Author Topic: Threat has been detected  (Read 45216 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Threat has been detected
« on: June 22, 2015, 09:37:39 PM »
Hi, hope I've posted in the correct place.

I've recently downloaded Avast on to my laptop (it's about 9 months old) as I was just using Windows Defender & Malwarebytes for my protection.  It seemed I was getting lots of malware and would usually just delete them from when they popped up through removing the extension or locating the file in a folder in program files (from the link in developer mode in the extensions bit).  After downloading Avast and running a scan it removed quite a bit of stuff, but now whenever I load up chrome I get the "threat has been detected" sound over and over.  Sometimes it does it straight away, sometimes it stops after a bit.  I've run scans again on Avast and Malwarebytes and it doesn't find anything now that needs removing, but it keeps doing it and I've no idea why.  I don't really use IE but checked if it happened on there and it didn't seem to be, but I only checked for a few minutes.

Should I follow the instructions in this post for help?  (I'm not the most tech savvy so haven't done anything like this before, but I think I should be able to follow them okay).  https://forum.avast.com/index.php?topic=53253.0

If so, I'll run another scan on malwarebytes now and then follow the rest of instructions.

Thanks for any help.
« Last Edit: June 22, 2015, 09:42:13 PM by andyb27 »

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: Threat has been detected
« Reply #1 on: June 22, 2015, 09:38:15 PM »
Hello,


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
« Last Edit: June 22, 2015, 09:51:30 PM by TwinHeadedEagle »
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

REDACTED

  • Guest
Re: Threat has been detected
« Reply #2 on: June 22, 2015, 09:55:08 PM »
Should I just do that one?  Or should I post the log results from a malwarebytes scan (I'm just scanning now again).

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: Threat has been detected
« Reply #3 on: June 22, 2015, 09:55:46 PM »
You can post all scans.
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

REDACTED

  • Guest
Re: Threat has been detected
« Reply #4 on: June 22, 2015, 09:59:45 PM »
No problem. The malwarebytes scan is only 15 minutes in so will post it when it's finished.

REDACTED

  • Guest
Re: Threat has been detected
« Reply #5 on: June 22, 2015, 10:13:54 PM »
Here's the malwarebytes scan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22/06/2015
Scan Time: 20:43:35
Logfile: 22nd June Scan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.22.04
Rootkit Database: v2015.06.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399704
Time Elapsed: 27 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

REDACTED

  • Guest
Re: Threat has been detected
« Reply #6 on: June 22, 2015, 10:18:59 PM »
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Andy (administrator) on ANDYB on 22-06-2015 21:14:38
Running from C:\Users\Andy\Downloads
Loaded Profiles: UpdatusUser & Andy (Available Profiles: UpdatusUser & Andy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Pokki) C:\Users\Andy\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Pokki) C:\Users\Andy\AppData\Local\Pokki\Engine\HostAppService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Andy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe
(Pokki) C:\Users\Andy\AppData\Local\Pokki\Engine\HostAppService.exe
(Dropbox, Inc.) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Spotify Ltd) C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Pokki) C:\Users\Andy\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [392592 2015-03-31] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [683352 2013-06-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2013-12-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-12-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-19] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Run: [Spotify Web Helper] => C:\Users\Andy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Run: [Spotify] => C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Run: [Dropbox Update] => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-19] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3031754157-338325955-3198346124-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3031754157-338325955-3198346124-1002 -> DefaultScope {2ED4361D-AA1D-11E4-82D6-40F02F57C819} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3031754157-338325955-3198346124-1002 -> {2ED4361D-AA1D-11E4-82D6-40F02F57C819} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3031754157-338325955-3198346124-1002 -> {A82FA500-30BE-4ABD-AE23-E7EFE9FA21AA} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-19] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-19] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-20] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3031754157-338325955-3198346124-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3031754157-338325955-3198346124-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-19]


REDACTED

  • Guest
Re: Threat has been detected
« Reply #7 on: June 22, 2015, 10:19:47 PM »
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-20]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-20]
CHR Extension: (Skype Click to Call) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-20]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-19] (Avast Software s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-13] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-19] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-19] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-19] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-19] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-19] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-19] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



