Jump to content

PUM.Bad.Proxy malware


Recommended Posts

Hi - I was directed to this forum to try and get help removing this thing that malwarebytes can find but not seem to remove - PUM.Bad.Proxy.

 

Also - I am getting pop up adds from SASA and Obrona VPN

 

I believe the instructions said to post this log file - not sure if you wanted inline txt or as an attachment so I did both.

 

Thanks for your help

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Admin (administrator) on ADMIN-PC on 03-01-2015 11:52:53
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin & UpdatusUser (Available profiles: Admin & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Abpremotexterecathyll\Abpremotexterecathyll.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
() C:\Program Files (x86)\Abpremotexterecathyll\AbpremotexterecathyllHelper.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.3.5\bin\node.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.3.5\node_modules\triggers\bin\lightevt.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(CompanionLink Software, Inc.) C:\Program Files (x86)\CompanionLink\CompanionLink.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Toolwiz) C:\Program Files\Toolwiz Time Freeze 2015\ToolwizTimeFreeze.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\updateui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(QUALCOMM Incorporated) C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Steamcore.se) C:\Users\Admin\AppData\Local\Screamer Radio\screamer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-484638032-4117270068-1087698526-1000\...\Run: [CompanionLink] => c:\program files (x86)\companionlink\companionlink.exe [23685776 2014-11-21] (CompanionLink Software, Inc.)
HKU\S-1-5-21-484638032-4117270068-1087698526-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-484638032-4117270068-1087698526-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-02] (Google Inc.)
HKU\S-1-5-21-484638032-4117270068-1087698526-1000\...\Run: [ToolwizTimeFreeze] => C:\Program Files\Toolwiz Time Freeze 2015\ToolwizTimeFreeze.exe [1662712 2014-12-15] (Toolwiz)
HKU\S-1-5-21-484638032-4117270068-1087698526-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-484638032-4117270068-1087698526-1000\...\MountPoints2: {e62e393a-848d-11e4-95be-f0def1988163} - E:\TL-Bootstrap.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eudora.lnk
ShortcutTarget: Eudora.lnk -> C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe (QUALCOMM Incorporated)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [s-1-5-21-484638032-4117270068-1087698526-1000] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-484638032-4117270068-1087698526-1000] => http=127.0.0.1:9880
HKU\S-1-5-21-484638032-4117270068-1087698526-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 71.243.0.12 68.237.161.12

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bct5dipx.default
FF DefaultSearchEngine: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-484638032-4117270068-1087698526-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-484638032-4117270068-1087698526-1000: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-484638032-4117270068-1087698526-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-484638032-4117270068-1087698526-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bct5dipx.default\searchplugins\google-avast.xml
FF Extension: Print pages to PDF - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bct5dipx.default\Extensions\printPages2Pdf@reinhold.ripper [2014-12-03]
FF Extension: FlashStopper - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bct5dipx.default\Extensions\flashstopper@byo.co.il.xpi [2014-12-19]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bct5dipx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-24]
FF HKU\S-1-5-21-484638032-4117270068-1087698526-1000\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-24]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-24]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-25]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-24]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-24]
CHR Extension: (Avast SafePrice) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-30]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-24]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Abpremotexterecathyll; C:\Program Files (x86)\Abpremotexterecathyll\Abpremotexterecathyll.exe [3938816 2014-12-23] () [File not signed] <==== ATTENTION
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2014-12-06] (Fork, Ltd.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-09-10] (Lenovo.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 HPSLPSVC; C:\Users\Admin\AppData\Local\Temp\7zS0238\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [73360 2014-12-15] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [43152 2014-12-15] (Toolwiz.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 11:52 - 2015-01-03 11:53 - 00021255 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-03 11:52 - 2015-01-03 11:52 - 02123776 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-03 11:52 - 2015-01-03 11:52 - 00000000 ____D () C:\FRST
2015-01-03 11:45 - 2015-01-03 11:45 - 00510822 _____ () C:\Users\Admin\Downloads\adwcleaner_4.105(1).exe
2015-01-03 11:43 - 2015-01-03 11:43 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\tdsskiller.exe
2015-01-03 11:34 - 2015-01-03 11:34 - 00187026 _____ () C:\Users\Admin\Downloads\adwcleaner_4.105.exe
2015-01-03 11:12 - 2015-01-03 11:12 - 00001602 _____ () C:\pum.bad.proxy removal.xml
2015-01-03 09:16 - 2015-01-03 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 09:16 - 2015-01-03 09:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-03 09:16 - 2015-01-03 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-03 09:16 - 2015-01-03 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 09:16 - 2015-01-03 09:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-03 09:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 09:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-03 09:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-03 09:11 - 2015-01-03 09:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-02 16:20 - 2015-01-02 16:20 - 00000000 ____D () C:\Temp
2015-01-02 16:20 - 2011-01-03 10:07 - 00490496 _____ (www.madshi.net) C:\Windows\SysWOW64\madFlac.ax
2015-01-02 16:20 - 2010-02-15 19:00 - 00439808 _____ (MPC-HC Team) C:\Windows\SysWOW64\RealMediaSplitter.ax
2015-01-02 16:20 - 2009-04-28 14:44 - 00417792 _____ (Gabest) C:\Windows\SysWOW64\FLVSplitter.ax
2015-01-02 16:20 - 2009-03-26 21:33 - 00536652 _____ (ArcSoft Inc.) C:\Windows\SysWOW64\ASAudioHD.ax
2015-01-02 16:20 - 2008-11-28 15:36 - 00285184 _____ (ArcSoft Inc.) C:\Windows\SysWOW64\MagUIEngine.dll
2015-01-02 16:20 - 2008-11-28 15:36 - 00092672 _____ (ArcSoft Inc.) C:\Windows\SysWOW64\MagUIInter.dll
2015-01-02 16:20 - 2008-11-28 15:36 - 00055808 _____ (ArcSoft Inc.) C:\Windows\SysWOW64\MagPCMac.dll
2015-01-02 16:20 - 2008-11-28 15:36 - 00035328 _____ (ArcSoft Inc.) C:\Windows\SysWOW64\MagCore.dll
2015-01-02 16:20 - 2008-04-25 08:50 - 00917504 _____ () C:\Windows\SysWOW64\dtsdecoderdll.dll
2015-01-02 16:20 - 2008-04-15 17:40 - 00106496 _____ (ArcSoft Inc.) C:\Windows\SysWOW64\checkactivate.dll
2015-01-02 16:20 - 2007-10-07 13:36 - 00258048 _____ () C:\Windows\SysWOW64\libFLAC.dll
2015-01-02 16:20 - 2004-01-25 17:18 - 00070656 _____ (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2015-01-02 16:19 - 2015-01-02 16:19 - 00000000 ____D () C:\Program Files (x86)\RipBot264v1.17.0
2015-01-02 16:15 - 2015-01-02 16:15 - 00000000 __SHD () C:\Program Files (x86)\Abpremotexterecathyll
2015-01-02 16:07 - 2015-01-02 16:13 - 88685149 _____ () C:\Users\Admin\Desktop\RipBot264v1.17.0.zip
2014-12-31 16:05 - 2014-12-31 16:05 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-31 15:36 - 2014-12-31 15:37 - 00297608 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-12-31 15:36 - 2014-12-31 15:36 - 00296142 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-12-31 15:36 - 2014-12-31 15:36 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-12-31 15:35 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-31 15:35 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-31 15:35 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-31 15:35 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-31 15:35 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-31 15:35 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-31 15:35 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-31 15:35 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-31 15:35 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-31 15:35 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-31 15:35 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-31 15:35 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-31 15:35 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-31 15:35 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-31 15:35 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-31 15:35 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-31 15:35 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-31 15:35 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-31 15:35 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-31 15:35 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-31 15:35 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-31 15:35 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-31 15:35 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-31 15:35 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-31 15:35 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-31 15:35 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-31 15:35 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-31 15:35 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-31 15:35 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-31 15:35 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-31 15:35 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-31 15:35 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-31 15:35 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-31 15:35 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-31 15:35 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-31 15:35 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-31 15:35 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-31 15:35 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-31 15:35 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-31 15:35 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-31 15:35 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-31 15:35 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-31 15:35 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-31 15:35 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-31 15:35 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-31 15:35 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-31 15:35 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-31 15:35 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-31 15:35 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-31 15:35 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-31 15:35 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-31 15:35 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-31 15:35 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-31 15:35 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-31 15:35 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-31 15:35 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-31 15:35 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-31 15:35 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-31 15:35 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-31 15:35 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-31 15:35 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-31 15:35 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-31 15:35 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-31 15:35 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-31 15:35 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-31 15:35 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-31 