Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Virus hijacked admin rights

This is a discussion on Virus hijacked admin rights within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hey all, Working on my father's computer here. He seems to have acquired a virus that seems to have locked


Closed Thread
 
Thread Tools Search this Thread
Old 07-31-2015, 05:47 PM   #1
Registered Member
 
Join Date: Jul 2015
Posts: 1
OS: 8.1 64-bit



Hey all,

Working on my father's computer here. He seems to have acquired a virus that seems to have locked down his account. Most software cannot be run, with the message that a "System administrator has blocked this program".

However, he is the sole user of the computer, and his account was previously an administrator. dds.scr was blocked, as was Adwcleaner. CKScanner and Addition.txt from Farbar are attached, and here is the results from Farbar scan:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by j (ATTENTION: The logged in user is not administrator) on OFFICE (31-07-2015 20:33:35)
Running from C:\Users\j\Downloads
Loaded Profiles: j (Available Profiles: j & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\j\Downloads\CKScanner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1069008 2015-04-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5214632 2015-07-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [66592 2014-06-18] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [2087968 2014-06-18] (Prosoftnet)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [cdloader] => C:\Users\j\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [GoogleChromeAutoLaunch_C0A832FBA3DE88C6BCC073377A7A221F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [IDriveE Startup] => C:\Program Files (x86)\IDriveWindows\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [EZBack-it-up Tray Scheduler] => C:\Program Files (x86)\EZBackitup\EZBkuptray.exe [631808 2004-06-03] (Rob Decker)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\RunOnce: [731_20217191549542] => C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat [315 2015-07-31] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-04-23] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-06-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk [2015-07-10]
ShortcutTarget: IDrive Tray.lnk -> C:\Program Files (x86)\IDriveWindows\IDriveEReg2ini.exe (Pro Softnet Corp.)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2014-06-07]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2014-06-17]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-632300625-746590880-1275724836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-632300625-746590880-1275724836-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo
SearchScopes: HKLM -> DefaultScope {FBA36C0E-C9FF-4FD4-8CAA-B9AA29E57530} URL =
SearchScopes: HKU\S-1-5-21-632300625-746590880-1275724836-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={7467A24A-5B2C-4180-8D92-E720EAD0F19B}&mid=1bdba7c42b7f47d29d3fa56eac2caf71-ebf86914f6fb165e48b0cd37ac6633f0732966a8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-15 07:27:40&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-10] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-10] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-10] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-10] (LastPass)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2679E3FB-136B-48B7-B542-56F601391BA8}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\awp1ujr3.default
FF SelectedSearchEngine: Taplika
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-06-16] (LastPass)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components Test\npIPcam.dll [2014-02-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-06-16] (LastPass)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2014-09-26] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-632300625-746590880-1275724836-1001: electronicarts.com/GameFacePlugin -> C:\Users\j\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Extension: LastPass - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\awp1ujr3.default\Extensions\[email protected] [2015-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
CHR Extension: (Google Search) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
CHR Extension: (Gmail) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-03] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-03] (AVG Technologies CZ, s.r.o.)
S2 BlueIris; C:\Program Files\Blue Iris 4\BlueIrisService.exe [59776 2014-09-03] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [713736 2015-04-23] (Garmin Ltd. or its subsidiaries)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 IDriveE Service; C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe [158264 2013-05-20] (Pro Softnet Corporation)
S2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [95776 2014-06-18] (Prosoftnet)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5808432 2015-06-24] (MediaMall Technologies, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\j\AppData\Local\Temp\7zS51F9\hpslpsvc64.dll [X]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [287208 2015-05-27] (AVG Technologies CZ, s.r.o.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
S3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 20:33 - 2015-07-31 20:34 - 00023841 _____ C:\Users\j\Downloads\FRST.txt
2015-07-31 20:33 - 2015-07-31 20:33 - 02168832 _____ (Farbar) C:\Users\j\Downloads\FRST64.exe
2015-07-31 20:33 - 2015-07-31 20:33 - 00000000 ____D C:\FRST
2015-07-31 20:32 - 2015-07-31 20:32 - 02248704 _____ C:\Users\j\Downloads\AdwCleaner.exe
2015-07-31 20:32 - 2015-07-31 20:32 - 00468480 _____ () C:\Users\j\Downloads\CKScanner.exe
2015-07-31 20:30 - 2015-07-31 20:30 - 00688992 _____ (Swearware) C:\Users\j\Downloads\dds.scr
2015-07-31 20:15 - 2015-07-31 20:15 - 00000315 _____ C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat
2015-07-31 20:02 - 2015-07-31 20:02 - 01615168 _____ (LogMeIn, Inc.) C:\Users\j\Downloads\Support-LogMeInRescue.exe
2015-07-31 19:50 - 2015-07-31 19:51 - 183711512 _____ (Microsoft Corporation) C:\Users\j\Downloads\msert.exe
2015-07-31 19:49 - 2015-07-31 19:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\j\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-31 19:42 - 2015-07-31 19:42 - 02248704 _____ C:\Users\j\Downloads\adwcleaner_4.208.exe
2015-07-31 19:41 - 2015-07-31 19:41 - 00000262 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8CB6995E-A826-42E6-B9D7-94360B684D0B}.job
2015-07-31 19:10 - 2015-07-31 19:11 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\j\Downloads\tdsskiller.exe
2015-07-31 19:07 - 2015-07-31 19:07 - 00380416 _____ C:\Users\j\Downloads\8zgxuf83.exe
2015-07-31 06:58 - 2015-07-31 06:58 - 08376008 _____ (Auslogics Labs Pty Ltd ) C:\Users\j\Downloads\fix-my-pc-setup.exe
2015-07-30 21:44 - 2015-07-30 21:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-30 21:44 - 2015-07-30 21:44 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-29 21:55 - 2015-07-29 21:55 - 00003094 _____ C:\WINDOWS\PFRO.log
2015-07-29 20:50 - 2015-07-29 20:50 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-29 20:50 - 2015-07-29 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-29 20:49 - 2015-07-29 20:50 - 00000000 ____D C:\Program Files\iTunes
2015-07-29 20:49 - 2015-07-29 20:49 - 00000000 ____D C:\Program Files\iPod
2015-07-29 20:49 - 2015-07-29 20:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-28 18:21 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-28 18:20 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-28 18:20 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-28 18:20 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-28 18:20 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-26 10:41 - 2015-07-26 10:41 - 03288464 _____ C:\Users\j\Downloads\tenorshare-card-data-recovery-trial345.exe
2015-07-26 08:44 - 2015-07-26 08:44 - 00000000 ____D C:\Users\j\AppData\Roaming\LG Electronics
2015-07-26 08:41 - 2015-07-26 08:41 - 00001233 _____ C:\Users\Public\Desktop\LG PC Suite.lnk
2015-07-26 08:41 - 2015-07-26 08:41 - 00000000 ____D C:\Users\j\AppData\Local\LG Electronics
2015-07-26 08:41 - 2015-07-26 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite
2015-07-26 08:39 - 2015-07-26 08:40 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2015-07-26 08:36 - 2015-07-26 08:39 - 235018224 _____ (LG Electronics) C:\Users\j\Downloads\LGPCSuite_Setup.exe
2015-07-20 15:42 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 15:42 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 15:42 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 15:42 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 09:16 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 09:16 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-14 15:02 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-14 15:02 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-14 15:02 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-14 15:02 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-14 15:02 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 15:02 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-14 15:02 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 15:02 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-14 15:02 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-14 15:02 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-14 15:02 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-14 15:02 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-14 15:02 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-14 15:02 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-14 15:02 - 2014-10-28 22:45 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2015-07-14 15:02 - 2014-10-28 22:00 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2015-07-14 15:02 - 2014-10-28 22:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
2015-07-14 15:02 - 2014-10-28 21:27 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EventAggregation.dll
2015-07-14 15:02 - 2014-10-28 21:27 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2015-07-14 15:02 - 2014-10-28 21:12 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-07-14 08:45 - 2015-07-31 08:02 - 00017916 _____ C:\WINDOWS\setupact.log
2015-07-14 08:45 - 2015-07-14 08:45 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-10 06:30 - 2015-07-10 06:30 - 09875096 _____ (ProSoftnet Corp ) C:\Users\j\Downloads\IDriveSetup.exe
2015-07-10 06:30 - 2015-07-10 06:30 - 00001995 _____ C:\Users\j\Desktop\IDrive.lnk
2015-07-10 06:30 - 2014-11-19 11:17 - 00000095 _____ C:\WINDOWS\SysWOW64\RegisterIDriveEDll.bat
2015-07-10 06:30 - 2014-11-19 11:16 - 00569368 _____ C:\WINDOWS\SysWOW64\olelib.tlb
2015-07-10 06:30 - 2014-11-19 11:16 - 00232960 _____ (Pro-SoftNet Corporation, USA) C:\WINDOWS\SysWOW64\IDrLocale.dll
2015-07-10 06:30 - 2014-11-19 11:16 - 00147130 _____ C:\WINDOWS\SysWOW64\CRYPT32.LIB
2015-07-10 06:30 - 2014-11-19 11:16 - 00117982 _____ C:\WINDOWS\SysWOW64\ADVAPI32.LIB
2015-07-10 06:30 - 2014-11-19 11:16 - 00026032 _____ C:\WINDOWS\SysWOW64\IDriveEXceedCryReg.exe
2015-07-10 06:30 - 2014-11-19 11:16 - 00022212 _____ C:\WINDOWS\SysWOW64\olelib2.tlb
2015-07-10 06:30 - 2014-11-19 11:16 - 00003841 _____ C:\WINDOWS\SysWOW64\server.pem
2015-07-10 06:30 - 2013-05-20 11:32 - 01342008 _____ (Pro Soft Net Corporation) C:\WINDOWS\SysWOW64\IDriveEService.dll
2015-07-07 13:15 - 2015-07-07 13:15 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk
2015-07-04 15:52 - 2015-07-04 15:52 - 00095087 _____ C:\Users\j\Downloads\[kat.cr]the.loft.2015.720p.hdrip.x264.cam.audio.cpg (1).torrent