REDACTED

  • Guest
Re: Threat has been detected
« Reply #8 on: June 22, 2015, 10:20:26 PM »
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 21:14 - 2015-06-22 21:15 - 00025140 _____ C:\Users\Andy\Downloads\FRST.txt
2015-06-22 20:56 - 2015-06-22 21:14 - 00000000 ____D C:\FRST
2015-06-22 20:56 - 2015-06-22 20:56 - 02109952 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2015-06-19 22:33 - 2015-06-21 22:23 - 00000346 _____ C:\windows\wininit.ini
2015-06-19 21:42 - 2015-06-19 21:42 - 00003200 _____ C:\windows\System32\Tasks\avastBCLRestart_chrome.exe
2015-06-19 18:56 - 2015-06-19 18:56 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-19 18:56 - 2015-06-19 18:56 - 00000000 ____D C:\Users\Andy\AppData\Roaming\AVAST Software
2015-06-19 18:56 - 2015-06-19 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-19 18:55 - 2015-06-19 18:55 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-06-19 18:54 - 2015-06-19 18:54 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-06-19 18:54 - 2015-06-19 18:54 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-06-19 18:54 - 2015-06-19 18:54 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-06-19 18:54 - 2015-06-19 18:54 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys
2015-06-19 18:54 - 2015-06-19 18:54 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-06-19 18:54 - 2015-06-19 18:54 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-06-19 18:54 - 2015-06-19 18:54 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-06-19 18:54 - 2015-06-19 18:54 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys
2015-06-19 18:54 - 2015-06-19 18:54 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-06-19 18:54 - 2015-06-19 18:54 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys
2015-06-19 18:52 - 2015-06-19 18:52 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-19 18:51 - 2015-06-19 18:51 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-19 18:50 - 2015-06-19 18:50 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2015-06-19 18:49 - 2015-06-21 22:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-19 18:49 - 2015-06-21 22:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-19 18:43 - 2015-06-19 18:43 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-19 18:41 - 2015-06-22 20:46 - 00000926 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002UA.job
2015-06-19 18:41 - 2015-06-21 18:46 - 00000874 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002Core.job
2015-06-19 18:41 - 2015-06-19 18:41 - 00003870 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002UA
2015-06-19 18:41 - 2015-06-19 18:41 - 00003490 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002Core
2015-06-19 18:41 - 2015-06-19 18:41 - 00000000 ____D C:\Users\Andy\AppData\Local\Dropbox
2015-06-19 18:41 - 2015-06-19 18:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 20:28 - 2015-06-22 19:01 - 00000000 ____D C:\Users\Andy\AppData\Local\Spotify
2015-06-16 20:28 - 2015-06-16 20:28 - 00001819 _____ C:\Users\Andy\Desktop\Spotify.lnk
2015-06-16 20:28 - 2015-06-16 20:28 - 00001805 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-06-16 20:27 - 2015-06-22 19:05 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Spotify
2015-06-09 19:25 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-09 19:25 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-09 19:25 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-09 19:23 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-09 19:23 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-09 19:23 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-09 19:23 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-09 19:22 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-09 19:22 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-09 19:22 - 2015-05-22 14:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-09 19:22 - 2015-05-21 14:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-09 19:22 - 2015-05-21 14:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-09 19:22 - 2015-05-21 14:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-09 19:22 - 2015-05-21 14:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-09 19:22 - 2015-05-21 14:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-09 19:22 - 2015-05-21 14:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-09 19:22 - 2015-04-16 23:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-09 19:22 - 2015-04-08 23:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-09 19:22 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-09 19:22 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-09 19:13 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-09 19:13 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-09 19:13 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-09 19:13 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-09 19:13 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-09 19:13 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-09 19:13 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-09 19:13 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-09 19:13 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-09 19:13 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-09 19:12 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-09 19:12 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-09 19:12 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-09 19:12 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-09 19:12 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-09 19:12 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-09 19:12 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-09 19:12 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-09 19:12 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-09 19:12 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-09 19:12 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-09 19:12 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-09 19:12 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-09 19:12 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-09 19:12 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-09 19:12 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-09 19:12 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-09 19:12 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-09 19:12 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-09 19:12 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-09 19:12 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-09 19:12 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-09 19:12 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-09 19:12 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-09 19:12 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-09 19:12 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-09 19:12 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-09 19:12 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-09 19:12 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-09 19:12 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-09 19:12 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-09 19:12 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-09 19:12 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-09 19:12 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-09 19:12 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-09 19:12 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-09 19:12 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-09 19:12 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-09 19:12 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-09 19:12 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-09 19:12 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-09 19:12 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-09 19:12 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-09 19:12 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-09 19:12 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-09 19:12 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-09 19:12 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 19:12 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-09 19:12 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-09 19:12 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-09 19:11 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-05 19:21 - 2015-06-08 20:41 - 00000000 ____D C:\Program Files (x86)\CutterMaker
2015-06-05 19:20 - 2015-06-22 19:59 - 00000024 _____ C:\Users\Andy\AppData\Roaming\appdataFr25.bin
2015-06-05 19:20 - 2015-06-08 20:40 - 00000000 ____D C:\Program Files (x86)\Daily Stats for Google Analytics
2015-06-05 19:17 - 2015-06-19 18:58 - 00000000 ____D C:\ProgramData\{656a0fa6-c0e8-de38-656a-a0fa6c0e3e9b}
2015-06-05 19:17 - 2015-06-05 19:17 - 00004096 _____ C:\windows\SysWOW64\ntwdblib.dll
2015-06-01 19:35 - 2015-06-01 19:35 - 00000000 ____D C:\Users\Andy\AppData\Local\GWX
2015-05-23 12:41 - 2015-05-23 12:41 - 00000000 ____D C:\Users\Andy\Documents\mameui


REDACTED

  • Guest
Re: Threat has been detected
« Reply #9 on: June 22, 2015, 10:20:39 PM »
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 21:02 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
2015-06-22 21:01 - 2014-11-19 21:05 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2015-06-22 20:58 - 2014-11-18 21:29 - 00000000 ____D C:\Users\Andy\AppData\Local\Pokki
2015-06-22 20:43 - 2014-11-18 21:52 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 20:43 - 2013-12-13 22:39 - 01507618 _____ C:\windows\WindowsUpdate.log
2015-06-22 20:16 - 2015-05-05 21:01 - 00004956 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ANDYB-Andy AndyB
2015-06-22 20:16 - 2014-11-28 00:55 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieBrowserModeList
2015-06-22 20:16 - 2014-11-25 19:50 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieUserList
2015-06-22 20:16 - 2014-11-25 19:50 - 00000000 __SHD C:\Users\Andy\AppData\Local\EmieSiteList
2015-06-22 19:07 - 2014-11-18 21:39 - 00003910 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F86E7D95-7EBA-4E82-8488-02425C2010A8}
2015-06-22 19:01 - 2014-11-19 21:11 - 00000000 ___RD C:\Users\Andy\Dropbox
2015-06-22 19:01 - 2014-11-19 21:07 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Dropbox
2015-06-22 19:00 - 2014-11-18 23:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-22 18:59 - 2014-11-24 22:02 - 00000526 ____H C:\windows\Tasks\SoftwareProvider-S-394265216.job
2015-06-22 18:59 - 2014-11-22 23:12 - 00000000 __RDO C:\Users\Andy\OneDrive
2015-06-22 18:58 - 2013-08-22 15:46 - 00042777 _____ C:\windows\setupact.log
2015-06-22 18:58 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-21 23:41 - 2013-12-13 23:16 - 00027136 _____ C:\windows\system32\VfService.trf
2015-06-21 22:36 - 2014-11-18 21:37 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3031754157-338325955-3198346124-1002
2015-06-21 22:24 - 2013-10-07 19:23 - 00082576 _____ C:\windows\PFRO.log
2015-06-21 19:26 - 2013-10-07 19:27 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-21 19:20 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-20 18:33 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-20 17:30 - 2015-01-10 22:26 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-20 17:30 - 2015-01-10 22:25 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-20 17:29 - 2014-11-25 19:52 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-20 17:29 - 2014-11-25 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-20 17:29 - 2014-11-25 19:52 - 00000000 ____D C:\Program Files\WinRAR
2015-06-19 23:08 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2015-06-19 19:24 - 2015-03-07 18:07 - 00000000 ____D C:\ProgramData\{51ed5111-b074-b87d-51ed-d5111b074446}
2015-06-18 19:53 - 2014-11-19 00:56 - 00000000 ____D C:\ProgramData\Skype
2015-06-16 19:56 - 2014-11-20 22:19 - 00000000 ____D C:\windows\system32\MRT
2015-06-16 19:46 - 2014-11-20 22:19 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-16 00:12 - 2014-11-18 23:05 - 00000000 ____D C:\Users\Andy\AppData\Roaming\BitComet
2015-06-11 00:34 - 2014-12-13 20:46 - 00000000 ____D C:\windows\system32\appraiser
2015-06-11 00:34 - 2014-11-28 00:33 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-11 00:34 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2015-06-10 20:11 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-10 19:15 - 2013-08-22 15:44 - 00492000 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-09 23:59 - 2013-08-22 16:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-08 20:41 - 2013-08-22 16:36 - 00000000 ____D C:\windows\Speech
2015-06-08 19:47 - 2014-11-18 21:52 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-08 19:47 - 2014-11-18 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-08 19:47 - 2014-11-18 21:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-05 19:20 - 2014-11-24 22:01 - 00000000 ____D C:\ProgramData\18041650861050864990
2015-06-03 17:18 - 2014-11-28 00:36 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 17:18 - 2014-11-28 00:36 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 19:16 - 2014-11-18 21:33 - 00002283 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-31 22:43 - 2014-11-18 21:42 - 00000000 ____D C:\Users\Andy\AppData\Local\CrashDumps
2015-05-23 12:15 - 2015-05-21 20:47 - 00027579 _____ C:\Users\Andy\Documents\Eurovision Spreadsheet.xlsx
2015-05-23 11:29 - 2014-11-19 00:56 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2015-06-05 19:20 - 2015-06-22 19:59 - 0000024 _____ () C:\Users\Andy\AppData\Roaming\appdataFr25.bin
2015-03-18 22:37 - 2015-05-12 19:53 - 0000020 _____ () C:\Users\Andy\AppData\Roaming\appdataFr3.bin
2014-11-18 23:57 - 2014-11-18 23:57 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\Andy\AppData\Roaming\msvcr90-ruby191.dll
2015-05-12 20:19 - 2015-05-12 20:19 - 0000000 _____ () C:\Users\Andy\AppData\Local\Temp.dat
2013-12-13 22:48 - 2013-12-13 22:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgu9czm.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-19 21:58

==================== End of log ============================

REDACTED

  • Guest
Re: Threat has been detected
« Reply #10 on: June 22, 2015, 10:22:34 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Andy at 2015-06-22 21:15:52
Running from C:\Users\Andy\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3031754157-338325955-3198346124-500 - Administrator - Disabled)
Andy (S-1-5-21-3031754157-338325955-3198346124-1002 - Administrator - Enabled) => C:\Users\Andy
Guest (S-1-5-21-3031754157-338325955-3198346124-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3031754157-338325955-3198346124-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.1611.210 - Alps Electric)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Pokki) (Version: 0.269.7.660 - Pokki)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.24.20150327 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{2D5218EB-6992-46E3-8ECE-76C79AB955CE}) (Version: 3.13.2.0 - LG Electronics)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Spotify (HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
Start Menu (HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)


REDACTED

  • Guest
Re: Threat has been detected
« Reply #11 on: June 22, 2015, 10:23:32 PM »
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3031754157-338325955-3198346124-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

04-06-2015 21:28:08 Scheduled Checkpoint
09-06-2015 19:17:28 Windows Update
12-06-2015 19:53:33 Windows Update
15-06-2015 20:26:20 Windows Update
19-06-2015 18:51:45 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B589DAA-CB87-46FC-BC21-5199E69AEB6F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {0BF38806-35A5-44C3-A196-8235F24E3611} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ANDYB-Andy AndyB => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {169C218E-069C-4213-B225-135C8A10940F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {340F0305-3581-44A6-B48C-B7F0FA3AED0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {41AB895C-37DD-444A-9CBB-E31633BBF963} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4654C63F-6408-4354-AB7C-E192D0C76203} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {49D9217A-97F1-4197-B2CC-C3F9A0CAE46D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {5625E8C6-3375-4476-99C6-43E45419C8BF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {5937C814-3ECF-4E8C-8344-17769BF271BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {667FE7B5-C816-49B8-AA7C-448E32ACE132} - System32\Tasks\SoftwareProvider-S-394265216 => c:\programdata\trusted publisher\systemupgrader\SoftwareProvider.exe <==== ATTENTION
Task: {6F15E9D6-8676-4791-9E4E-8D314ADED93D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-16] (Microsoft Corporation)
Task: {7222744C-4263-40EA-BDE0-FEA15082AE7D} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {74D2EFA9-3E02-4FF8-B5EC-1C350356D3B6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {86C76842-9B8C-4AF8-9729-6AE2D08C4D68} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002Core => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {A65A27DC-E5EA-41AF-9D1A-AFE0A684A545} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002UA => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {A75C81C8-5E72-4885-8DA6-CC26B0A932D7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B24862E1-C88E-4192-BB9C-3B65EAD43BDE} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {B3EFACE7-5CB2-4DF0-A85F-7D63E478CB0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-10] (Microsoft Corporation)
Task: {BA4AFC4B-1E81-4127-9626-971BB18BED6C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-15] (Microsoft Corporation)
Task: {BDF501A1-B674-420C-9532-8BFC283C7AAC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE0BF9FE-82FC-42EF-BB30-C8AEE9B319F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E1466A2C-6B7F-405D-B384-594F90268C47} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {E92FC764-CF9D-4BA0-83C1-220B64D688D8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {F22F64BA-B6DC-44C8-9027-FD906A727945} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F232CB57-2E64-484C-9E84-1249FA270230} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.)
Task: {FFAF7D97-1E89-4272-8A72-ECC5E6A16075} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-10] (Microsoft Corporation)
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002Core.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3031754157-338325955-3198346124-1002UA.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\SoftwareProvider-S-394265216.job => c:\programdata\trusted publisher\systemupgrader\SoftwareProvider.exeS/schedule /profile c:\programdata\trusted publisher\systemupgrader\394265216.ini <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-10 22:43 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-13 23:13 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-13 23:16 - 2013-12-13 23:16 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-12-13 23:16 - 2013-12-13 23:16 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-03-10 22:49 - 2015-03-10 22:49 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-07 10:48 - 2013-09-07 10:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 10:45 - 2013-09-07 10:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 10:52 - 2013-09-07 10:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-06-19 18:54 - 2015-06-19 18:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-19 18:54 - 2015-06-19 18:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-21 18:45 - 2015-06-21 18:45 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062101\algo.dll
2015-06-22 20:02 - 2015-06-22 20:02 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062203\algo.dll
2014-11-18 23:05 - 2015-04-16 18:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-21 20:32 - 2015-04-23 03:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-11-18 23:05 - 2015-06-04 19:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-21 20:32 - 2015-04-23 03:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-21 20:32 - 2015-04-23 03:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-11-18 23:05 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-18 23:05 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-18 23:05 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-18 23:05 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-18 23:05 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-11-18 23:05 - 2015-06-04 19:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-06-16 20:28 - 2015-06-17 20:11 - 41287224 _____ () C:\Users\Andy\AppData\Roaming\Spotify\libcef.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00569856 _____ () C:\Users\Andy\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 01400846 _____ () C:\Users\Andy\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00151054 _____ () C:\Users\Andy\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00222734 _____ () C:\Users\Andy\AppData\Local\Pokki\Engine\avformat-54.dll
2015-06-22 19:00 - 2015-06-22 19:00 - 00043008 _____ () c:\users\andy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgu9czm.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00726016 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-06-19 18:54 - 2015-06-19 18:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-16 20:28 - 2015-06-17 20:11 - 01488440 _____ () C:\Users\Andy\AppData\Roaming\Spotify\libglesv2.dll
2015-06-16 20:28 - 2015-06-17 20:11 - 00079928 _____ () C:\Users\Andy\AppData\Roaming\Spotify\libegl.dll
2014-11-18 23:05 - 2015-05-11 20:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-12-13 22:45 - 2013-08-19 19:12 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-11-18 21:41 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-18 21:41 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-18 21:41 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-18 21:41 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-11-18 21:41 - 2014-11-14 22:15 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll


REDACTED

  • Guest
Re: Threat has been detected
« Reply #12 on: June 22, 2015, 10:24:11 PM »
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Andy\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Andy\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3031754157-338325955-3198346124-1002\...\sharepoint.com -> hxxps://delacyacademyorg.sharepoint.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3031754157-338325955-3198346124-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Andy\Pictures\Pictures\Luke\September, October & November 2014\IMG_20140904_155506459.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8D20BB07-8E45-46AA-81AB-F3679D95B389}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4BBCCBA1-DDA1-4DE5-A5CD-A26488DDD170}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{67DEC0F1-0171-4A92-AECF-E4BE47C00D92}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{227DFBA4-84F4-4358-86ED-9C4A780CAA74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4A59B2AB-B711-495C-B17E-D3A506C8D251}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{2A5E12F6-26A1-4AB6-8E18-4289567BC474}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{0B32258B-C810-4139-87AA-B85BBC5747F9}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1CC050FB-1D8C-4C73-81DA-00200E10E4B7}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{6777B677-4649-41B6-BBF2-F98B6FE6DB85}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{FB8A5DAE-ABFD-4A20-880D-9B697812B234}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{943940EB-FC35-411E-98A5-E241FF6293BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4C0C6D06-3212-493E-8CFA-29A7CE94CBF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D415595-2624-42CC-9004-DCF3DD78C449}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2368ABD4-EE31-4265-8A40-26BA4849AD6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{655E558C-824A-4149-B57B-839E7DC7EEDD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{153362C3-A453-46EC-847C-C08A339F4F15}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B9D3D3DE-F785-49EA-924E-11F6BAE77675}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{7B0E6F77-3F0C-46DD-B4F3-3CD6BADC2C01}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{18FE7D02-1D2A-45AF-A28E-BBDFE1BB3004}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1AE61420-73BA-4EE5-9293-1CD21A4C5FCA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D983045C-AFE8-4320-AFC9-14F793C777A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{C47CAB79-D6EF-49AA-97DE-002BE2BE060D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{106572FB-7DB0-4093-BA92-AB025970E094}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E1EF6572-E5E7-409E-BC25-10F15A10A21C}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9D8492FA-FB59-495B-B0CE-3802F1B96CBC}C:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{37E1CB60-696D-4246-9161-15D391E881A6}C:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{435A0FA0-9DAA-4295-9F94-CC56A7138A5A}] => (Allow) C:\Users\Andy\AppData\Local\Temp\nseAA2A.tmp\CnetInstaller-10971016.exe
FirewallRules: [{5063BA5D-9AA0-4DE5-9F47-F656B12F3085}] => (Allow) C:\Users\Andy\AppData\Local\Temp\nseAA2A.tmp\CnetInstaller-10971016.exe
FirewallRules: [TCP Query User{966D6870-9263-4C67-B14B-932524D51F2C}C:\users\andy\appdata\roaming\torrentstream\engine\tsengine.exe] => (Block) C:\users\andy\appdata\roaming\torrentstream\engine\tsengine.exe
FirewallRules: [UDP Query User{4DDC1E95-FFE3-43BC-BCFC-0330FFA21D9E}C:\users\andy\appdata\roaming\torrentstream\engine\tsengine.exe] => (Block) C:\users\andy\appdata\roaming\torrentstream\engine\tsengine.exe
FirewallRules: [TCP Query User{49940B07-D704-495A-B3B4-5BE614D7C7B5}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{4C79E121-9F33-4D68-A836-CB7D090A9FB9}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [TCP Query User{EDDC5430-11C3-4404-9EC3-E9DF1C70ED50}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{85F9C39A-F2FB-4FAF-BF8A-ACABF7BB4D73}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{7A97D459-58C9-4187-8C94-40B5A46B9023}C:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3451A56A-42B9-4BBA-8F11-CAF38812E5F5}C:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{91FE0DBA-7763-4524-8255-999E545C5473}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E93FE9F7-FEF2-4239-908E-0F08E79F7F46}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{10F5E71B-4234-4CB3-95EC-AB3977AF931A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{8AB0A820-B4D3-4A6E-A26B-1DFAE4582ADB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{12F1D014-DA20-411E-8D59-CA4FD2877123}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{FF778922-1C9A-492D-A598-7BE44A105088}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{B47C930B-90E4-49C3-B3A0-065CFB527365}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ACC56A68-7BE1-46C9-A3CC-F0CB2C1FCDA2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5BF33CC7-2F5D-4368-8354-C2B4555E2566}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{24CC944B-3C05-452F-B805-592A108C73FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{71659CBB-9D54-4999-B962-E258064657DB}C:\users\andy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E5520B05-10A3-4621-B208-5367FE1C5AE5}C:\users\andy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{71AF7309-FA35-4FAE-9777-E14C0FD4C578}C:\users\andy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8A571607-2B4F-484F-B0EE-FABAB8BC87EC}C:\users\andy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andy\appdata\roaming\spotify\spotify.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2015 08:11:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (06/22/2015 07:59:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (06/22/2015 07:10:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (06/22/2015 07:08:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (06/22/2015 07:08:20 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {4F438DEE-6ABC-4E78-A4BB-516079219BB7}

Error: (06/22/2015 07:06:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (06/22/2015 07:01:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (06/21/2015 10:56:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (06/21/2015 10:28:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.

Error: (06/21/2015 10:27:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.



REDACTED

  • Guest
Re: Threat has been detected
« Reply #13 on: June 22, 2015, 10:24:26 PM »
System errors:
=============
Error: (06/22/2015 07:00:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/21/2015 11:41:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/21/2015 10:26:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/21/2015 07:24:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/21/2015 07:17:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/21/2015 06:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/20/2015 10:52:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/20/2015 10:48:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/20/2015 05:15:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/20/2015 09:22:52 AM) (Source: DCOM) (EventID: 10010) (User: ANDYB)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office:
=========================
Error: (06/22/2015 08:11:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (06/22/2015 07:59:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (06/22/2015 07:10:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (06/22/2015 07:08:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (06/22/2015 07:08:20 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {4F438DEE-6ABC-4E78-A4BB-516079219BB7}

Error: (06/22/2015 07:06:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (06/22/2015 07:01:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (06/21/2015 10:56:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (06/21/2015 10:28:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (06/21/2015 10:27:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-19 18:56:56.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:34.058
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:29.055
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:25.020
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:23.797
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:23.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:22.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:21.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:21.157
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-19 18:56:20.543
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8104.27 MB
Available physical RAM: 5230.88 MB
Total Pagefile: 9384.27 MB
Available Pagefile: 6122.53 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:891.85 GB) (Free:802.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0B19A8A9)

Partition: GPT Partition Type.

==================== End of log ============================

REDACTED

  • Guest
Re: Threat has been detected
« Reply #14 on: June 22, 2015, 10:25:04 PM »
Phew...there...think that's it all.  Any help much appreciated.