15:30 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-31 15:30 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-31 15:30 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-31 15:30 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-31 15:30 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-31 15:30 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-31 15:30 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-31 15:30 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-31 15:29 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-31 15:29 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-31 15:29 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-31 15:29 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-31 15:29 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-31 15:29 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-31 15:29 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-31 15:29 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-31 15:29 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-31 15:29 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-31 15:29 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-31 15:29 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-31 15:29 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-31 15:29 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-31 15:29 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-31 15:29 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-31 15:29 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-31 15:29 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-12-31 15:29 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-12-31 15:29 - 2011-02-25 01:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-12-31 15:29 - 2011-02-25 00:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-12-27 18:47 - 2014-12-29 08:40 - 00001615 _____ () C:\Users\Admin\Desktop\HTC Sync Music.lnk
2014-12-27 15:35 - 2014-12-27 15:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HTC
2014-12-27 15:32 - 2015-01-03 10:51 - 00000000 ____D () C:\Users\Admin\AppData\Local\HTC MediaHub
2014-12-27 15:32 - 2014-12-27 15:35 - 00000000 ____D () C:\Users\Admin\Documents\HTC
2014-12-27 15:32 - 2014-12-27 15:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-12-27 15:32 - 2014-12-27 15:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apple Computer
2014-12-27 15:32 - 2014-12-27 15:32 - 00000000 ____D () C:\Users\Admin\.android
2014-12-27 15:32 - 2014-12-27 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-12-27 15:32 - 2014-12-27 15:32 - 00000000 ____D () C:\ProgramData\HTC
2014-12-27 15:31 - 2014-12-27 15:32 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-12-27 15:31 - 2014-12-27 15:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-12-27 15:31 - 2014-12-27 15:31 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-12-27 14:07 - 2014-12-27 14:14 - 137132688 _____ (HTC) C:\Users\Admin\Downloads\setup_3.1.37.2_htc.exe
2014-12-27 10:09 - 2014-12-27 10:09 - 00000000 ____D () C:\Users\Admin\Desktop\Delray Feb
2014-12-24 09:39 - 2014-12-24 09:39 - 04336640 _____ () C:\Users\Admin\Downloads\winLAME-2010-beta2.msi
2014-12-23 15:58 - 2014-12-24 09:36 - 00000386 _____ () C:\Windows\cdplayer.ini
2014-12-23 15:57 - 2014-12-23 15:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dlg
2014-12-23 15:51 - 2014-12-23 15:58 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-12-23 15:51 - 2014-12-23 15:51 - 00001123 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-12-23 15:51 - 2014-12-23 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-12-22 19:29 - 2014-12-22 19:30 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup(1).exe
2014-12-15 13:49 - 2014-12-15 13:49 - 00000000 ____D () C:\Time Freeze Exclusion
2014-12-15 13:38 - 2014-12-15 13:38 - 00073360 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZDISK.sys
2014-12-15 13:38 - 2014-12-15 13:38 - 00043152 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZFILE.sys
2014-12-15 13:38 - 2014-12-15 13:38 - 00000000 ___HD () C:\TOOLWIZTIMEFREEZE
2014-12-15 13:38 - 2014-12-15 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Time Freeze 2015
2014-12-15 13:38 - 2014-12-15 13:38 - 00000000 ____D () C:\Program Files\Toolwiz Time Freeze 2015
2014-12-15 11:42 - 2014-12-15 11:42 - 02985616 _____ (Toolwiz) C:\Users\Admin\Downloads\Setup_Timefreeze.exe
2014-12-15 10:37 - 2014-12-15 10:37 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-12-15 10:37 - 2014-12-15 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-12-15 10:33 - 2015-01-03 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 10:33 - 2014-12-15 10:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 09:00 - 2014-12-15 09:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSO
2014-12-11 08:59 - 2014-12-11 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-12-11 08:59 - 2014-12-11 08:59 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-12-10 16:56 - 2014-12-10 16:56 - 07972272 _____ (VSO-Software ) C:\Users\Admin\Downloads\vso_avchd_editor_setup.exe
2014-12-09 11:19 - 2014-12-09 11:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 16:11 - 2014-12-07 16:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-12-07 15:54 - 2014-12-23 11:20 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-12-07 13:34 - 2014-12-07 13:35 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2014-12-06 08:40 - 2015-01-02 17:32 - 00000000 ____D () C:\Windows\Prey
2014-12-06 08:36 - 2014-12-06 08:37 - 06800592 _____ () C:\Users\Admin\Downloads\prey-windows-1.3.3-x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 11:04 - 2014-12-02 12:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-03 11:04 - 2014-11-24 16:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 11:02 - 2014-12-02 12:57 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484638032-4117270068-1087698526-1000UA.job
2015-01-03 11:01 - 2009-07-13 23:51 - 00044530 _____ () C:\Windows\setupact.log
2015-01-03 10:58 - 2009-07-13 23:45 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-03 10:58 - 2009-07-13 23:45 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 10:57 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-03 10:54 - 2014-11-19 14:18 - 01474930 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 10:51 - 2014-12-02 12:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-03 10:51 - 2014-12-02 12:38 - 00000000 ____D () C:\ProgramData\Skype
2015-01-03 10:51 - 2014-11-24 16:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 10:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 10:50 - 2014-11-19 13:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-03 10:42 - 2014-11-19 14:17 - 00156878 _____ () C:\Windows\PFRO.log
2015-01-02 13:02 - 2014-12-02 12:57 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484638032-4117270068-1087698526-1000Core.job
2015-01-02 09:48 - 2014-11-24 16:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-01 08:23 - 2014-11-25 16:54 - 00007607 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-01-01 08:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-31 16:10 - 2009-07-13 23:45 - 00421184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-31 16:05 - 2014-11-30 16:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-31 16:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-31 16:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-31 15:39 - 2014-11-25 11:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-31 15:37 - 2014-11-25 11:16 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 13:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-30 17:17 - 2014-12-02 12:41 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-30 17:17 - 2014-12-02 12:41 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-30 17:17 - 2014-12-02 12:41 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-27 15:35 - 2014-11-19 13:33 - 00110808 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-27 15:32 - 2014-11-19 14:26 - 00057728 _____ () C:\Windows\DPINST.LOG
2014-12-27 15:32 - 2014-11-19 14:18 - 00000000 ____D () C:\Users\Admin
2014-12-20 09:29 - 2014-11-26 14:19 - 00000000 ____D () C:\Users\Admin\Desktop\Delray
2014-12-19 11:46 - 2014-11-19 14:34 - 00000000 ____D () C:\ProgramData\Lenovo
2014-12-19 11:44 - 2014-11-19 14:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\LSC
2014-12-15 10:33 - 2014-12-02 12:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-15 10:33 - 2014-12-02 12:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-15 10:22 - 2014-11-24 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 19:06 - 2014-11-24 16:55 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-07 16:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-06 08:26 - 2014-11-28 16:11 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-12-04 18:52 - 2014-11-24 15:42 - 00001827 _____ () C:\Users\Admin\Desktop\Pete Home on xp.lnk
2014-12-04 17:30 - 2009-07-14 02:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-04 08:23 - 2014-11-24 15:47 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-04 08:23 - 2014-11-24 15:47 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-04 08:19 - 2014-12-02 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2014-12-04 08:19 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Admin\AppData\Local\Temp\ICReinstall_Eudora_7.1.0.9_inst.exe
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 00:40

==================== End Of Log ============================

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Ok thanks for your help

 

I understand about not pasting logs in posts

 

Using Firefox - I tried downloading Anti-Rootkit and I am getting only partial file downloads - meaning the download size says it is 15.7M but I am getting files on the 300-400k size and the download says it is complete.  Then I click on the download and I am getting 'non 7z archive' error - which I am guessing is because the file will not download completely.

 

I started Chrome and tried downloading it and Rootkit downloaded to completion and I ran it.  It immediatel gave a warning about possible rootkit activity - and suggested hitting no to start with and see if the tool ran to completion - which it did.  attached is the 2 MBAR txt files

 

Also ran the Farbar tool - I messed up and ran it without the 'addition' checked the first time...so I checked addition and ran it a second time....attached are the log files from running a second time - i also have the log file from running the first time if you need that

 

mbar-log-2015-01-03 (12-48-15).txt

system-log.txt

FRST1.txt

Addition.txt

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Thanks for your directions

 

I am sorry but I do not see any attached file to your post.  I cannot download 'fixlist.txt'

 

Also - not sure if the underlined Farbar Recovery Scan Tool in your post is an active link to a download page?  It does not seem to be a clickable link - I had manually found the tool on the internet before but the links in your post do not seem to be active or there is something wrong with my computer that does not allow them - I looked at this post in firefox and chrome and neither had active links - this problem was in the post from yesterday also.

Link to post
Share on other sites

I loaded ebay and amazon which were both flooded with pop up adds from SASA and Obrona VPN before - now all those ad are no longer popping up.  So I would say from that perspective the system is back to normal operation

 

Did the log file show what you were expecting to see and do you think it is safe to log into websites and get back to using my computer as normal now?

 

Be glad to buy you a beer once you think it is safe for me to log into paypal!! - Just let me know if it is safe to do that.

 

Thanks

Link to post
Share on other sites

Yes, it was showing what I expected :)
 
It is now safe to use your PC in any way.
 
 
 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 4 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.