B
Andre => 365722664 B




SystemLook 30.07.11 by jpshortstuff
Log created at 08:29 on 28/12/2017 by Andre
Administrator - Elevation successful

========== regfind ==========

Searching for "inkster"
No data found.

-= EOF =-
sborau is offline  
Old 12-28-2017, 12:53 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, sborau. Any improvement in behavior?

------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-29-2017, 05:23 PM   #7
Registered Member
 
Join Date: May 2009
Location: Toronto, Canada
Posts: 46
OS: Windows 7



Hello chemist.

A very, very slow scan. The first scan went on for 11.5 hrs before I went to bed. I woke up and the program had shut itself down. I did another scan -- went quicker, but after several hrs I wasn't at the computer when it finished and it was shut down when I returned.

I did another scan and after about 7.5 hrs I stopped it (about 90% completed) and below is the log of the 4 threats/infected files. I just downloaded Auslogics software a day or so before I contacted TSF, and the computer has been very slow for a few weeks.



C:\$RECYCLE.BIN\S-1-5-21-4014854054-1783419796-1492105317-1000\$RFPHIOJ.exe a variant of Win32/Auslogics.B potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-4014854054-1783419796-1492105317-1000\$ROCPG2X.exe a variant of Win32/Auslogics.J potentially unwanted application
C:\Program Files (x86)\Auslogics\BoostSpeed\RegistryCleaner.exe a variant of Win32/Auslogics.B potentially unwanted application
C:\Program Files (x86)\Auslogics\Duplicate File Finder\Setup\SetupCustom.dll a variant of Win32/Auslogics.J potentially unwanted application
sborau is offline  
Old 12-30-2017, 12:33 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, sborau. Those ESET finds are just potentially unwanted applications.

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Unfortunately, as I said before, your problem is beyond malware. Nothing I can do for you here.

I suggest you seek expert advice in our Windows Vista/Windows 7 Support Forum

Let them know you were here first and were cleared of malware.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-30-2017, 08:06 PM   #9
Registered Member
 
Join Date: May 2009
Location: Toronto, Canada
Posts: 46
OS: Windows 7



Hello Chemist.

Thank you very much for your time and effort. I appreciate the tips.

I will look into the Windows 7 Support Forum.

Thank you again for your help.

All the best for a grand 2018.


Stephan Borau
sborau is offline  
Old 12-31-2017, 03:35 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web pages disappearing
I wonder if anyone else is having or had this problem, I am running win 10 on my laptop and strange things are happening for example when I am in FB and start typing a comment suddenly I get another website coming up in the Laptop or if I playing a game like "hearts of vegas" it will suddenly...
brobilly52 Windows 10 Support 15 04-11-2017 01:37 AM
so much ram
my computer is using 15.7/16 gb of ram for no reason. I'm just browsing the web and I got 15.7/16 gb of ram being used. Nothing showing in task manager as being high
Eject Windows 10 Support 21 10-07-2015 02:04 PM
bsod help
HI there, can you please help me figure out what is causing a bsod, i have ran speccy to get as much info about the system as possible (i hope this is ok?) i have attached a rar of the minidump. I could only find a sticky for bsod instructions for vista/7, if there is one for xp can you...
dunz BSOD, App Crashes And Hangs 4 02-02-2012 10:17 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:36 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts