|
Alles rund um Windows: Rundll-FehlerWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
19.02.2015, 17:11 | #1 |
| Problem: Rundll-Fehler Hallo, seit einiger Zeit erhalte ich beim Starten meines Computers folgende Fehlermeldung: Probleme beim Starten von C:/ProgrammFiles(x86)/ThinkPad/Utilities/PWMTR64V.dll Vielleicht kann mir jemand helfen und mir erklären wie ich diese nervige Meldung wieder los werde. Hab es schon mit Anti-Malware und Adwcleaner versucht, leider ohne Erfolg. |
19.02.2015, 17:34 | #2 |
/// the machine /// TB-Ausbilder | Rundll-Fehler Anleitung / Hilfe hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
19.02.2015, 18:19 | #3 |
| Rundll-Fehler Details FRST Logfile:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by thomas (administrator) on HEIKE on 19-02-2015 17:59:30 Running from C:\Users\thomas\Downloads Loaded Profiles: thomas (Available profiles: thomas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exeScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by thomas (administrator) on HEIKE on 19-02-2015 17:59:30 Running from C:\Users\thomas\Downloads Loaded Profiles: thomas (Available profiles: thomas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.) HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-09-11] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4277000 2012-11-08] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.searchnu.com/406?shad=s_0012 CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406?shad=s_0012" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16] CHR Extension: (AdBlock) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05] CHR Extension: (iGraal) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2014-06-22] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16] CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08] CHR Extension: (Google Sheets) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Website Logon) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08] CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [50440 2012-11-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [469496 2013-09-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-11-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 17:59 - 2015-02-19 17:59 - 00021942 _____ () C:\Users\thomas\Downloads\FRST.txt 2015-02-19 17:59 - 2015-02-19 17:59 - 00000000 ____D () C:\FRST 2015-02-19 17:58 - 2015-02-19 17:58 - 02086912 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe 2015-02-19 17:57 - 2015-02-19 17:57 - 01126400 _____ (Farbar) C:\Users\thomas\Downloads\FRST.exe 2015-02-17 17:33 - 2015-02-17 17:33 - 02112512 _____ () C:\Users\thomas\Downloads\AdwCleaner_4.110 (2).exe 2015-02-17 16:51 - 2015-02-17 16:51 - 00000615 _____ () C:\Users\thomas\Desktop\JRT.txt 2015-02-17 16:46 - 2015-02-17 16:46 - 01388274 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe 2015-02-17 16:18 - 2015-02-19 17:36 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 16:18 - 2015-02-17 16:18 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-17 16:17 - 2015-02-17 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\thomas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-17 16:06 - 2015-02-19 17:24 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\thomas\Documents\Simply Super Software 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Licenses 2015-02-17 16:05 - 2015-02-17 16:05 - 00001166 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2015-02-17 16:03 - 2015-02-17 16:03 - 31390952 _____ (Simply Super Software ) C:\Users\thomas\Downloads\trjsetup691.exe 2015-02-15 10:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-15 10:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-11 09:02 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 09:02 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 09:02 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 09:02 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 09:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 09:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 09:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 09:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 09:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 09:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 09:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 09:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 09:02 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 09:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 09:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 09:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 09:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 09:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 09:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 09:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 09:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 09:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 09:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 09:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 09:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 09:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 09:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 09:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 09:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 09:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 09:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 09:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-08 11:06 - 2015-02-08 11:07 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110 (1).exe 2015-02-08 11:06 - 2015-02-08 11:06 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110.exe 2015-02-05 11:21 - 2015-02-05 11:21 - 02194432 _____ () C:\Users\thomas\Downloads\AdwCleaner09.exe 2015-02-03 12:20 - 2015-02-03 12:20 - 00000265 _____ () C:\Users\thomas\Downloads\default.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-19 17:54 - 2013-03-16 12:42 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-19 17:53 - 2014-10-21 11:34 - 02007637 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-19 17:18 - 2014-01-12 19:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-19 16:40 - 2014-10-26 13:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2BBB3467-D78A-43A0-81C8-5FE42E4B29E4} 2015-02-19 10:31 - 2013-08-22 15:46 - 00309529 _____ () C:\WINDOWS\setupact.log 2015-02-19 10:24 - 2014-03-05 17:43 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-19 10:21 - 2013-03-16 12:42 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 17:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-17 17:36 - 2014-09-23 22:06 - 00009586 _____ () C:\WINDOWS\PFRO.log 2015-02-17 17:35 - 2014-10-05 11:36 - 00000000 ____D () C:\AdwCleaner 2015-02-17 17:08 - 2013-01-17 00:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4158680686-2930621255-3558292762-1001 2015-02-17 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System 2015-02-17 16:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-17 16:41 - 2014-09-28 17:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\com 2015-02-17 16:41 - 2014-03-05 18:02 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro 2015-02-16 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-15 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-15 11:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-15 10:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-13 16:47 - 2013-08-22 15:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-13 15:56 - 2014-03-06 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-13 15:54 - 2013-08-18 11:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-13 15:49 - 2013-01-23 17:33 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 15:46 - 2014-12-11 19:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-13 15:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-10 09:32 - 2014-10-05 14:11 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for thomas.job 2015-02-06 13:49 - 2013-03-16 12:42 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:49 - 2013-03-16 12:42 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 11:31 - 2014-09-07 15:55 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile 2015-02-05 11:18 - 2014-01-12 19:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 05:53 - 2012-11-02 22:49 - 00686228 _____ () C:\WINDOWS\DPINST.LOG 2015-01-22 05:52 - 2012-11-02 22:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2014-04-06 13:57 - 2012-05-15 09:33 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi 2014-04-06 12:11 - 2014-02-03 17:38 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi 2013-01-17 00:19 - 2013-01-30 20:55 - 0002753 _____ () C:\Users\thomas\AppData\Roaming\AbsoluteReminder.xml 2013-03-05 16:48 - 2013-03-05 16:48 - 0528724 _____ () C:\ProgramData\1362498253.bdinstall.bin 2014-03-05 18:20 - 2014-03-05 18:20 - 0233315 _____ () C:\ProgramData\1394039910.bdinstall.bin 2012-11-02 23:15 - 2014-04-27 15:10 - 0391608 _____ () C:\ProgramData\MH_ErrorLog.txt Some content of TEMP: ==================== C:\Users\thomas\AppData\Local\Temp\Quarantine.exe C:\Users\thomas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 17:49 ==================== End Of Log ============================ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.) HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-09-11] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4277000 2012-11-08] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.searchnu.com/406?shad=s_0012 CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406?shad=s_0012" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16] CHR Extension: (AdBlock) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05] CHR Extension: (iGraal) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2014-06-22] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16] CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08] CHR Extension: (Google Sheets) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Website Logon) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08] CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [50440 2012-11-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [469496 2013-09-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-11-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 17:59 - 2015-02-19 17:59 - 00021942 _____ () C:\Users\thomas\Downloads\FRST.txt 2015-02-19 17:59 - 2015-02-19 17:59 - 00000000 ____D () C:\FRST 2015-02-19 17:58 - 2015-02-19 17:58 - 02086912 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe 2015-02-19 17:57 - 2015-02-19 17:57 - 01126400 _____ (Farbar) C:\Users\thomas\Downloads\FRST.exe 2015-02-17 17:33 - 2015-02-17 17:33 - 02112512 _____ () C:\Users\thomas\Downloads\AdwCleaner_4.110 (2).exe 2015-02-17 16:51 - 2015-02-17 16:51 - 00000615 _____ () C:\Users\thomas\Desktop\JRT.txt 2015-02-17 16:46 - 2015-02-17 16:46 - 01388274 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe 2015-02-17 16:18 - 2015-02-19 17:36 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 16:18 - 2015-02-17 16:18 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-17 16:17 - 2015-02-17 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\thomas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-17 16:06 - 2015-02-19 17:24 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\thomas\Documents\Simply Super Software 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Licenses 2015-02-17 16:05 - 2015-02-17 16:05 - 00001166 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2015-02-17 16:03 - 2015-02-17 16:03 - 31390952 _____ (Simply Super Software ) C:\Users\thomas\Downloads\trjsetup691.exe 2015-02-15 10:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-15 10:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-11 09:02 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 09:02 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 09:02 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 09:02 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 09:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 09:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 09:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 09:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 09:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 09:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 09:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 09:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 09:02 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 09:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 09:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 09:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 09:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 09:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 09:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 09:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 09:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 09:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 09:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 09:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 09:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 09:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 09:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 09:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 09:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 09:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 09:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 09:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-08 11:06 - 2015-02-08 11:07 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110 (1).exe 2015-02-08 11:06 - 2015-02-08 11:06 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110.exe 2015-02-05 11:21 - 2015-02-05 11:21 - 02194432 _____ () C:\Users\thomas\Downloads\AdwCleaner09.exe 2015-02-03 12:20 - 2015-02-03 12:20 - 00000265 _____ () C:\Users\thomas\Downloads\default.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-19 17:54 - 2013-03-16 12:42 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-19 17:53 - 2014-10-21 11:34 - 02007637 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-19 17:18 - 2014-01-12 19:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-19 16:40 - 2014-10-26 13:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2BBB3467-D78A-43A0-81C8-5FE42E4B29E4} 2015-02-19 10:31 - 2013-08-22 15:46 - 00309529 _____ () C:\WINDOWS\setupact.log 2015-02-19 10:24 - 2014-03-05 17:43 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-19 10:21 - 2013-03-16 12:42 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 17:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-17 17:36 - 2014-09-23 22:06 - 00009586 _____ () C:\WINDOWS\PFRO.log 2015-02-17 17:35 - 2014-10-05 11:36 - 00000000 ____D () C:\AdwCleaner 2015-02-17 17:08 - 2013-01-17 00:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4158680686-2930621255-3558292762-1001 2015-02-17 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System 2015-02-17 16:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-17 16:41 - 2014-09-28 17:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\com 2015-02-17 16:41 - 2014-03-05 18:02 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro 2015-02-16 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-15 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-15 11:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-15 10:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-13 16:47 - 2013-08-22 15:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-13 15:56 - 2014-03-06 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-13 15:54 - 2013-08-18 11:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-13 15:49 - 2013-01-23 17:33 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 15:46 - 2014-12-11 19:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-13 15:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-10 09:32 - 2014-10-05 14:11 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for thomas.job 2015-02-06 13:49 - 2013-03-16 12:42 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:49 - 2013-03-16 12:42 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 11:31 - 2014-09-07 15:55 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile 2015-02-05 11:18 - 2014-01-12 19:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 05:53 - 2012-11-02 22:49 - 00686228 _____ () C:\WINDOWS\DPINST.LOG 2015-01-22 05:52 - 2012-11-02 22:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2014-04-06 13:57 - 2012-05-15 09:33 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi 2014-04-06 12:11 - 2014-02-03 17:38 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi 2013-01-17 00:19 - 2013-01-30 20:55 - 0002753 _____ () C:\Users\thomas\AppData\Roaming\AbsoluteReminder.xml 2013-03-05 16:48 - 2013-03-05 16:48 - 0528724 _____ () C:\ProgramData\1362498253.bdinstall.bin 2014-03-05 18:20 - 2014-03-05 18:20 - 0233315 _____ () C:\ProgramData\1394039910.bdinstall.bin 2012-11-02 23:15 - 2014-04-27 15:10 - 0391608 _____ () C:\ProgramData\MH_ErrorLog.txt Some content of TEMP: ==================== C:\Users\thomas\AppData\Local\Temp\Quarantine.exe C:\Users\thomas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 17:49 ==================== End Of Log ============================ |
19.02.2015, 18:20 | #4 |
| Lösung: Rundll-Fehler FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by thomas (administrator) on HEIKE on 19-02-2015 17:59:30 Running from C:\Users\thomas\Downloads Loaded Profiles: thomas (Available profiles: thomas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exeScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by thomas (administrator) on HEIKE on 19-02-2015 17:59:30 Running from C:\Users\thomas\Downloads Loaded Profiles: thomas (Available profiles: thomas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.) HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-09-11] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4277000 2012-11-08] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.searchnu.com/406?shad=s_0012 CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406?shad=s_0012" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16] CHR Extension: (AdBlock) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05] CHR Extension: (iGraal) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2014-06-22] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16] CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08] CHR Extension: (Google Sheets) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Website Logon) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08] CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [50440 2012-11-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [469496 2013-09-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-11-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 17:59 - 2015-02-19 17:59 - 00021942 _____ () C:\Users\thomas\Downloads\FRST.txt 2015-02-19 17:59 - 2015-02-19 17:59 - 00000000 ____D () C:\FRST 2015-02-19 17:58 - 2015-02-19 17:58 - 02086912 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe 2015-02-19 17:57 - 2015-02-19 17:57 - 01126400 _____ (Farbar) C:\Users\thomas\Downloads\FRST.exe 2015-02-17 17:33 - 2015-02-17 17:33 - 02112512 _____ () C:\Users\thomas\Downloads\AdwCleaner_4.110 (2).exe 2015-02-17 16:51 - 2015-02-17 16:51 - 00000615 _____ () C:\Users\thomas\Desktop\JRT.txt 2015-02-17 16:46 - 2015-02-17 16:46 - 01388274 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe 2015-02-17 16:18 - 2015-02-19 17:36 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 16:18 - 2015-02-17 16:18 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-17 16:17 - 2015-02-17 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\thomas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-17 16:06 - 2015-02-19 17:24 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\thomas\Documents\Simply Super Software 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Licenses 2015-02-17 16:05 - 2015-02-17 16:05 - 00001166 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2015-02-17 16:03 - 2015-02-17 16:03 - 31390952 _____ (Simply Super Software ) C:\Users\thomas\Downloads\trjsetup691.exe 2015-02-15 10:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-15 10:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-11 09:02 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 09:02 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 09:02 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 09:02 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 09:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 09:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 09:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 09:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 09:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 09:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 09:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 09:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 09:02 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 09:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 09:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 09:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 09:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 09:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 09:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 09:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 09:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 09:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 09:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 09:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 09:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 09:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 09:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 09:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 09:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 09:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 09:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 09:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-08 11:06 - 2015-02-08 11:07 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110 (1).exe 2015-02-08 11:06 - 2015-02-08 11:06 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110.exe 2015-02-05 11:21 - 2015-02-05 11:21 - 02194432 _____ () C:\Users\thomas\Downloads\AdwCleaner09.exe 2015-02-03 12:20 - 2015-02-03 12:20 - 00000265 _____ () C:\Users\thomas\Downloads\default.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-19 17:54 - 2013-03-16 12:42 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-19 17:53 - 2014-10-21 11:34 - 02007637 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-19 17:18 - 2014-01-12 19:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-19 16:40 - 2014-10-26 13:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2BBB3467-D78A-43A0-81C8-5FE42E4B29E4} 2015-02-19 10:31 - 2013-08-22 15:46 - 00309529 _____ () C:\WINDOWS\setupact.log 2015-02-19 10:24 - 2014-03-05 17:43 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-19 10:21 - 2013-03-16 12:42 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 17:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-17 17:36 - 2014-09-23 22:06 - 00009586 _____ () C:\WINDOWS\PFRO.log 2015-02-17 17:35 - 2014-10-05 11:36 - 00000000 ____D () C:\AdwCleaner 2015-02-17 17:08 - 2013-01-17 00:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4158680686-2930621255-3558292762-1001 2015-02-17 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System 2015-02-17 16:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-17 16:41 - 2014-09-28 17:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\com 2015-02-17 16:41 - 2014-03-05 18:02 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro 2015-02-16 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-15 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-15 11:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-15 10:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-13 16:47 - 2013-08-22 15:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-13 15:56 - 2014-03-06 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-13 15:54 - 2013-08-18 11:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-13 15:49 - 2013-01-23 17:33 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 15:46 - 2014-12-11 19:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-13 15:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-10 09:32 - 2014-10-05 14:11 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for thomas.job 2015-02-06 13:49 - 2013-03-16 12:42 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:49 - 2013-03-16 12:42 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 11:31 - 2014-09-07 15:55 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile 2015-02-05 11:18 - 2014-01-12 19:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 05:53 - 2012-11-02 22:49 - 00686228 _____ () C:\WINDOWS\DPINST.LOG 2015-01-22 05:52 - 2012-11-02 22:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2014-04-06 13:57 - 2012-05-15 09:33 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi 2014-04-06 12:11 - 2014-02-03 17:38 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi 2013-01-17 00:19 - 2013-01-30 20:55 - 0002753 _____ () C:\Users\thomas\AppData\Roaming\AbsoluteReminder.xml 2013-03-05 16:48 - 2013-03-05 16:48 - 0528724 _____ () C:\ProgramData\1362498253.bdinstall.bin 2014-03-05 18:20 - 2014-03-05 18:20 - 0233315 _____ () C:\ProgramData\1394039910.bdinstall.bin 2012-11-02 23:15 - 2014-04-27 15:10 - 0391608 _____ () C:\ProgramData\MH_ErrorLog.txt Some content of TEMP: ==================== C:\Users\thomas\AppData\Local\Temp\Quarantine.exe C:\Users\thomas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 17:49 ==================== End Of Log ============================ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.) HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-09-11] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4277000 2012-11-08] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.searchnu.com/406?shad=s_0012 CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406?shad=s_0012" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16] CHR Extension: (AdBlock) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05] CHR Extension: (iGraal) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2014-06-22] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16] CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08] CHR Extension: (Google Sheets) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Website Logon) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08] CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [50440 2012-11-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [469496 2013-09-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-11-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 17:59 - 2015-02-19 17:59 - 00021942 _____ () C:\Users\thomas\Downloads\FRST.txt 2015-02-19 17:59 - 2015-02-19 17:59 - 00000000 ____D () C:\FRST 2015-02-19 17:58 - 2015-02-19 17:58 - 02086912 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe 2015-02-19 17:57 - 2015-02-19 17:57 - 01126400 _____ (Farbar) C:\Users\thomas\Downloads\FRST.exe 2015-02-17 17:33 - 2015-02-17 17:33 - 02112512 _____ () C:\Users\thomas\Downloads\AdwCleaner_4.110 (2).exe 2015-02-17 16:51 - 2015-02-17 16:51 - 00000615 _____ () C:\Users\thomas\Desktop\JRT.txt 2015-02-17 16:46 - 2015-02-17 16:46 - 01388274 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe 2015-02-17 16:18 - 2015-02-19 17:36 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 16:18 - 2015-02-17 16:18 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-17 16:17 - 2015-02-17 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\thomas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-17 16:06 - 2015-02-19 17:24 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\thomas\Documents\Simply Super Software 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Licenses 2015-02-17 16:05 - 2015-02-17 16:05 - 00001166 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2015-02-17 16:03 - 2015-02-17 16:03 - 31390952 _____ (Simply Super Software ) C:\Users\thomas\Downloads\trjsetup691.exe 2015-02-15 10:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-15 10:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-11 09:02 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 09:02 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 09:02 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 09:02 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 09:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 09:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 09:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 09:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 09:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 09:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 09:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 09:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 09:02 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 09:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 09:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 09:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 09:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 09:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 09:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 09:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 09:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 09:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 09:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 09:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 09:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 09:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 09:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 09:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 09:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 09:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 09:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 09:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-08 11:06 - 2015-02-08 11:07 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110 (1).exe 2015-02-08 11:06 - 2015-02-08 11:06 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110.exe 2015-02-05 11:21 - 2015-02-05 11:21 - 02194432 _____ () C:\Users\thomas\Downloads\AdwCleaner09.exe 2015-02-03 12:20 - 2015-02-03 12:20 - 00000265 _____ () C:\Users\thomas\Downloads\default.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-19 17:54 - 2013-03-16 12:42 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-19 17:53 - 2014-10-21 11:34 - 02007637 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-19 17:18 - 2014-01-12 19:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-19 16:40 - 2014-10-26 13:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2BBB3467-D78A-43A0-81C8-5FE42E4B29E4} 2015-02-19 10:31 - 2013-08-22 15:46 - 00309529 _____ () C:\WINDOWS\setupact.log 2015-02-19 10:24 - 2014-03-05 17:43 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-19 10:21 - 2013-03-16 12:42 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 17:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-17 17:36 - 2014-09-23 22:06 - 00009586 _____ () C:\WINDOWS\PFRO.log 2015-02-17 17:35 - 2014-10-05 11:36 - 00000000 ____D () C:\AdwCleaner 2015-02-17 17:08 - 2013-01-17 00:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4158680686-2930621255-3558292762-1001 2015-02-17 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System 2015-02-17 16:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-17 16:41 - 2014-09-28 17:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\com 2015-02-17 16:41 - 2014-03-05 18:02 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro 2015-02-16 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-15 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-15 11:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-15 10:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-13 16:47 - 2013-08-22 15:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-13 15:56 - 2014-03-06 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-13 15:54 - 2013-08-18 11:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-13 15:49 - 2013-01-23 17:33 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 15:46 - 2014-12-11 19:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-13 15:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-10 09:32 - 2014-10-05 14:11 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for thomas.job 2015-02-06 13:49 - 2013-03-16 12:42 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:49 - 2013-03-16 12:42 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 11:31 - 2014-09-07 15:55 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile 2015-02-05 11:18 - 2014-01-12 19:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 05:53 - 2012-11-02 22:49 - 00686228 _____ () C:\WINDOWS\DPINST.LOG 2015-01-22 05:52 - 2012-11-02 22:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2014-04-06 13:57 - 2012-05-15 09:33 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi 2014-04-06 12:11 - 2014-02-03 17:38 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi 2013-01-17 00:19 - 2013-01-30 20:55 - 0002753 _____ () C:\Users\thomas\AppData\Roaming\AbsoluteReminder.xml 2013-03-05 16:48 - 2013-03-05 16:48 - 0528724 _____ () C:\ProgramData\1362498253.bdinstall.bin 2014-03-05 18:20 - 2014-03-05 18:20 - 0233315 _____ () C:\ProgramData\1394039910.bdinstall.bin 2012-11-02 23:15 - 2014-04-27 15:10 - 0391608 _____ () C:\ProgramData\MH_ErrorLog.txt Some content of TEMP: ==================== C:\Users\thomas\AppData\Local\Temp\Quarantine.exe C:\Users\thomas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 17:49 ==================== End Of Log ============================ |
20.02.2015, 07:32 | #5 |
/// the machine /// TB-Ausbilder | Wie Rundll-Fehler Addition.txt fehlt noch. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.02.2015, 10:53 | #6 |
| Wo Rundll-Fehler Lösung! [CODE][/C FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by thomas (administrator) on HEIKE on 19-02-2015 17:59:30 Running from C:\Users\thomas\Downloads Loaded Profiles: thomas (Available profiles: thomas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exeScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by thomas (administrator) on HEIKE on 19-02-2015 17:59:30 Running from C:\Users\thomas\Downloads Loaded Profiles: thomas (Available profiles: thomas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.) HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-09-11] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4277000 2012-11-08] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.searchnu.com/406?shad=s_0012 CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406?shad=s_0012" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16] CHR Extension: (AdBlock) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05] CHR Extension: (iGraal) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2014-06-22] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16] CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08] CHR Extension: (Google Sheets) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Website Logon) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08] CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [50440 2012-11-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [469496 2013-09-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-11-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 17:59 - 2015-02-19 17:59 - 00021942 _____ () C:\Users\thomas\Downloads\FRST.txt 2015-02-19 17:59 - 2015-02-19 17:59 - 00000000 ____D () C:\FRST 2015-02-19 17:58 - 2015-02-19 17:58 - 02086912 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe 2015-02-19 17:57 - 2015-02-19 17:57 - 01126400 _____ (Farbar) C:\Users\thomas\Downloads\FRST.exe 2015-02-17 17:33 - 2015-02-17 17:33 - 02112512 _____ () C:\Users\thomas\Downloads\AdwCleaner_4.110 (2).exe 2015-02-17 16:51 - 2015-02-17 16:51 - 00000615 _____ () C:\Users\thomas\Desktop\JRT.txt 2015-02-17 16:46 - 2015-02-17 16:46 - 01388274 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe 2015-02-17 16:18 - 2015-02-19 17:36 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 16:18 - 2015-02-17 16:18 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-17 16:17 - 2015-02-17 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\thomas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-17 16:06 - 2015-02-19 17:24 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\thomas\Documents\Simply Super Software 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Licenses 2015-02-17 16:05 - 2015-02-17 16:05 - 00001166 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2015-02-17 16:03 - 2015-02-17 16:03 - 31390952 _____ (Simply Super Software ) C:\Users\thomas\Downloads\trjsetup691.exe 2015-02-15 10:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-15 10:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-11 09:02 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 09:02 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 09:02 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 09:02 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 09:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 09:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 09:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 09:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 09:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 09:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 09:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 09:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 09:02 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 09:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 09:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 09:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 09:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 09:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 09:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 09:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 09:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 09:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 09:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 09:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 09:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 09:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 09:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 09:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 09:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 09:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 09:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 09:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-08 11:06 - 2015-02-08 11:07 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110 (1).exe 2015-02-08 11:06 - 2015-02-08 11:06 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110.exe 2015-02-05 11:21 - 2015-02-05 11:21 - 02194432 _____ () C:\Users\thomas\Downloads\AdwCleaner09.exe 2015-02-03 12:20 - 2015-02-03 12:20 - 00000265 _____ () C:\Users\thomas\Downloads\default.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-19 17:54 - 2013-03-16 12:42 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-19 17:53 - 2014-10-21 11:34 - 02007637 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-19 17:18 - 2014-01-12 19:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-19 16:40 - 2014-10-26 13:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2BBB3467-D78A-43A0-81C8-5FE42E4B29E4} 2015-02-19 10:31 - 2013-08-22 15:46 - 00309529 _____ () C:\WINDOWS\setupact.log 2015-02-19 10:24 - 2014-03-05 17:43 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-19 10:21 - 2013-03-16 12:42 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 17:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-17 17:36 - 2014-09-23 22:06 - 00009586 _____ () C:\WINDOWS\PFRO.log 2015-02-17 17:35 - 2014-10-05 11:36 - 00000000 ____D () C:\AdwCleaner 2015-02-17 17:08 - 2013-01-17 00:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4158680686-2930621255-3558292762-1001 2015-02-17 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System 2015-02-17 16:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-17 16:41 - 2014-09-28 17:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\com 2015-02-17 16:41 - 2014-03-05 18:02 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro 2015-02-16 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-15 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-15 11:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-15 10:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-13 16:47 - 2013-08-22 15:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-13 15:56 - 2014-03-06 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-13 15:54 - 2013-08-18 11:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-13 15:49 - 2013-01-23 17:33 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 15:46 - 2014-12-11 19:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-13 15:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-10 09:32 - 2014-10-05 14:11 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for thomas.job 2015-02-06 13:49 - 2013-03-16 12:42 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:49 - 2013-03-16 12:42 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 11:31 - 2014-09-07 15:55 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile 2015-02-05 11:18 - 2014-01-12 19:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 05:53 - 2012-11-02 22:49 - 00686228 _____ () C:\WINDOWS\DPINST.LOG 2015-01-22 05:52 - 2012-11-02 22:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2014-04-06 13:57 - 2012-05-15 09:33 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi 2014-04-06 12:11 - 2014-02-03 17:38 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi 2013-01-17 00:19 - 2013-01-30 20:55 - 0002753 _____ () C:\Users\thomas\AppData\Roaming\AbsoluteReminder.xml 2013-03-05 16:48 - 2013-03-05 16:48 - 0528724 _____ () C:\ProgramData\1362498253.bdinstall.bin 2014-03-05 18:20 - 2014-03-05 18:20 - 0233315 _____ () C:\ProgramData\1394039910.bdinstall.bin 2012-11-02 23:15 - 2014-04-27 15:10 - 0391608 _____ () C:\ProgramData\MH_ErrorLog.txt Some content of TEMP: ==================== C:\Users\thomas\AppData\Local\Temp\Quarantine.exe C:\Users\thomas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 17:49 ==================== End Of Log ============================ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.) HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-09-11] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro) HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4277000 2012-11-08] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.searchnu.com/406?shad=s_0012 CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406?shad=s_0012" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File CHR Plugin: (TrueSuite) - C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll (AuthenTec, Inc) CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16] CHR Extension: (AdBlock) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05] CHR Extension: (iGraal) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2014-06-22] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16] CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08] CHR Extension: (Google Docs) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] CHR Extension: (Google Drive) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08] CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08] CHR Extension: (Google Search) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08] CHR Extension: (Google Sheets) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08] CHR Extension: (Website Logon) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08] CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 intelsba; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [50440 2012-11-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [469496 2013-09-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-11-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 17:59 - 2015-02-19 17:59 - 00021942 _____ () C:\Users\thomas\Downloads\FRST.txt 2015-02-19 17:59 - 2015-02-19 17:59 - 00000000 ____D () C:\FRST 2015-02-19 17:58 - 2015-02-19 17:58 - 02086912 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe 2015-02-19 17:57 - 2015-02-19 17:57 - 01126400 _____ (Farbar) C:\Users\thomas\Downloads\FRST.exe 2015-02-17 17:33 - 2015-02-17 17:33 - 02112512 _____ () C:\Users\thomas\Downloads\AdwCleaner_4.110 (2).exe 2015-02-17 16:51 - 2015-02-17 16:51 - 00000615 _____ () C:\Users\thomas\Desktop\JRT.txt 2015-02-17 16:46 - 2015-02-17 16:46 - 01388274 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe 2015-02-17 16:18 - 2015-02-19 17:36 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 16:18 - 2015-02-17 16:18 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-17 16:18 - 2015-02-17 16:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-17 16:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-17 16:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-17 16:17 - 2015-02-17 16:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\thomas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-17 16:06 - 2015-02-19 17:24 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\thomas\Documents\Simply Super Software 2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Licenses 2015-02-17 16:05 - 2015-02-17 16:05 - 00001166 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-02-17 16:05 - 2015-02-17 16:05 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2015-02-17 16:03 - 2015-02-17 16:03 - 31390952 _____ (Simply Super Software ) C:\Users\thomas\Downloads\trjsetup691.exe 2015-02-15 10:39 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-15 10:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-11 09:02 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 09:02 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 09:02 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 09:02 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 09:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 09:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 09:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 09:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 09:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 09:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 09:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 09:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 09:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 09:02 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 09:02 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 09:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 09:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 09:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 09:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 09:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 09:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 09:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 09:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 09:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 09:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 09:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 09:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 09:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 09:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 09:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 09:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 09:01 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 09:01 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 09:01 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 09:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 09:01 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 09:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 09:01 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 09:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 09:01 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 09:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 09:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 09:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 09:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 09:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 09:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 09:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 09:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-08 11:06 - 2015-02-08 11:07 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110 (1).exe 2015-02-08 11:06 - 2015-02-08 11:06 - 02112512 _____ () C:\Users\thomas\Downloads\adwcleaner_4.110.exe 2015-02-05 11:21 - 2015-02-05 11:21 - 02194432 _____ () C:\Users\thomas\Downloads\AdwCleaner09.exe 2015-02-03 12:20 - 2015-02-03 12:20 - 00000265 _____ () C:\Users\thomas\Downloads\default.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-19 17:54 - 2013-03-16 12:42 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-19 17:53 - 2014-10-21 11:34 - 02007637 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-19 17:18 - 2014-01-12 19:50 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-19 16:40 - 2014-10-26 13:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2BBB3467-D78A-43A0-81C8-5FE42E4B29E4} 2015-02-19 10:31 - 2013-08-22 15:46 - 00309529 _____ () C:\WINDOWS\setupact.log 2015-02-19 10:24 - 2014-03-05 17:43 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-19 10:21 - 2013-03-16 12:42 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 17:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-17 17:36 - 2014-09-23 22:06 - 00009586 _____ () C:\WINDOWS\PFRO.log 2015-02-17 17:35 - 2014-10-05 11:36 - 00000000 ____D () C:\AdwCleaner 2015-02-17 17:08 - 2013-01-17 00:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4158680686-2930621255-3558292762-1001 2015-02-17 16:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System 2015-02-17 16:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-17 16:41 - 2014-09-28 17:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\com 2015-02-17 16:41 - 2014-03-05 18:02 - 00000000 ____D () C:\Program Files\Revo Uninstaller Pro 2015-02-16 13:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-15 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-15 11:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-15 10:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-13 16:47 - 2013-08-22 15:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-13 15:56 - 2014-03-06 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-13 15:54 - 2013-08-18 11:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-13 15:49 - 2013-01-23 17:33 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 15:46 - 2014-12-11 19:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-13 15:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-10 09:32 - 2014-10-05 14:11 - 00000466 ____H () C:\WINDOWS\Tasks\Norton Security Scan for thomas.job 2015-02-06 13:49 - 2013-03-16 12:42 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:49 - 2013-03-16 12:42 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 11:31 - 2014-09-07 15:55 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile 2015-02-05 11:18 - 2014-01-12 19:50 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 05:53 - 2012-11-02 22:49 - 00686228 _____ () C:\WINDOWS\DPINST.LOG 2015-01-22 05:52 - 2012-11-02 22:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2014-04-06 13:57 - 2012-05-15 09:33 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi 2014-04-06 12:11 - 2014-02-03 17:38 - 1456640 _____ () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi 2013-01-17 00:19 - 2013-01-30 20:55 - 0002753 _____ () C:\Users\thomas\AppData\Roaming\AbsoluteReminder.xml 2013-03-05 16:48 - 2013-03-05 16:48 - 0528724 _____ () C:\ProgramData\1362498253.bdinstall.bin 2014-03-05 18:20 - 2014-03-05 18:20 - 0233315 _____ () C:\ProgramData\1394039910.bdinstall.bin 2012-11-02 23:15 - 2014-04-27 15:10 - 0391608 _____ () C:\ProgramData\MH_ErrorLog.txt Some content of TEMP: ==================== C:\Users\thomas\AppData\Local\Temp\Quarantine.exe C:\Users\thomas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 17:49 ==================== End Of Log ============================ODE] |
20.02.2015, 14:27 | #7 |
/// the machine /// TB-Ausbilder | Rundll-Fehler FRST öffnen, Haken setzen bei Addition und scannen, poste bitte nur die Addition.txt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.02.2015, 15:08 | #8 |
| Rundll-Fehler [CODE][/COAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01 Ran by thomas at 2015-02-20 15:05:06 Running from C:\Users\thomas\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG update module (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.12.3042.71515 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.12.3042.71515 - Alcor Micro Corp.) Hidden AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies) AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.26 - Broadcom Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden INCEPTION SCREENSAVER (HKLM-x32\...\INCEPTION SCREENSAVER) (Version: - ) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.32 - ) Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.0 - Lenovo Group Limited) Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.07 - ) Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0025 - Lenovo Group Limited) Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.2.2.0 - Lenovo Corporation) Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.10 - Lenovo Group Limited) Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.1.35 - Lenovo Group Limited) Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 1.2.0.82 - Lenovo) Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.4 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited) Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 1.1.27.5565 - Intel(R) Corporation) Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 1.1.0004.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0007.00 - Lenovo) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Password Vault (HKLM\...\{1CACE706-D749-44CA-BBFE-AF60946D1B18}) (Version: 6.0.200.75 - AuthenTec, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation) Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) Windows-Treiberpaket - Intel Corporation (iaStorA) HDC (07/09/2012 11.5.0.1207) (HKLM\...\D71710885D9974CC7D79FF49E8EFAC772C251FFA) (Version: 07/09/2012 11.5.0.1207 - Intel Corporation) Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4158680686-2930621255-3558292762-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 01-02-2015 09:21:27 Windows Update 05-02-2015 11:29:34 Revo Uninstaller Pro's restore point - Sony PC Companion 2.10.245 10-02-2015 12:45:17 Revo Uninstaller Pro's restore point - ThinkPad Bluetooth with Enhanced Data Rate Software 13-02-2015 15:43:12 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01D723C7-FF43-4306-A8B3-BA2A915BC381} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] () Task: {26FF27AC-D70C-4E9F-B0AE-D4553BE3E991} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] () Task: {41712307-EECE-45C3-B727-5AF510874DA9} - System32\Tasks\0814avtUpdateInfo => C:\ProgramData\Avg_Update_0814avt\0814avt_AVG-Secure-Search-Update.exe [2014-08-19] () Task: {6953FAC9-F307-4B7D-9B2D-47BCC18AC14D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {899F71D4-015D-477A-B15C-B071BCF0F473} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {95008FAF-64A3-45F4-91BD-A04C334376CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.) Task: {9BCE58B3-E599-492A-9B5B-6F847D212BD2} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor Task: {9C6D6179-A3C3-4E0B-91B5-39101CA0F014} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo) Task: {A09C4A53-F646-4F6F-98DB-79B72828054A} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] () Task: {A760B1ED-5D05-4AA5-849F-88B5B4D39064} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo) Task: {A77A2453-A0F2-44C7-A00C-E2632F5E69B4} - System32\Tasks\Norton Security Scan for thomas => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe Task: {A7F52224-CC4C-47DE-BA80-F7E1DD4CC25A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo) Task: {B08596C6-7E55-4B63-B6AB-717B70C6EB09} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] () Task: {BF2831BE-8858-4BEB-AA36-AD84E9CE57F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.) Task: {E34F27BE-410A-4224-9E6B-61B969D3AE95} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-13] (Microsoft Corporation) Task: {F6227D1D-4F08-48C3-9E6E-D2D4143067F8} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2012-07-12] (Intel Corporation) Task: {FA3A9931-DBAD-4738-9B79-C8AF5CA204EF} - System32\Tasks\FGRun => C:\Users\thomas\AppData\Roaming\pack.exe Task: C:\WINDOWS\Tasks\0814avtUpdateInfo.job => C:\ProgramData\Avg_Update_0814avt\0814avt_AVG-Secure-Search-Update.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Norton Security Scan for thomas.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============== 2012-08-17 10:23 - 2012-08-17 10:23 - 00044408 _____ () C:\Program Files\ThinkPad\Bluetooth Software\BtwLeAPI.dll 2014-10-23 17:30 - 2014-10-23 17:30 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll 2012-08-14 19:35 - 2013-12-11 14:36 - 00468288 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe 2012-08-14 19:35 - 2013-12-11 14:36 - 00013120 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe 2012-08-31 04:44 - 2012-08-31 04:44 - 04622184 _____ () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe 2012-08-31 04:43 - 2012-08-31 04:43 - 01130344 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll 2012-08-31 04:43 - 2012-08-31 04:43 - 00087400 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll 2012-11-02 23:12 - 2013-11-14 14:50 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll 2012-11-02 23:12 - 2013-11-14 14:50 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll 2012-11-02 22:53 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-08-31 04:44 - 2012-08-31 04:44 - 00900456 _____ () C:\Program Files\Lenovo Fingerprint Reader\x86\DataManager.dll 2015-02-20 10:56 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-20 10:56 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-20 10:56 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4158680686-2930621255-3558292762-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\thomas\Pictures\Pitchforktyp.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "DATAMNGR" ==================== Accounts: ============================= Administrator (S-1-5-21-4158680686-2930621255-3558292762-500 - Administrator - Disabled) Gast (S-1-5-21-4158680686-2930621255-3558292762-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4158680686-2930621255-3558292762-1003 - Limited - Enabled) thomas (S-1-5-21-4158680686-2930621255-3558292762-1001 - Administrator - Enabled) => C:\Users\thomas ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (02/20/2015 02:59:55 PM) (Source: NetBT) (EventID: 4319) (User: ) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (02/20/2015 02:59:55 PM) (Source: NetBT) (EventID: 4319) (User: ) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (02/20/2015 02:59:55 PM) (Source: NetBT) (EventID: 4319) (User: ) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (02/20/2015 02:59:55 PM) (Source: NetBT) (EventID: 4319) (User: ) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (02/20/2015 00:50:41 PM) (Source: DCOM) (EventID: 10010) (User: Heike) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/20/2015 10:30:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht. Error: (02/20/2015 10:30:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht. Error: (02/19/2015 06:31:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht. Error: (02/19/2015 06:30:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NcbService erreicht. Error: (02/19/2015 06:30:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WlanSvc erreicht. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz Percentage of memory in use: 63% Total physical RAM: 3854.22 MB Available physical RAM: 1411.43 MB Total Pagefile: 5070.22 MB Available Pagefile: 2389.32 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:452.94 GB) (Free:412.03 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B95DB522) Partition: GPT Partition Type. ==================== End Of Log ============================DE] |
21.02.2015, 09:25 | #9 |
/// the machine /// TB-Ausbilder | Rundll-Fehler Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {9BCE58B3-E599-492A-9B5B-6F847D212BD2} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.02.2015, 12:25 | #10 |
| Rundll-Fehler [gelöst] Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01 Ran by thomas at 2015-02-21 12:21:42 Run:1 Running from C:\Users\thomas\Downloads Loaded Profiles: thomas (Available profiles: thomas) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {9BCE58B3-E599-492A-9B5B-6F847D212BD2} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BCE58B3-E599-492A-9B5B-6F847D212BD2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BCE58B3-E599-492A-9B5B-6F847D212BD2}" => Key deleted successfully. C:\Windows\System32\Tasks\Lenovo\Lenovo Settings Power => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Settings Power" => Key deleted successfully. ==== End of Fixlog 12:21:42 ==== |
21.02.2015, 14:26 | #11 |
/// the machine /// TB-Ausbilder | Rundll-Fehler [gelöst] Kommt die Meldung noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.02.2015, 14:54 | #12 |
| Rundll-Fehler [gelöst] Unglaublich aber wahr :-) !!! Alles funktioniert wieder! Das Wochenende ist gerettet! Vielen Dank dem Profi! Hoffe aber, ich muss dich nie wieder um Hilfe bitten... Tschüß Tommy! |
21.02.2015, 20:14 | #13 |
/// the machine /// TB-Ausbilder | Rundll-Fehler [gelöst] Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Rundll-Fehler |
adwcleaner, anti-malware, arten, beim starten, compu, computers, dll-fehler, einiger, erhalte, erklären, fehlermeldung, folge, folgende, nervige, pwmtr64v.dll, rundll-fehler, starte, starten, versuch, versucht |