Jump to content

Possible hijacker, Malwarebytes not working using Chameleon


Recommended Posts

Hi

 

I am using a Lenovo Thinkpad X1 Carbon. 

 

About three days ago I noticed that that my mouse was moving and clicking on things without me touching anything (whilst I was watching something, nowhere near the mouse). Having had a similar problem in the past, I quickly thought that this could be malware or a hijacker, and I therefore immediately turned the laptop off.

 

Since then I have used another laptop and a USB stick to download MalwareByes as well as Avast. Having tried to use both of these I have been unable to:

 

- Avast simply will not start (whenever the 'run' box comes up, I choose to run the programme but nothing happens), and      

 

- MalwareBytes is not working either (the programme instantly crashes whenever I try to run it, and I have also used all 13 'Chameleons' to no avail. Each time the driver is installed, but ultimately the black box repeatedly shows 'failed!' and 'no files in current directory!'

 

I have even bought and tried to use a FixMeStick, which also is not working as my "computer is not compatible with the FixMeStick because it uses BitLocker Drive Encryption" (it is a work laptop so some features may be disabled or additional security may be in place...I am not sure if I am able to change the settings).

 

I have downloaded and tried to use Rkill, which has not helped.

 

I have also downloaded and scanned using Farbar Recovery Scan Tool. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Spettipiece (administrator) on UKPK1RHT6 (31-08-2015 10:20:47)
Running from C:\Users\Spettipiece\Downloads
Loaded Profiles: Spettipiece (Available Profiles: Spettipiece & K1_adm & Administrator)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Oracle Corporation) C:\ORACLE\ORA10G\bin\omtsreco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ProtectionUtilSurrogate.exe
(FixMeStick Technologies) E:\RunFixMeStick.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-06-29] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKLM\...\Policies\Explorer: [useDefaultTile] 1
HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Run: [DAEMON Tools Lite] => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18993824 2014-01-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2014-02-04]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1965243242-631715425-1848903544-251446\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [s-1-5-21-1965243242-631715425-1848903544-251446] => http://kpmgproxy.com/kpmgproxy.pac
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0AC540F2-7883-4AA8-9B1A-263FDFAD503D}: [DhcpNameServer] 10.216.217.39 10.216.134.156 158.177.79.90
Tcpip\..\Interfaces\{8BC3C96B-BFF8-4992-BE60-C731614A2561}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D742E457-5464-45AB-8B60-8EBB722EFE2C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E3CB9E7E-B25D-4642-8ACC-D412DEBF037D}: [DhcpNameServer] 10.216.217.39 10.216.163.40 10.216.205.9 10.217.225.47
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.kworld.kpmg.com/usearch/usearch.asp?hide_tabs=1
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://portal.ema.kworld.kpmg.com/uk/Pages/default.aspx
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1965243242-631715425-1848903544-251446 -> {B537DD29-1E1A-4093-AFC9-23C23587DB8D} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO-x32: Citrix URL-Redirection Helper -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll [2013-10-01] (Citrix Systems, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\bin\IPS\IPSBHO.DLL [2014-06-17] (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> E:\SURFIN~1\BROWER~1\ASCPLU~1.DLL No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1965243242-631715425-1848903544-251446 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
DPF: HKLM-x32 {2451640F-BE54-4A75-A66A-2A967AD214A9} hxxp://worksiteweb/WorkSite/includes/iManFile.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://kpmguk.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-02-22] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-02-22] (SAP, Walldorf)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-07-27]
 
Chrome: 
=======
CHR Profile: C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-06-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)
R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
R2 ciscod.exe; C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe [66480 2013-01-24] (Cisco Systems, Inc.)
R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-24] (Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 OracleMTSRecoveryService; C:\ORACLE\ORA10G\bin\omtsreco.exe [53248 2006-10-11] (Oracle Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe [144496 2014-06-17] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe [2379128 2014-06-17] (Symantec Corporation)
S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe [335216 2014-06-17] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AppvStrm; C:\Windows\System32\DRIVERS\appvStrm.sys [104616 2013-03-29] (Microsoft Corporation)
R3 AppvVemgr; C:\Windows\System32\DRIVERS\AppvVemgr.sys [175256 2013-03-29] (Microsoft Corporation)
R3 AppvVfs; C:\Windows\System32\DRIVERS\AppvVfs.sys [141480 2013-03-29] (Microsoft Corporation)
S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [64512 2012-08-10] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\BASHDefs\20150814.011\BHDrvx64.sys [1650936 2015-07-28] (Symantec Corporation)
R1 ccSettings_{67210CE5-A4BA-4C22-B639-1C79F566632D}; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\ccSetx64.sys [169048 2014-06-17] (Symantec Corporation)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2014-02-04] ()
S3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-19] (Disc Soft Ltd)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20150828.011\IDSvia64.sys [671448 2015-08-05] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-02] (Ericsson AB)
S3 LenLan; C:\Windows\System32\DRIVERS\LenLan.sys [110080 2012-10-22] (Lenovo Corporation)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-08-27] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-10-05] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-10-05] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-10-05] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-10-05] (MCCI Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150830.020\ENG64.SYS [138488 2015-07-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150830.020\EX64.SYS [2146040 2015-07-30] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-10-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [3056248 2012-05-22] (Sunplus Technology)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSP64.SYS [867032 2014-06-17] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSPX64.SYS [36952 2014-06-17] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\SyDvCtrl64.sys [35432 2014-06-17] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMDS64.SYS [493656 2014-06-17] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMEFA64.SYS [1148120 2014-06-17] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\Ironx64.SYS [225496 2014-06-17] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMNETS.SYS [437976 2014-06-17] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [153912 2014-07-24] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [104472 2014-06-17] (Symantec Corporation)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279312 2012-04-27] (Ericsson AB)
S3 5U877; system32\DRIVERS\5U877.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 10:20 - 2015-08-31 10:21 - 00030683 _____ C:\Users\Spettipiece\Downloads\FRST.txt
2015-08-31 10:20 - 2015-08-31 10:20 - 02188288 _____ (Farbar) C:\Users\Spettipiece\Downloads\frst64.exe
2015-08-31 10:20 - 2015-08-31 10:20 - 00000000 ____D C:\FRST
2015-08-30 19:10 - 2015-08-30 19:10 - 00000000 ____D C:\FixMeStick
2015-08-28 13:32 - 2015-08-28 13:32 - 00294400 _____ C:\Users\Spettipiece\Downloads\exeHelper.com
2015-08-28 13:28 - 2015-08-28 13:28 - 00002948 _____ C:\windows\System32\Tasks\{C6F69DA9-4DDF-4749-A657-1E2F85671EBE}
2015-08-28 13:05 - 2015-08-28 13:26 - 00003552 _____ C:\Users\Spettipiece\Desktop\Rkill.txt
2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\WiNlOgOn.exe
2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\uSeRiNiT.exe
2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.scr
2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.com
2015-08-28 13:03 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.exe
2015-08-28 12:56 - 2015-08-28 12:56 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\IObit
2015-08-28 12:55 - 2015-08-28 12:56 - 00000000 ____D C:\ProgramData\IObit
2015-08-28 12:54 - 2015-08-28 12:54 - 00002940 _____ C:\windows\System32\Tasks\{F9C5F5A8-8A2E-4376-B1CB-54C4CD7E40DD}
2015-08-28 12:54 - 2015-08-28 12:54 - 00002940 _____ C:\windows\System32\Tasks\{613B6B0E-AEEF-4A31-ACA6-EC8529389BCB}
2015-08-28 12:36 - 2015-08-28 12:45 - 00000000 ____D C:\Users\Spettipiece\Desktop\Anti malware
2015-08-27 22:29 - 2015-08-27 22:29 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-27 22:23 - 2015-08-27 22:23 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-10 15:24 - 2015-08-10 15:24 - 00000000 ____D C:\Users\Spettipiece\AppData\Local\Digita
2015-08-10 15:23 - 2015-08-10 15:23 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\Digita
2015-08-10 11:02 - 2015-08-10 11:02 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-10 11:02 - 2015-08-10 11:02 - 00000000 ____D C:\windows\Sun
2015-08-10 11:02 - 2015-08-10 11:02 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-07 14:52 - 2015-08-07 14:52 - 00000000 ____D C:\windows\SysWOW64\Adobe
2015-08-05 15:14 - 2015-08-05 15:14 - 00002132 _____ C:\Users\Spettipiece\Downloads\Venue - NEC Birmingham (wristband collection point - Nottingham).ics
2015-08-05 09:05 - 2015-08-05 09:05 - 00000000 ____D C:\Program Files\TCSL
2015-08-04 21:38 - 2015-08-04 21:38 - 00056909 _____ C:\Users\Spettipiece\Downloads\Stereophonics - Since I Told You Its Over (Pro).gp5
2015-08-04 20:08 - 2015-08-04 20:10 - 54685584 _____ C:\Users\Spettipiece\Downloads\Fort Portal.zip
2015-08-04 20:08 - 2015-08-04 20:09 - 42379002 _____ C:\Users\Spettipiece\Downloads\Ssese Island.zip
2015-08-04 15:22 - 2015-08-04 15:22 - 00001486 _____ C:\Users\Spettipiece\Downloads\BeTogether3.ics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 10:20 - 2014-01-26 15:37 - 01382690 _____ C:\windows\WindowsUpdate.log
2015-08-31 10:18 - 2013-09-05 16:21 - 00000000 ____D C:\ProgramData\Symantec
2015-08-31 10:18 - 2009-07-14 06:13 - 00788962 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-31 10:09 - 2014-08-02 11:03 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\uTorrent
2015-08-31 09:49 - 2009-07-14 05:45 - 00019120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 09:49 - 2009-07-14 05:45 - 00019120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 09:43 - 2013-08-30 13:49 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 09:31 - 2013-08-30 10:28 - 00000568 _____ C:\windows\SMSCFG.ini
2015-08-31 09:29 - 2013-08-30 13:49 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 09:29 - 2011-02-16 10:44 - 00000000 ____D C:\Users\Spettipiece\Documents\Outlook
2015-08-31 09:29 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-31 09:29 - 2009-07-14 05:51 - 00267751 _____ C:\windows\setupact.log
2015-08-28 12:58 - 2014-03-10 08:14 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\Apple Computer
2015-08-27 12:31 - 2015-07-28 16:47 - 00000000 ____D C:\Users\Public\SSEWord
2015-08-27 02:37 - 2013-08-30 13:49 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 02:37 - 2013-08-30 13:49 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 13:56 - 2014-02-04 17:44 - 00038610 __RSH C:\Users\Spettipiece\ntuser.pol
2015-08-26 13:56 - 2014-02-04 17:18 - 00000000 ____D C:\Users\Spettipiece
2015-08-26 13:54 - 2014-01-26 22:33 - 00007328 _____ C:\windows\system32\config\netlogon.ftl
2015-08-26 13:51 - 2014-04-12 07:37 - 00000000 ____D C:\Program Files\Intel
2015-08-26 13:51 - 2014-01-26 15:41 - 00018926 _____ C:\windows\DPINST.LOG
2015-08-21 12:23 - 2014-02-04 17:30 - 00004062 _____ C:\windows\tcslbase.ini
2015-08-21 12:04 - 2014-02-04 17:30 - 00000711 _____ C:\windows\TCSLDB.ini
2015-08-20 15:29 - 2015-07-27 15:06 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\iOutlook
2015-08-17 09:08 - 2013-09-05 17:04 - 00000000 ____D C:\windows\ccmcache
2015-08-12 15:06 - 2011-02-16 10:43 - 00000000 ____D C:\Users\Spettipiece\Desktop\Shaun's KPMG
2015-08-12 14:23 - 2014-01-27 10:51 - 00205312 _____ (ScreenTime Media) C:\windows\SysWOW64\kpmgscreen.scr
2015-08-12 14:23 - 2014-01-27 10:51 - 00205312 _____ (ScreenTime Media) C:\windows\system32\kpmgscreen.scr
2015-08-10 15:26 - 2014-05-13 16:46 - 00000000 ____D C:\ProgramData\Digita
2015-08-08 12:44 - 2010-11-21 04:47 - 00918872 _____ C:\windows\PFRO.log
2015-08-07 14:52 - 2013-09-05 16:30 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-07 14:52 - 2013-09-05 16:30 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 14:52 - 2013-09-05 16:30 - 00000000 ____D C:\windows\SysWOW64\Macromed
2015-08-06 12:22 - 2013-08-30 10:32 - 00170421 __RSH C:\ProgramData\ntuser.pol
2015-08-05 13:56 - 2015-07-27 14:51 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-08-05 13:56 - 2015-07-27 14:51 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-08-05 13:56 - 2015-07-27 14:51 - 00002055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-08-05 09:05 - 2014-11-04 21:41 - 00000360 _____ C:\windows\atload.ini
2015-08-05 09:05 - 2014-11-04 21:41 - 00000284 _____ C:\windows\tcslct.ini
 
==================== Files in the root of some directories =======
 
2014-08-20 08:44 - 2014-08-20 08:44 - 0000400 _____ () C:\Users\Spettipiece\AppData\Roaming\apachesrvin.vbs
2014-08-20 08:44 - 2014-08-20 08:44 - 0000061 _____ () C:\Users\Spettipiece\AppData\Roaming\die.bat
2013-08-30 10:07 - 2013-08-30 10:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\desktopdna\AppData\Local\Temp\{1AA9F7F8-D106-4C4F-8B16-8CAEBDC79779}-GoogleUpdateSetup.exe
C:\Users\desktopdna\AppData\Local\Temp\{9EE58BD8-BA7D-47CA-B7C4-7267CDD5B6D7}-GoogleUpdateSetup.exe
C:\Users\desktopdna\AppData\Local\Temp\{AC4EE382-6251-4E3C-864A-C77FEA6AE0BA}-GoogleUpdateSetup.exe
C:\Users\Spettipiece\AppData\Local\Temp\7za.exe
C:\Users\Spettipiece\AppData\Local\Temp\bitool.dll
C:\Users\Spettipiece\AppData\Local\Temp\FMS38B0.tmp.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-25 01:52
 
==================== End of FRST.txt ============================
 
Here is the additional text log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by Spettipiece (2015-08-31 10:21:17)
Running from C:\Users\Spettipiece\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3514007175-846357519-1260159919-500 - Administrator - Enabled) => C:\Users\Administrator
K1_adm (S-1-5-21-3514007175-846357519-1260159919-1002 - Administrator - Enabled) => C:\Users\K1_adm
k1_guest (S-1-5-21-3514007175-846357519-1260159919-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Pro STAMPS v10 (HKLM-x32\...\{0C6BBA44-D653-42E7-9DAC-D876B4BCDF4A}) (Version: 10 - KPMG)
Adobe Acrobat Pro STAMPS v11 (HKLM-x32\...\{7F1C1609-257A-4849-B844-8C93ABF39E92}) (Version: 11 - KPMG)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.12 - Adobe Systems)
Adobe Connect Add-in (HKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\{B3DADA45-F0ED-48FD-946E-7E82C2229D59}) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\{448D7DEC-36F1-4091-B419-C5487BDEB867}) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{699025AA-475E-45F2-9C9B-9A489CAD2C10}) (Version: 12.1.9.159 - Adobe Systems, Inc)
Alphatax v15.0 (HKLM\...\{DBEB588C-81D7-46F4-940C-3FA2544F5722}) (Version: 15.0 - KPMG)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AX88179_AX88178A Windows 7 Drivers (HKLM-x32\...\InstallShield_{14414298-5199-4C52-81E2-FF1501EAAD72}) (Version: 2.0.0.0 - ASIX Electronics Corporation)
AX88179_AX88178A Windows 7 Drivers (x32 Version: 2.0.0.0 - ASIX Electronics Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{633EE0E5-7361-42FD-AD45-2E2A18AA47E5}) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Posture Module (HKLM-x32\...\{CB7DAECA-A855-4ACB-8EE3-558E11C1181B}) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) Hidden
Cisco IP Communicator (x32 Version: 8.6.3.0 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Clix Learnbase-Client 2.3.0.983 (HKLM-x32\...\{B0C5227A-1141-4CFB-82C2-A4FC3F998AFD}) (Version: 2.3.0.983 - KPMG)
Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.8131.0 - Microsoft)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
CRM System (HKLM-x32\...\{7B759AFF-5F31-4FC5-95B3-EB944876AA3A}) (Version: 3.0 - KPMG)
Digita Database Launcher v1.0 (HKLM\...\{0DDBC651-3C99-4049-8EAA-6EFF4D382CC8}) (Version: 1.0 - KPMG)
Digita Launcher and Unlock Tool (HKLM\...\{FE36CC6E-EAF4-4DD4-AFF8-D8DE3222909F}) (Version: 12.7 - Thomson)
Digita Shared Components v2.1 (HKLM-x32\...\{18A790C2-0325-4811-8EE8-70C153DD3F21}) (Version: 2.1.228.0 - Thomson Reuters (Professional) UK Limited (Tax & Accounting Business))
Digita Tax Software v15.2 (HKLM-x32\...\{FB93A4A3-C29D-4FCC-BA1B-80B4C42321DF}) (Version: 15.2 - Thomson)
DigitarebootPrompt (x32 Version: 1.00 - KPMG) Hidden
DigitaTaxSoftware (HKLM-x32\...\DigitaTAx12.1) (Version:  - KPMG)
DisplayLink Core Software (HKLM\...\{F318CA5D-B6D5-42AD-A2B6-EFFB472EDA67}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{8798C3B5-290E-447D-82E4-EB38E183CA39}) (Version: 7.4.51587.0 - DisplayLink Corp.)
EaseUS Data Recovery Wizard 5.8.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version:  - EaseUS)
Engineering Client Viewer 7.0 (HKLM-x32\...\SAP_Engineering Client Viewer 7.0) (Version:  - SAP AG)
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
GDCoreComponents (HKLM-x32\...\{D4D3476D-DC06-481E-8B3B-339B20D73D0D}) (Version: 3.07 - KPMG Global Desktop Team)
GlobalPowerPointToolbar (HKLM-x32\...\{3D3DCD91-B8A4-4676-9250-31C154F97527}) (Version: 4.41.5 - KPMG)
Google Chrome (HKLM-x32\...\{1863F6B6-51FD-3F61-BED0-B5E82EA74086}) (Version: 65.85.160 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
iManage FileSite 9.0 (HKLM-x32\...\{4A62A98C-C9CE-4FA5-BA0A-3BA26D9A586D}) (Version: 90.4.79 - Autonomy, Inc.)
iManage KPMG FileSite Import & Soft Delete Addon (HKLM-x32\...\{A5A442D4-B566-4597-B434-951D9DD6928C}) (Version: 1.7 - Autonomy iManage)
Intel® PRO/Wireless Driver (HKLM\...\{17e91253-12f4-4fa1-bd55-5d950e7799a8}) (Version: 17.14.0000.2269 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1C03A416-D8D5-42F6-87CE-4874A383EBEB}) (Version: 16.10.0.0307 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Jabra upgrade for Cisco IP Communicator (x32 Version: 1.00.0000 - KPMG) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
KPMG Alphatax (Version:  - ) Hidden
KPMG DigitaTaxSoftware (x32 Version: 1.00 - KPMG) Hidden
KPMG Excel Magic Tools (HKLM-x32\...\{6587BA6E-722C-4D70-A92B-E76A32F8DC3D}) (Version: 4.41.5 - KPMG)
KPMG Global Desktop Fonts (HKLM-x32\...\{D34DF15C-31FF-4DE1-BE94-2B25D453839C}) (Version: 2.0 - KPMG Global Desktop Team)
KPMG Installer (x32 Version: 1.00.0000 - KPMG) Hidden
KPMG Navigo (HKLM-x32\...\{210BCAC7-D169-47CF-BF45-EF043080C141}) (Version: 1.15 - KPMG)
KPMG PresentationUtility (HKLM-x32\...\{B01EEDAF-799E-45CF-8942-ED8A05A73848}) (Version: 1.1 - KPMG ITS)
KPMG SAP-GuiXT-License-Keys 20130521 (HKLM-x32\...\{6A2BF16E-0FD4-4283-B255-3B5867B3E2D1}) (Version: 1.05.2013 - KPMG ITS)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
MDOP MBAM (Version: 2.0.5301.1 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 (HKLM-x32\...\{6a7351d4-99b9-4be8-99a6-f70b825c119e}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 x64 (HKLM\...\{FD8A2518-A9D7-449E-ADA0-33F2F7FA83AA}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft Application Virtualization Client en-US Language Pack x64 (HKLM\...\{DB175F28-FD1E-4C26-A073-8264FC77103F}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft CMTrace (HKLM\...\{2B733E91-E0A2-4C7C-A146-EC6005FCF663}) (Version: 1.00 - Microsoft)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{0309B99E-C7EA-414C-AC53-A78061277595}) (Version: 8.0.6362.223 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{C92556F2-4950-48CF-ABA3-F0026B05BCE8}) (Version: 8.05.1054 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM-x32\...\{95150000-0052-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Navigo Font Fix (x32 Version: 1.0 - KPMG) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.20 - )
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Oracle Database Client (HKLM-x32\...\{77EA4248-84D1-4967-841B-8A7B03FE0DC5}) (Version: 10.2 - Oracle)
OracleDatabaseClient10g_Patch (HKLM-x32\...\{7066E410-F7B0-4F56-AFC5-2679ED19816C}) (Version: 5699495 - Oracle)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.54 - )
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.34 - Remo Software)
SAP Active Components Framework (HKLM-x32\...\SAPACF) (Version:  - SAP AG)
SAP Active Components Framework for Adobe (HKLM-x32\...\SAPACF_ADOBE) (Version:  - SAP AG)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)
SAP Channel Encryption (HKLM-x32\...\SAP Channel Encryption) (Version:  - SAP AG)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)
SAP LicenseUpdate (HKLM-x32\...\{EE574B30-921A-49D5-B169-37B16034AE13}) (Version: 2.0 - SAP)
Screensaver (HKLM\...\{374EB319-B146-4AC3-9AB9-077B3D87C5EE}) (Version: 199.0 - KPMG)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SSE Word V10.1  (HKLM-x32\...\{FF914837-19EE-4536-ABAF-4B7AF7082A67}) (Version: 10.1 - KPMG)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Symantec Endpoint Protection (HKLM\...\{60171618-BEB9-4E89-AA7B-43AD32A3EC05}) (Version: 12.1.4100.4126 - Symantec Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.0 - )
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-08-2015 15:13:19 Scheduled Checkpoint
18-08-2015 11:08:37 Scheduled Checkpoint
26-08-2015 00:00:01 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3AA0B803-49C5-42C4-AC70-C8F2FB2A9B88} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {3C2F6DD3-AA5E-43F5-98CF-98491C05BAD5} - System32\Tasks\{C6F69DA9-4DDF-4749-A657-1E2F85671EBE} => H:\Malwarebytes Anti-Malware\explorer.exe
Task: {3D584A4A-65C7-4FB2-839C-D731C7464FA3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {4826163F-BA80-4058-A39E-15F1741FDFA1} - System32\Tasks\{613B6B0E-AEEF-4A31-ACA6-EC8529389BCB} => H:\Malwarebytes Anti-Malware\mbam.exe
Task: {59556A1A-7ECF-4056-8FFB-B92BF96079E3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-04-23] (Lenovo Group Limited)
Task: {5C4321F1-E40D-470E-8024-ECE0754E312E} - System32\Tasks\SEP Exclusion DMS => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)
Task: {610DB703-2F82-4ACD-BD0A-E885D6A1C2F7} - System32\Tasks\KPMG\Run SCCM Evaluation Cycles => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)
Task: {62C3E5C6-F4CB-4650-81BE-D35162381E3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {994DB96E-B612-453D-96B6-78C29922C016} - System32\Tasks\{F9C5F5A8-8A2E-4376-B1CB-54C4CD7E40DD} => H:\Malwarebytes Anti-Malware\mbam.exe
Task: {9CBFF508-DDB4-446C-9A6E-DA5CCDD7DA22} - System32\Tasks\KPMG\Office 2013 Cleanup PST Backup => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)
Task: {A4687E7A-ED8A-44FD-A7D4-26BB8BBD6E6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {AE3C686D-69CE-475D-8D82-9C5C7B180C8B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B6438894-F19A-4D79-B184-F9CF48BC5843} - System32\Tasks\KPMG\Logon UI Reset => C:\windows\System32\WindowsPowerShell\v1.0\\Powershell.exe [2013-09-27] (Microsoft Corporation)
Task: {C1CB5D29-CCE6-4FC3-914C-47C1FA03392D} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {C6951FA7-1310-41AD-889B-B1CA39A46F5C} - System32\Tasks\KPMG\Upload Office 2013 Upgrade Status => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)
Task: {CEC74C90-FC26-403F-AD69-B339A76FAB39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E53C3CE3-DB7E-46EA-9ADF-E9C31F126FC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E770AADA-C8DB-4031-ADBC-59AF1F81EA8B} - System32\Tasks\{5FBED348-EDCB-4505-ABCC-D9F67F35988E} => pcalua.exe -a G:\Setup.exe -d G:\
Task: {F53427EC-8628-492B-B59A-C77B711DB372} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F7B21844-D5FB-4968-98FD-8DC76AAE303F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-10] (Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-22 04:07 - 2014-01-22 04:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-26 15:38 - 2013-04-23 06:54 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-08-30 18:45 - 2012-08-24 19:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2015-08-21 11:33 - 2015-08-18 06:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 11:33 - 2015-08-18 06:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Control Panel\Desktop\\Wallpaper -> C:\Users\Spettipiece\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2015 10:20:05 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:19:39 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:18:37 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:17:08 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:16:23 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/30/2015 08:04:52 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/30/2015 07:53:07 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/30/2015 07:36:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 07:36:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (08/31/2015 09:31:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (08/31/2015 09:31:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/31/2015 09:29:21 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: UK)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/31/2015 09:29:03 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain UK due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/31/2015 09:29:02 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (08/30/2015 08:04:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/30/2015 08:04:50 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain UK due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/30/2015 08:04:49 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (08/30/2015 07:55:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office:
=========================
Error: (08/31/2015 10:20:05 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:19:39 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:18:37 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:17:08 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 10:16:23 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/30/2015 08:04:52 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/30/2015 07:53:07 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/30/2015 07:36:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Users\Spettipiece\Desktop\Anti malware\AVAST Software\Avast\aswChLic.exe
 
Error: (08/30/2015 07:36:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Users\Spettipiece\Desktop\Anti malware\AVAST Software\Avast\aswAraSr.exe
 
 
CodeIntegrity:
===================================
  Date: 2015-08-31 09:29:29.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-30 19:53:22.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-30 19:09:56.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 13:43:17.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 11:43:57.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 10:19:09.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 09:21:25.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 09:04:33.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 08:39:43.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-27 19:43:39.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-3667U CPU @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 7888.91 MB
Available physical RAM: 5179.53 MB
Total Virtual: 15776.02 MB
Available Virtual: 13118.74 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:200.62 GB) (Free:59.1 GB) NTFS
Drive d: (KDrive) (Fixed) (Total:22.36 GB) (Free:14.82 GB) NTFS
Drive e: (FixMeStick) (Removable) (Total:0.04 GB) (Free:0 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D3B106EF)
Partition 1: (Not Active) - (Size=200.6 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=600 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 00041F1F)
Partition 1: (Not Active) - (Size=45 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=352 MB) - (Type=83)
Partition 3: (Not Active) - (Size=416 MB) - (Type=83)
 
==================== End of Addition.txt ============================
 
 

 

 

 

 

Please help urgently, I need to work tomorrow and need to have the problem resolved by then! Let me know of anything I should do or anything you can do to help.

 

Thanks

Sane

Link to post
Share on other sites
  • Staff

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


Is this Enterprise/Business computer? Do you have MalwareBytes subscription?


Link to post
Share on other sites

Yes, this is a work (ie enterprise / business) computer.

I have simply downloaded malwarebytes anti malware free version recently, and tried to install it and use it after my laptop got the malware.

My usual anti virus software is Symantec endpoint protection.

Please let me know if you need anything else.

Thanks

Sane

Link to post
Share on other sites
  • Staff

I do not provide free help for enterprise machines.

Also, this isn't in accordance with MalwareBytes EULA:
 
Quote

(b) Free License. If you are using a free version of the Software, then conditioned upon your compliance with the terms and conditions of this Agreement, Malwarebytes grants you a non-exclusive and non-transferable license to Execute (as defined herein) a single copy of the Software solely in executable form on a single computer or virtual machine (a “Computer”), solely for your personal, non-commercial purposes (i.e., not on Computers used in a business).

 
MalwareBytes EULA
 
How can I legally use Malwarebytes Anti-Malware in my Business or Corporate environment (including Government, Education, & Non-Profit)?

Link to post
Share on other sites
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.