2015-07-04 15:50 - 2015-07-04 15:50 - 00095087 _____ C:\Users\j\Downloads\[kat.cr]the.loft.2015.720p.hdrip.x264.cam.audio.cpg.torrent
2015-07-04 15:48 - 2015-07-04 15:48 - 00015633 _____ C:\Users\j\Downloads\[kat.cr]the.loft.torrent
2015-07-03 17:38 - 2015-07-03 17:38 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (5).exe
2015-07-03 17:38 - 2015-07-03 17:38 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (4).exe
2015-07-03 17:37 - 2015-07-03 17:37 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (3).exe
2015-07-03 17:37 - 2015-07-03 17:37 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (2).exe
2015-07-03 17:17 - 2015-07-03 17:17 - 01114376 _____ C:\Users\j\Downloads\FoscamWebComponents.zip
2015-07-03 17:17 - 2015-07-03 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foscam Web Components Test
2015-07-03 17:17 - 2015-07-03 17:17 - 00000000 ____D C:\Program Files (x86)\Foscam Web Components Test
2015-07-03 17:16 - 2015-07-03 17:16 - 01482168 _____ ( ) C:\Users\j\Downloads\IPCWebComponents (4).exe
2015-07-03 17:14 - 2015-07-03 17:14 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (1).exe
2015-07-03 14:02 - 2015-07-31 19:17 - 01674579 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 08:01 - 2015-07-01 08:01 - 01482168 _____ ( ) C:\Users\j\Downloads\IPCWebComponents (3).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 20:04 - 2014-06-05 21:21 - 00000000 ____D C:\Users\j\Documents\Outlook Files
2015-07-31 19:28 - 2013-12-17 11:35 - 00000000 ____D C:\Users\j\Documents\My Docs
2015-07-31 19:27 - 2014-03-18 06:03 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-31 19:17 - 2014-12-14 10:19 - 00000000 ____D C:\ProgramData\MediaMall
2015-07-31 19:17 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-31 19:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-31 18:50 - 2015-06-30 20:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-31 18:50 - 2015-06-30 20:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-31 18:19 - 2014-06-16 10:45 - 00000000 ____D C:\ProgramData\MFAData
2015-07-31 14:52 - 2015-06-28 14:52 - 00000408 _____ C:\WINDOWS\Tasks\MrFixer.job
2015-07-31 13:18 - 2015-06-25 07:18 - 00000370 _____ C:\WINDOWS\Tasks\ClickIt.job
2015-07-31 11:39 - 2015-06-30 19:39 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 96a11946-01fc-4223-9194-ea5968ca930d.job
2015-07-31 10:42 - 2014-12-03 11:42 - 00000270 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-07-31 07:53 - 2015-01-19 16:11 - 00001035 _____ C:\Users\j\Desktop\magicJack.lnk
2015-07-31 07:53 - 2015-01-19 16:11 - 00001021 _____ C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-07-31 07:53 - 2015-01-19 16:11 - 00000000 ____D C:\Users\j\AppData\Roaming\mjusbsp
2015-07-31 07:53 - 2014-06-19 20:50 - 00000000 ____D C:\Program Files (x86)\IDriveWindows
2015-07-31 07:53 - 2014-06-05 22:11 - 00000000 ___DO C:\Users\j\OneDrive
2015-07-31 07:52 - 2015-06-30 19:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-31 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-31 07:20 - 2014-06-09 12:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-31 07:10 - 2014-06-05 21:58 - 00000000 ____D C:\Users\j
2015-07-31 02:00 - 2015-06-30 19:39 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 088fb7b2-ad56-4284-bde7-c19b34bf0f48.job
2015-07-31 00:12 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-30 21:55 - 2015-06-28 15:07 - 00000000 ____D C:\Program Files\Blue Iris 4
2015-07-30 21:54 - 2013-08-22 10:44 - 00502280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-30 21:51 - 2014-06-05 20:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-30 21:50 - 2014-06-05 19:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-30 21:43 - 2015-01-03 13:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-30 21:43 - 2014-08-14 07:39 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-30 21:17 - 2015-06-30 19:38 - 00000998 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 10:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-30 07:55 - 2014-07-02 20:57 - 00232523 _____ C:\Users\j\Desktop\Bills.xlsx
2015-07-29 21:53 - 2015-01-01 20:20 - 00000000 ____D C:\Users\j\AppData\Roaming\Azureus
2015-07-29 21:02 - 2014-06-06 20:45 - 00000000 ____D C:\Users\j\AppData\Roaming\Apple Computer
2015-07-29 20:49 - 2015-05-01 20:24 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-29 20:49 - 2014-06-13 16:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-28 22:52 - 2014-10-16 08:45 - 00612352 ___SH C:\Users\j\Downloads\Thumbs.db
2015-07-25 08:57 - 2014-06-05 20:33 - 01657344 ___SH C:\Users\j\Desktop\Thumbs.db
2015-07-17 14:49 - 2014-06-05 18:58 - 00000000 ____D C:\Users\j\AppData\Local\Lenovo
2015-07-17 08:20 - 2014-06-05 19:02 - 00000000 ____D C:\Users\j\AppData\Roaming\LSC
2015-07-17 08:19 - 2013-09-12 14:00 - 00000000 ____D C:\Program Files\Lenovo
2015-07-17 08:19 - 2013-09-12 13:59 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-17 08:18 - 2013-09-12 14:00 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-07-14 06:47 - 2015-01-01 20:20 - 00001871 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-14 06:47 - 2015-01-01 20:20 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-07-10 06:31 - 2014-06-18 18:03 - 00000000 _____ C:\WINDOWS\SysWOW64\idrivee.txt
2015-07-10 06:30 - 2014-06-19 20:50 - 00000000 ____D C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDrive
2015-07-09 08:16 - 2014-06-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-07 13:15 - 2014-06-16 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-07-03 08:43 - 2014-06-05 19:42 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 07:56 - 2014-06-13 17:37 - 00000285 _____ C:\WINDOWS\wininit.ini
2015-07-01 04:02 - 2014-12-14 10:20 - 00000000 ____D C:\Program Files (x86)\MediaMall

==================== Files in the root of some directories =======

2014-06-07 12:02 - 2014-06-16 10:04 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-31 20:15 - 2015-07-31 20:15 - 0000315 _____ () C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat
2014-12-10 22:48 - 2014-12-10 22:48 - 0000017 _____ () C:\Users\j\AppData\Local\resmon.resmoncfg
2014-06-07 01:11 - 2014-06-07 01:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-12 13:50 - 2013-09-12 13:50 - 0000198 ____H () C:\ProgramData\Lenovo-20051.vbs
2015-02-06 21:07 - 2015-02-06 21:07 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\ProgramData\Lenovo-20051.vbs


Some files in TEMP:
====================
C:\Users\j\AppData\Local\Temp\vcredist9_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End of log ============================
Attached Files
File Type: txt ckfiles.txt (197 Bytes, 31 views)
File Type: txt Addition.txt (40.3 KB, 38 views)
omgitsfletch is offline  
Sponsored Links
Advertisement
 
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to give admin rights to a specific Software
Good afternoon, I would like to know if it's possible to give admin rights to a specific software for a user. I have a user who uses HTC sync to sync with outlook. Problem : it won't work unless he has admin rights So I created a shortcut on his desktop with this : ...
sobersong Windows XP Support 3 07-22-2011 11:36 AM
Help! PC Admin Hijacked!!
Hi Everybody, My WIN XP computer is hijacked by a trojan/virus. It boots normally and just before it asks for admin login, a popup appears with this message -------------------------------------------------------------------- Hi. Your PC is locked with password, that only I know. Who am...
feynp Virus/Trojan/Spyware Help 8 03-10-2011 05:28 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:07 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts