Sane Posted August 31, 2015 ID:986321 Share Posted August 31, 2015 Hi I am using a Lenovo Thinkpad X1 Carbon. About three days ago I noticed that that my mouse was moving and clicking on things without me touching anything (whilst I was watching something, nowhere near the mouse). Having had a similar problem in the past, I quickly thought that this could be malware or a hijacker, and I therefore immediately turned the laptop off. Since then I have used another laptop and a USB stick to download MalwareByes as well as Avast. Having tried to use both of these I have been unable to: - Avast simply will not start (whenever the 'run' box comes up, I choose to run the programme but nothing happens), and - MalwareBytes is not working either (the programme instantly crashes whenever I try to run it, and I have also used all 13 'Chameleons' to no avail. Each time the driver is installed, but ultimately the black box repeatedly shows 'failed!' and 'no files in current directory!' I have even bought and tried to use a FixMeStick, which also is not working as my "computer is not compatible with the FixMeStick because it uses BitLocker Drive Encryption" (it is a work laptop so some features may be disabled or additional security may be in place...I am not sure if I am able to change the settings). I have downloaded and tried to use Rkill, which has not helped. I have also downloaded and scanned using Farbar Recovery Scan Tool. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015Ran by Spettipiece (administrator) on UKPK1RHT6 (31-08-2015 10:20:47)Running from C:\Users\Spettipiece\DownloadsLoaded Profiles: Spettipiece (Available Profiles: Spettipiece & K1_adm & Administrator)Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe(Oracle Corporation) C:\ORACLE\ORA10G\bin\omtsreco.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\SymCorpUI.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\SmcGui.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ProtectionUtilSurrogate.exe(FixMeStick Technologies) E:\RunFixMeStick.exe(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorHKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-06-29] (Adobe Systems Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1HKLM\...\Policies\Explorer: [useDefaultTile] 1HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTIONHKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Run: [DAEMON Tools Lite] => "E:\DAEMON Tools Lite\DTLite.exe" -autorunHKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18993824 2014-01-23] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2014-02-04]ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()GroupPolicyScripts: Group Policy detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-1965243242-631715425-1848903544-251446\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-1965243242-631715425-1848903544-251446] => http://kpmgproxy.com/kpmgproxy.pacTcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100Tcpip\..\Interfaces\{0AC540F2-7883-4AA8-9B1A-263FDFAD503D}: [DhcpNameServer] 10.216.217.39 10.216.134.156 158.177.79.90Tcpip\..\Interfaces\{8BC3C96B-BFF8-4992-BE60-C731614A2561}: [DhcpNameServer] 194.168.4.100 194.168.8.100Tcpip\..\Interfaces\{D742E457-5464-45AB-8B60-8EBB722EFE2C}: [DhcpNameServer] 192.168.42.129Tcpip\..\Interfaces\{E3CB9E7E-B25D-4642-8ACC-D412DEBF037D}: [DhcpNameServer] 10.216.217.39 10.216.163.40 10.216.205.9 10.217.225.47 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1965243242-631715425-1848903544-251446\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.kworld.kpmg.com/usearch/usearch.asp?hide_tabs=1HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://portal.ema.kworld.kpmg.com/uk/Pages/default.aspxHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM -> DefaultScope value is missingSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 -> DefaultScope value is missingSearchScopes: HKU\S-1-5-21-1965243242-631715425-1848903544-251446 -> {B537DD29-1E1A-4093-AFC9-23C23587DB8D} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)BHO-x32: Citrix URL-Redirection Helper -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll [2013-10-01] (Citrix Systems, Inc.)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\bin\IPS\IPSBHO.DLL [2014-06-17] (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-10] (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> E:\SURFIN~1\BROWER~1\ASCPLU~1.DLL No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-10] (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-1965243242-631715425-1848903544-251446 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)DPF: HKLM-x32 {2451640F-BE54-4A75-A66A-2A967AD214A9} hxxp://worksiteweb/WorkSite/includes/iManFile.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://kpmguk.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cabHandler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-02-22] (SAP, Walldorf)Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-02-22] (SAP, Walldorf)Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-07] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-07] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-06-26] (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-10] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-10] (Oracle Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-07-27] Chrome: =======CHR Profile: C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Chrome Hotword Shared Module) - C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]CHR Extension: (Chrome Web Store Payments) - C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-20]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-06-29] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)R2 ciscod.exe; C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe [66480 2013-01-24] (Cisco Systems, Inc.)R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-24] (Microsoft Corporation)R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]R2 OracleMTSRecoveryService; C:\ORACLE\ORA10G\bin\omtsreco.exe [53248 2006-10-11] (Oracle Corporation) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe [144496 2014-06-17] (Symantec Corporation)R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe [2379128 2014-06-17] (Symantec Corporation)S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe [335216 2014-06-17] (Symantec Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AppvStrm; C:\Windows\System32\DRIVERS\appvStrm.sys [104616 2013-03-29] (Microsoft Corporation)R3 AppvVemgr; C:\Windows\System32\DRIVERS\AppvVemgr.sys [175256 2013-03-29] (Microsoft Corporation)R3 AppvVfs; C:\Windows\System32\DRIVERS\AppvVfs.sys [141480 2013-03-29] (Microsoft Corporation)S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [64512 2012-08-10] (ASIX Electronics Corp.)R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\BASHDefs\20150814.011\BHDrvx64.sys [1650936 2015-07-28] (Symantec Corporation)R1 ccSettings_{67210CE5-A4BA-4C22-B639-1C79F566632D}; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\ccSetx64.sys [169048 2014-06-17] (Symantec Corporation)R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2014-02-04] ()S3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.)S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-19] (Disc Soft Ltd)R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20150828.011\IDSvia64.sys [671448 2015-08-05] (Symantec Corporation)R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-02] (Ericsson AB)S3 LenLan; C:\Windows\System32\DRIVERS\LenLan.sys [110080 2012-10-22] (Lenovo Corporation)S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-08-27] (Malwarebytes Corporation)R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-10-05] (MCCI Corporation)R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-10-05] (MCCI Corporation)R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-10-05] (MCCI Corporation)R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-10-05] (MCCI Corporation)R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150830.020\ENG64.SYS [138488 2015-07-30] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150830.020\EX64.SYS [2146040 2015-07-30] (Symantec Corporation)R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-10-17] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [3056248 2012-05-22] (Sunplus Technology)R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSP64.SYS [867032 2014-06-17] (Symantec Corporation)R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSPX64.SYS [36952 2014-06-17] (Symantec Corporation)S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\SyDvCtrl64.sys [35432 2014-06-17] (Symantec Corporation)R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMDS64.SYS [493656 2014-06-17] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMEFA64.SYS [1148120 2014-06-17] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-23] (Symantec Corporation)R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\Ironx64.SYS [225496 2014-06-17] (Symantec Corporation)R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMNETS.SYS [437976 2014-06-17] (Symantec Corporation)R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [153912 2014-07-24] (Symantec Corporation)R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [104472 2014-06-17] (Symantec Corporation)R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279312 2012-04-27] (Ericsson AB)S3 5U877; system32\DRIVERS\5U877.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-31 10:20 - 2015-08-31 10:21 - 00030683 _____ C:\Users\Spettipiece\Downloads\FRST.txt2015-08-31 10:20 - 2015-08-31 10:20 - 02188288 _____ (Farbar) C:\Users\Spettipiece\Downloads\frst64.exe2015-08-31 10:20 - 2015-08-31 10:20 - 00000000 ____D C:\FRST2015-08-30 19:10 - 2015-08-30 19:10 - 00000000 ____D C:\FixMeStick2015-08-28 13:32 - 2015-08-28 13:32 - 00294400 _____ C:\Users\Spettipiece\Downloads\exeHelper.com2015-08-28 13:28 - 2015-08-28 13:28 - 00002948 _____ C:\windows\System32\Tasks\{C6F69DA9-4DDF-4749-A657-1E2F85671EBE}2015-08-28 13:05 - 2015-08-28 13:26 - 00003552 _____ C:\Users\Spettipiece\Desktop\Rkill.txt2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\WiNlOgOn.exe2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\uSeRiNiT.exe2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.scr2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.com2015-08-28 13:03 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.exe2015-08-28 12:56 - 2015-08-28 12:56 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\IObit2015-08-28 12:55 - 2015-08-28 12:56 - 00000000 ____D C:\ProgramData\IObit2015-08-28 12:54 - 2015-08-28 12:54 - 00002940 _____ C:\windows\System32\Tasks\{F9C5F5A8-8A2E-4376-B1CB-54C4CD7E40DD}2015-08-28 12:54 - 2015-08-28 12:54 - 00002940 _____ C:\windows\System32\Tasks\{613B6B0E-AEEF-4A31-ACA6-EC8529389BCB}2015-08-28 12:36 - 2015-08-28 12:45 - 00000000 ____D C:\Users\Spettipiece\Desktop\Anti malware2015-08-27 22:29 - 2015-08-27 22:29 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-08-27 22:23 - 2015-08-27 22:23 - 00000000 ____D C:\ProgramData\AVAST Software2015-08-10 15:24 - 2015-08-10 15:24 - 00000000 ____D C:\Users\Spettipiece\AppData\Local\Digita2015-08-10 15:23 - 2015-08-10 15:23 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\Digita2015-08-10 11:02 - 2015-08-10 11:02 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2015-08-10 11:02 - 2015-08-10 11:02 - 00000000 ____D C:\windows\Sun2015-08-10 11:02 - 2015-08-10 11:02 - 00000000 ____D C:\Program Files (x86)\Java2015-08-07 14:52 - 2015-08-07 14:52 - 00000000 ____D C:\windows\SysWOW64\Adobe2015-08-05 15:14 - 2015-08-05 15:14 - 00002132 _____ C:\Users\Spettipiece\Downloads\Venue - NEC Birmingham (wristband collection point - Nottingham).ics2015-08-05 09:05 - 2015-08-05 09:05 - 00000000 ____D C:\Program Files\TCSL2015-08-04 21:38 - 2015-08-04 21:38 - 00056909 _____ C:\Users\Spettipiece\Downloads\Stereophonics - Since I Told You Its Over (Pro).gp52015-08-04 20:08 - 2015-08-04 20:10 - 54685584 _____ C:\Users\Spettipiece\Downloads\Fort Portal.zip2015-08-04 20:08 - 2015-08-04 20:09 - 42379002 _____ C:\Users\Spettipiece\Downloads\Ssese Island.zip2015-08-04 15:22 - 2015-08-04 15:22 - 00001486 _____ C:\Users\Spettipiece\Downloads\BeTogether3.ics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-31 10:20 - 2014-01-26 15:37 - 01382690 _____ C:\windows\WindowsUpdate.log2015-08-31 10:18 - 2013-09-05 16:21 - 00000000 ____D C:\ProgramData\Symantec2015-08-31 10:18 - 2009-07-14 06:13 - 00788962 _____ C:\windows\system32\PerfStringBackup.INI2015-08-31 10:09 - 2014-08-02 11:03 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\uTorrent2015-08-31 09:49 - 2009-07-14 05:45 - 00019120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-08-31 09:49 - 2009-07-14 05:45 - 00019120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-08-31 09:43 - 2013-08-30 13:49 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-08-31 09:31 - 2013-08-30 10:28 - 00000568 _____ C:\windows\SMSCFG.ini2015-08-31 09:29 - 2013-08-30 13:49 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-31 09:29 - 2011-02-16 10:44 - 00000000 ____D C:\Users\Spettipiece\Documents\Outlook2015-08-31 09:29 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-31 09:29 - 2009-07-14 05:51 - 00267751 _____ C:\windows\setupact.log2015-08-28 12:58 - 2014-03-10 08:14 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\Apple Computer2015-08-27 12:31 - 2015-07-28 16:47 - 00000000 ____D C:\Users\Public\SSEWord2015-08-27 02:37 - 2013-08-30 13:49 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-08-27 02:37 - 2013-08-30 13:49 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-08-26 13:56 - 2014-02-04 17:44 - 00038610 __RSH C:\Users\Spettipiece\ntuser.pol2015-08-26 13:56 - 2014-02-04 17:18 - 00000000 ____D C:\Users\Spettipiece2015-08-26 13:54 - 2014-01-26 22:33 - 00007328 _____ C:\windows\system32\config\netlogon.ftl2015-08-26 13:51 - 2014-04-12 07:37 - 00000000 ____D C:\Program Files\Intel2015-08-26 13:51 - 2014-01-26 15:41 - 00018926 _____ C:\windows\DPINST.LOG2015-08-21 12:23 - 2014-02-04 17:30 - 00004062 _____ C:\windows\tcslbase.ini2015-08-21 12:04 - 2014-02-04 17:30 - 00000711 _____ C:\windows\TCSLDB.ini2015-08-20 15:29 - 2015-07-27 15:06 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\iOutlook2015-08-17 09:08 - 2013-09-05 17:04 - 00000000 ____D C:\windows\ccmcache2015-08-12 15:06 - 2011-02-16 10:43 - 00000000 ____D C:\Users\Spettipiece\Desktop\Shaun's KPMG2015-08-12 14:23 - 2014-01-27 10:51 - 00205312 _____ (ScreenTime Media) C:\windows\SysWOW64\kpmgscreen.scr2015-08-12 14:23 - 2014-01-27 10:51 - 00205312 _____ (ScreenTime Media) C:\windows\system32\kpmgscreen.scr2015-08-10 15:26 - 2014-05-13 16:46 - 00000000 ____D C:\ProgramData\Digita2015-08-08 12:44 - 2010-11-21 04:47 - 00918872 _____ C:\windows\PFRO.log2015-08-07 14:52 - 2013-09-05 16:30 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-07 14:52 - 2013-09-05 16:30 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-07 14:52 - 2013-09-05 16:30 - 00000000 ____D C:\windows\SysWOW64\Macromed2015-08-06 12:22 - 2013-08-30 10:32 - 00170421 __RSH C:\ProgramData\ntuser.pol2015-08-05 13:56 - 2015-07-27 14:51 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk2015-08-05 13:56 - 2015-07-27 14:51 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk2015-08-05 13:56 - 2015-07-27 14:51 - 00002055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk2015-08-05 09:05 - 2014-11-04 21:41 - 00000360 _____ C:\windows\atload.ini2015-08-05 09:05 - 2014-11-04 21:41 - 00000284 _____ C:\windows\tcslct.ini ==================== Files in the root of some directories ======= 2014-08-20 08:44 - 2014-08-20 08:44 - 0000400 _____ () C:\Users\Spettipiece\AppData\Roaming\apachesrvin.vbs2014-08-20 08:44 - 2014-08-20 08:44 - 0000061 _____ () C:\Users\Spettipiece\AppData\Roaming\die.bat2013-08-30 10:07 - 2013-08-30 10:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP:====================C:\Users\desktopdna\AppData\Local\Temp\{1AA9F7F8-D106-4C4F-8B16-8CAEBDC79779}-GoogleUpdateSetup.exeC:\Users\desktopdna\AppData\Local\Temp\{9EE58BD8-BA7D-47CA-B7C4-7267CDD5B6D7}-GoogleUpdateSetup.exeC:\Users\desktopdna\AppData\Local\Temp\{AC4EE382-6251-4E3C-864A-C77FEA6AE0BA}-GoogleUpdateSetup.exeC:\Users\Spettipiece\AppData\Local\Temp\7za.exeC:\Users\Spettipiece\AppData\Local\Temp\bitool.dllC:\Users\Spettipiece\AppData\Local\Temp\FMS38B0.tmp.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\SysWOW64\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll => File is digitally signedC:\windows\SysWOW64\dnsapi.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-25 01:52 ==================== End of FRST.txt ============================ Here is the additional text log: Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015Ran by Spettipiece (2015-08-31 10:21:17)Running from C:\Users\Spettipiece\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3514007175-846357519-1260159919-500 - Administrator - Enabled) => C:\Users\AdministratorK1_adm (S-1-5-21-3514007175-846357519-1260159919-1002 - Administrator - Enabled) => C:\Users\K1_admk1_guest (S-1-5-21-3514007175-846357519-1260159919-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) HiddenAdobe Acrobat Pro STAMPS v10 (HKLM-x32\...\{0C6BBA44-D653-42E7-9DAC-D876B4BCDF4A}) (Version: 10 - KPMG)Adobe Acrobat Pro STAMPS v11 (HKLM-x32\...\{7F1C1609-257A-4849-B844-8C93ABF39E92}) (Version: 11 - KPMG)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.12 - Adobe Systems)Adobe Connect Add-in (HKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Adobe Connect Add-in) (Version: - )Adobe Flash Player 18 ActiveX (HKLM-x32\...\{B3DADA45-F0ED-48FD-946E-7E82C2229D59}) (Version: 18.0.0.209 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM-x32\...\{448D7DEC-36F1-4091-B419-C5487BDEB867}) (Version: 18.0.0.209 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\{699025AA-475E-45F2-9C9B-9A489CAD2C10}) (Version: 12.1.9.159 - Adobe Systems, Inc)Alphatax v15.0 (HKLM\...\{DBEB588C-81D7-46F4-940C-3FA2544F5722}) (Version: 15.0 - KPMG)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AX88179_AX88178A Windows 7 Drivers (HKLM-x32\...\InstallShield_{14414298-5199-4C52-81E2-FF1501EAAD72}) (Version: 2.0.0.0 - ASIX Electronics Corporation)AX88179_AX88178A Windows 7 Drivers (x32 Version: 2.0.0.0 - ASIX Electronics Corporation) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{633EE0E5-7361-42FD-AD45-2E2A18AA47E5}) (Version: 3.1.02040 - Cisco Systems, Inc.)Cisco AnyConnect Posture Module (HKLM-x32\...\{CB7DAECA-A855-4ACB-8EE3-558E11C1181B}) (Version: 3.1.02040 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) HiddenCisco IP Communicator (x32 Version: 8.6.3.0 - Cisco Systems, Inc.) HiddenCisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)Clix Learnbase-Client 2.3.0.983 (HKLM-x32\...\{B0C5227A-1141-4CFB-82C2-A4FC3F998AFD}) (Version: 2.3.0.983 - KPMG)Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.8131.0 - Microsoft)Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) HiddenCRM System (HKLM-x32\...\{7B759AFF-5F31-4FC5-95B3-EB944876AA3A}) (Version: 3.0 - KPMG)Digita Database Launcher v1.0 (HKLM\...\{0DDBC651-3C99-4049-8EAA-6EFF4D382CC8}) (Version: 1.0 - KPMG)Digita Launcher and Unlock Tool (HKLM\...\{FE36CC6E-EAF4-4DD4-AFF8-D8DE3222909F}) (Version: 12.7 - Thomson)Digita Shared Components v2.1 (HKLM-x32\...\{18A790C2-0325-4811-8EE8-70C153DD3F21}) (Version: 2.1.228.0 - Thomson Reuters (Professional) UK Limited (Tax & Accounting Business))Digita Tax Software v15.2 (HKLM-x32\...\{FB93A4A3-C29D-4FCC-BA1B-80B4C42321DF}) (Version: 15.2 - Thomson)DigitarebootPrompt (x32 Version: 1.00 - KPMG) HiddenDigitaTaxSoftware (HKLM-x32\...\DigitaTAx12.1) (Version: - KPMG)DisplayLink Core Software (HKLM\...\{F318CA5D-B6D5-42AD-A2B6-EFFB472EDA67}) (Version: 7.4.51572.0 - DisplayLink Corp.)DisplayLink Graphics (HKLM\...\{8798C3B5-290E-447D-82E4-EB38E183CA39}) (Version: 7.4.51587.0 - DisplayLink Corp.)EaseUS Data Recovery Wizard 5.8.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version: - EaseUS)Engineering Client Viewer 7.0 (HKLM-x32\...\SAP_Engineering Client Viewer 7.0) (Version: - SAP AG)Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)GDCoreComponents (HKLM-x32\...\{D4D3476D-DC06-481E-8B3B-339B20D73D0D}) (Version: 3.07 - KPMG Global Desktop Team)GlobalPowerPointToolbar (HKLM-x32\...\{3D3DCD91-B8A4-4676-9250-31C154F97527}) (Version: 4.41.5 - KPMG)Google Chrome (HKLM-x32\...\{1863F6B6-51FD-3F61-BED0-B5E82EA74086}) (Version: 65.85.160 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.13 - Google Inc.) HiddeniManage FileSite 9.0 (HKLM-x32\...\{4A62A98C-C9CE-4FA5-BA0A-3BA26D9A586D}) (Version: 90.4.79 - Autonomy, Inc.)iManage KPMG FileSite Import & Soft Delete Addon (HKLM-x32\...\{A5A442D4-B566-4597-B434-951D9DD6928C}) (Version: 1.7 - Autonomy iManage)Intel® PRO/Wireless Driver (HKLM\...\{17e91253-12f4-4fa1-bd55-5d950e7799a8}) (Version: 17.14.0000.2269 - Intel)Intel® PROSet/Wireless WiFi Software (HKLM\...\{1C03A416-D8D5-42F6-87CE-4874A383EBEB}) (Version: 16.10.0.0307 - Intel Corporation)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Jabra upgrade for Cisco IP Communicator (x32 Version: 1.00.0000 - KPMG) HiddenJava 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)KPMG Alphatax (Version: - ) HiddenKPMG DigitaTaxSoftware (x32 Version: 1.00 - KPMG) HiddenKPMG Excel Magic Tools (HKLM-x32\...\{6587BA6E-722C-4D70-A92B-E76A32F8DC3D}) (Version: 4.41.5 - KPMG)KPMG Global Desktop Fonts (HKLM-x32\...\{D34DF15C-31FF-4DE1-BE94-2B25D453839C}) (Version: 2.0 - KPMG Global Desktop Team)KPMG Installer (x32 Version: 1.00.0000 - KPMG) HiddenKPMG Navigo (HKLM-x32\...\{210BCAC7-D169-47CF-BF45-EF043080C141}) (Version: 1.15 - KPMG)KPMG PresentationUtility (HKLM-x32\...\{B01EEDAF-799E-45CF-8942-ED8A05A73848}) (Version: 1.1 - KPMG ITS)KPMG SAP-GuiXT-License-Keys 20130521 (HKLM-x32\...\{6A2BF16E-0FD4-4283-B255-3B5867B3E2D1}) (Version: 1.05.2013 - KPMG ITS)Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )MDOP MBAM (Version: 2.0.5301.1 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 (HKLM-x32\...\{6a7351d4-99b9-4be8-99a6-f70b825c119e}) (Version: 5.0.1104.0 - Microsoft Corporation)Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 x64 (HKLM\...\{FD8A2518-A9D7-449E-ADA0-33F2F7FA83AA}) (Version: 5.0.1104.0 - Microsoft Corporation)Microsoft Application Virtualization Client en-US Language Pack x64 (HKLM\...\{DB175F28-FD1E-4C26-A073-8264FC77103F}) (Version: 5.0.1104.0 - Microsoft Corporation)Microsoft CMTrace (HKLM\...\{2B733E91-E0A2-4C7C-A146-EC6005FCF663}) (Version: 1.00 - Microsoft)Microsoft Office Live Meeting 2007 (HKLM-x32\...\{0309B99E-C7EA-414C-AC53-A78061277595}) (Version: 8.0.6362.223 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{C92556F2-4950-48CF-ABA3-F0026B05BCE8}) (Version: 8.05.1054 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft Visio Viewer 2013 (HKLM-x32\...\{95150000-0052-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Navigo Font Fix (x32 Version: 1.0 - KPMG) HiddenOn Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.20 - )Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) HiddenOnline Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) HiddenOracle Database Client (HKLM-x32\...\{77EA4248-84D1-4967-841B-8A7B03FE0DC5}) (Version: 10.2 - Oracle)OracleDatabaseClient10g_Patch (HKLM-x32\...\{7066E410-F7B0-4F56-AFC5-2679ED19816C}) (Version: 5699495 - Oracle)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenPower Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.54 - )Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.34 - Remo Software)SAP Active Components Framework (HKLM-x32\...\SAPACF) (Version: - SAP AG)SAP Active Components Framework for Adobe (HKLM-x32\...\SAPACF_ADOBE) (Version: - SAP AG)SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)SAP Channel Encryption (HKLM-x32\...\SAP Channel Encryption) (Version: - SAP AG)SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)SAP LicenseUpdate (HKLM-x32\...\{EE574B30-921A-49D5-B169-37B16034AE13}) (Version: 2.0 - SAP)Screensaver (HKLM\...\{374EB319-B146-4AC3-9AB9-077B3D87C5EE}) (Version: 199.0 - KPMG)Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)SSE Word V10.1 (HKLM-x32\...\{FF914837-19EE-4536-ABAF-4B7AF7082A67}) (Version: 10.1 - KPMG)Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)Symantec Endpoint Protection (HKLM\...\{60171618-BEB9-4E89-AA7B-43AD32A3EC05}) (Version: 12.1.4100.4126 - Symantec Corporation)ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.0 - )WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 08-08-2015 15:13:19 Scheduled Checkpoint18-08-2015 11:08:37 Scheduled Checkpoint26-08-2015 00:00:01 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3AA0B803-49C5-42C4-AC70-C8F2FB2A9B88} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)Task: {3C2F6DD3-AA5E-43F5-98CF-98491C05BAD5} - System32\Tasks\{C6F69DA9-4DDF-4749-A657-1E2F85671EBE} => H:\Malwarebytes Anti-Malware\explorer.exeTask: {3D584A4A-65C7-4FB2-839C-D731C7464FA3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)Task: {4826163F-BA80-4058-A39E-15F1741FDFA1} - System32\Tasks\{613B6B0E-AEEF-4A31-ACA6-EC8529389BCB} => H:\Malwarebytes Anti-Malware\mbam.exeTask: {59556A1A-7ECF-4056-8FFB-B92BF96079E3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-04-23] (Lenovo Group Limited)Task: {5C4321F1-E40D-470E-8024-ECE0754E312E} - System32\Tasks\SEP Exclusion DMS => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {610DB703-2F82-4ACD-BD0A-E885D6A1C2F7} - System32\Tasks\KPMG\Run SCCM Evaluation Cycles => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {62C3E5C6-F4CB-4650-81BE-D35162381E3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {994DB96E-B612-453D-96B6-78C29922C016} - System32\Tasks\{F9C5F5A8-8A2E-4376-B1CB-54C4CD7E40DD} => H:\Malwarebytes Anti-Malware\mbam.exeTask: {9CBFF508-DDB4-446C-9A6E-DA5CCDD7DA22} - System32\Tasks\KPMG\Office 2013 Cleanup PST Backup => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {A4687E7A-ED8A-44FD-A7D4-26BB8BBD6E6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {AE3C686D-69CE-475D-8D82-9C5C7B180C8B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {B6438894-F19A-4D79-B184-F9CF48BC5843} - System32\Tasks\KPMG\Logon UI Reset => C:\windows\System32\WindowsPowerShell\v1.0\\Powershell.exe [2013-09-27] (Microsoft Corporation)Task: {C1CB5D29-CCE6-4FC3-914C-47C1FA03392D} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle DetectionTask: {C6951FA7-1310-41AD-889B-B1CA39A46F5C} - System32\Tasks\KPMG\Upload Office 2013 Upgrade Status => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {CEC74C90-FC26-403F-AD69-B339A76FAB39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {E53C3CE3-DB7E-46EA-9ADF-E9C31F126FC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {E770AADA-C8DB-4031-ADBC-59AF1F81EA8B} - System32\Tasks\{5FBED348-EDCB-4505-ABCC-D9F67F35988E} => pcalua.exe -a G:\Setup.exe -d G:\Task: {F53427EC-8628-492B-B59A-C77B711DB372} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {F7B21844-D5FB-4968-98FD-8DC76AAE303F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-10] (Synaptics Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-01-22 04:07 - 2014-01-22 04:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-01-26 15:38 - 2013-04-23 06:54 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2013-08-30 18:45 - 2012-08-24 19:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll2015-08-21 11:33 - 2015-08-18 06:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll2015-08-21 11:33 - 2015-08-18 06:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Control Panel\Desktop\\Wallpaper -> C:\Users\Spettipiece\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: Media is not connected to internet.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco Systems VPN Adapter for 64-bit WindowsDescription: Cisco Systems VPN Adapter for 64-bit WindowsClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: CVirtAProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/31/2015 10:20:05 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:19:39 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:18:37 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:17:08 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:16:23 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/30/2015 08:04:52 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/30/2015 07:53:07 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/30/2015 07:36:21 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (08/30/2015 07:36:20 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (08/31/2015 09:31:37 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4} Error: (08/31/2015 09:31:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/31/2015 09:29:21 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: UK)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/31/2015 09:29:03 AM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain UK due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (08/31/2015 09:29:02 AM) (Source: Ntfs) (EventID: 137) (User: )Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code. Error: (08/30/2015 08:04:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/30/2015 08:04:50 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain UK due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (08/30/2015 08:04:49 PM) (Source: Ntfs) (EventID: 137) (User: )Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code. Error: (08/30/2015 07:55:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office:=========================Error: (08/31/2015 10:20:05 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:19:39 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:18:37 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:17:08 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:16:23 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 08:04:52 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 07:53:07 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 07:36:21 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Users\Spettipiece\Desktop\Anti malware\AVAST Software\Avast\aswChLic.exe Error: (08/30/2015 07:36:20 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Users\Spettipiece\Desktop\Anti malware\AVAST Software\Avast\aswAraSr.exe CodeIntegrity:=================================== Date: 2015-08-31 09:29:29.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 19:53:22.423 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 19:09:56.286 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 13:43:17.394 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 11:43:57.865 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 10:19:09.176 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 09:21:25.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 09:04:33.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 08:39:43.090 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 19:43:39.518 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-3667U CPU @ 2.00GHzPercentage of memory in use: 34%Total physical RAM: 7888.91 MBAvailable physical RAM: 5179.53 MBTotal Virtual: 15776.02 MBAvailable Virtual: 13118.74 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:200.62 GB) (Free:59.1 GB) NTFSDrive d: (KDrive) (Fixed) (Total:22.36 GB) (Free:14.82 GB) NTFSDrive e: (FixMeStick) (Removable) (Total:0.04 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D3B106EF)Partition 1: (Not Active) - (Size=200.6 GB) - (Type=07 NTFS)Partition 2: (Active) - (Size=600 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=22.4 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 961 MB) (Disk ID: 00041F1F)Partition 1: (Not Active) - (Size=45 MB) - (Type=07 NTFS)Partition 2: (Active) - (Size=352 MB) - (Type=83)Partition 3: (Not Active) - (Size=416 MB) - (Type=83) ==================== End of Addition.txt ============================ Please help urgently, I need to work tomorrow and need to have the problem resolved by then! Let me know of anything I should do or anything you can do to help. ThanksSane Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 31, 2015 ID:986358 Share Posted August 31, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Is this Enterprise/Business computer? Do you have MalwareBytes subscription? Link to post Share on other sites More sharing options...
Sane Posted August 31, 2015 Author ID:986362 Share Posted August 31, 2015 Yes, this is a work (ie enterprise / business) computer.I have simply downloaded malwarebytes anti malware free version recently, and tried to install it and use it after my laptop got the malware. My usual anti virus software is Symantec endpoint protection.Please let me know if you need anything else.ThanksSane Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted August 31, 2015 ID:986371 Share Posted August 31, 2015 I do not provide free help for enterprise machines.Also, this isn't in accordance with MalwareBytes EULA: Quote(b) Free License. If you are using a free version of the Software, then conditioned upon your compliance with the terms and conditions of this Agreement, Malwarebytes grants you a non-exclusive and non-transferable license to Execute (as defined herein) a single copy of the Software solely in executable form on a single computer or virtual machine (a “Computer”), solely for your personal, non-commercial purposes (i.e., not on Computers used in a business). MalwareBytes EULA How can I legally use Malwarebytes Anti-Malware in my Business or Corporate environment (including Government, Education, & Non-Profit)? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 8, 2015 Root Admin ID:987765 Share Posted September 8, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts