1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] SystHeal

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by lvon98, Jul 23, 2014.

  1. lvon98

    lvon98 Established Techie7 Member

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
    Ran by mg at 2014-08-01 11:55:34
    Running from C:\Users\mg\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
    Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.5.6.0 - Auslogics Labs Pty Ltd)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
    Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
    Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
    Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.406 - Corel Inc.)
    Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
    Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.01 - )
    Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
    Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
    Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
    Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
    Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0007 - Lenovo)
    Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
    Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
    Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nitro Pro 8 (HKLM\...\{35E1FF5F-E8E1-4DE2-B3EC-BBE296B27336}) (Version: 8.5.2.10 - Nitro)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.11.20 - )
    RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.1.1.1 - Lenovo)
    RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
    Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.4 - Reimage)
    RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
    SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
    ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.11 - Lenovo)
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
    Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
    Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
    Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
    Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
    Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
    Windows Driver Package - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
    Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
    Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-344739079-3731520918-4285122877-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-344739079-3731520918-4285122877-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-344739079-3731520918-4285122877-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-344739079-3731520918-4285122877-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    01-08-2014 11:37:36 Scheduled Checkpoint
    01-08-2014 11:38:41 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-07-31 11:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0580E5FF-38BE-4133-AF41-1B9BBF4B5064} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)
    Task: {0B47BF37-CF56-4A03-B772-1FE5B0FB583B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
    Task: {1B61C635-7753-4A4A-9C3F-3BB636498000} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-20] (Glarysoft Ltd)
    Task: {1DBCB1BC-05B2-4327-9506-ACC3A1EA7D22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)
    Task: {33BC347D-27EC-4565-B680-4DCBF1ABE617} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)
    Task: {360B98B9-A3C2-4527-ACD9-8FA686642FF9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-30] (AVAST Software)
    Task: {4762E40B-5C17-497D-A2B6-17AE8F98C7BF} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-07-20] (Glarysoft Ltd)
    Task: {66B8FB32-1402-46C0-9443-8DC18B135BE7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
    Task: {792C6051-671A-4527-BC0B-8D8C365AB5E3} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
    Task: {8534B74E-FA5A-4790-A21F-C754C793B066} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
    Task: {8FE69069-4BE8-4403-82A6-D6FB44E68378} - System32\Tasks\Lenovo\Run TVSU Once => C:\SWTOOLS\DRIVERS\utils\TVSUHook.exe [2012-06-05] ()
    Task: {9782A91D-72D5-4F78-9D37-CE0BE2F298E5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
    Task: {9A26AA49-3B6C-4FF9-A263-8C35552675CA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-344739079-3731520918-4285122877-1000
    Task: {9D56A255-C3DD-47E0-893E-4849E6FF841E} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    Task: {A0D2C28C-BB9F-4E48-A63E-CA971A95122B} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn mg logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2014-07-16] (Auslogics)
    Task: {ABB24F1E-ACC1-44C9-AECE-03B2FFAC7D83} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
    Task: {B3F1395B-20DC-4A77-A55E-247110D2CE0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
    Task: {C47A4120-EA81-4ED4-92DB-12863E7CA8AA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe
    Task: {C5025EDB-B0E8-405C-B3F0-CF5C6FE2304F} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)
    Task: {CDFE2B74-DBD5-4A41-8D9C-387034B336CA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
    Task: {DAA80146-5BAA-4EAA-94CD-637E28B1CFD7} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe
    Task: {F2E7DED1-60D1-413F-ACAD-A330C0DECB81} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
    Task: {F808255B-CE2E-4946-8C50-B0E35D95F933} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-02-04] ()
    Task: {FE59A823-3E0D-4829-AEBD-6169FA7E2254} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-14 13:02 - 2012-03-19 01:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-12-14 13:07 - 2012-05-15 16:32 - 00093696 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
    2014-07-30 21:39 - 2014-07-30 21:39 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-08-01 06:37 - 2014-08-01 06:37 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080100\algo.dll
    2013-12-14 13:14 - 2013-04-12 20:41 - 00033520 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
    2014-07-30 21:39 - 2014-07-30 21:39 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-07-20 22:01 - 2014-07-20 22:01 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
    2013-12-14 13:00 - 2012-02-20 22:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2014-07-18 16:34 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
    2014-07-18 16:34 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
    2014-07-18 16:34 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
    2014-07-18 16:34 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
    2014-07-18 16:34 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
    2014-07-18 16:34 - 2014-07-15 04:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:373E1720

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: adgnetworktdi
    Description: adgnetworktdi
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: adgnetworktdi
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-07-30 20:59:55.387
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-30 20:59:55.333
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-07-19 08:52:15.640
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 52%
    Total physical RAM: 3792.79 MB
    Available physical RAM: 1793.22 MB
    Total Pagefile: 7583.77 MB
    Available Pagefile: 4929.79 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:280.73 GB) (Free:245.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive q: (Lenovo_Recovery) (Fixed) (Total:15.9 GB) (Free:3.62 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298 GB) (Disk ID: C507B5C8)
    Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  3. lvon98

    lvon98 Established Techie7 Member

    Not sure that's what you wanted, but here goes...

    BTW, I DID NOT scan with FRST(FRST64), just clicked the FIX button

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
    Ran by mg at 2014-08-01 22:17:53 Run:1
    Running from C:\Users\mg\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [SystHeal] => C:\Program Files (x86)\G.A. Technocare Technology Pvt. Ltd\SystHeal Optimizer Pro\SystHeal.exe [12950400 2014-07-11] (SystHeal Corporation)
    C:\Program Files (x86)\G.A. Technocare Technology Pvt. Ltd
    S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
    S1 adgnetworktdi; system32\drivers\adgnetworktdi.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\mg\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    2014-07-18 16:08 - 2014-07-18 16:08 - 00001468 _____ () C:\Users\mg\Desktop\SystHeal.exe.lnk
    2014-07-18 16:08 - 2014-07-18 16:08 - 00000000 ____D () C:\Users\mg\AppData\Roaming\G.A. Technocare Technology Pvt. Ltd
    C:\ProgramData\fontcacheev1.dat
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SystHeal => value deleted successfully.
    C:\Program Files (x86)\G.A. Technocare Technology Pvt. Ltd => Moved successfully.
    ReimageRealTimeProtector => Service deleted successfully.
    adgnetworktdi => Service deleted successfully.
    catchme => Service deleted successfully.
    cpuz134 => Service deleted successfully.
    C:\Users\mg\Desktop\SystHeal.exe.lnk => Moved successfully.
    C:\Users\mg\AppData\Roaming\G.A. Technocare Technology Pvt. Ltd => Moved successfully.
    C:\ProgramData\fontcacheev1.dat => Moved successfully.
    C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

    ==== End of Fixlog ====
     
  4. lvon98

    lvon98 Established Techie7 Member

    UPDATE:

    I just rebooted and I BELIEVE we (i.e. YOU) finally got rid of the F***ER. That %?#& Spam page simply doesn't show up. But maybe it's too soon to claim victory yet. Tell me what you think.
     
  5. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Good news :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  6. lvon98

    lvon98 Established Techie7 Member

    SecurityCheck log:

    Results of screen317's Security Check version 0.99.86
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Reader 10.1.7 Adobe Reader out of Date!
    Google Chrome 36.0.1985.125
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    FSS log:

    Farbar Service Scanner Version: 21-07-2014
    Ran by mg (administrator) on 02-08-2014 at 16:16:02
    Running from "C:\Users\mg\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    NOTE: for the ESET scan, I forgot to check SCAN ARCHIVES. I can re-scan if you deem it necessary.

    ESET log:

    C:\Program Files (x86)\sweetpacks bundle uninstaller_Glary Utilities_1664633\uninstaller.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
    C:\Users\mg\Downloads\cbsidlm-cbsi188-123_Free_Solitaire-SEO-10022517.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
    C:\Users\mg\Downloads\Glary_Utilities_TSV4ATJRU.exe Win32/Toolbar.Conduit.AE potentially unwanted application deleted - quarantined
     
  7. lvon98

    lvon98 Established Techie7 Member

    ADDENDUM:

    SecurityCheck says my Antivirus is out of date, probably because I have disabled it for the purposes of that scan. As for Adobe Reader, I will bring it up-to-date very shortly.
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    ==================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  9. lvon98

    lvon98 Established Techie7 Member

    Hi Broni!

    System seems to be working fine, thank you very much.

    The only download I had problems with was the PSI one. After downloading, I got the following message:

    ''Unable to retrieve PSI user ID from Secunia. Please verify that you are able to connect to https://psi3.secunia.com (Which I was.)
    NOTE: Proxy support for the PSI is currently unavailable but is planned for a future release. If your system requires access to the Internet through a proxy, you will not be able to use this application at this time.''

    And on the toolbar at the bottom of my screen, I received the following message: ''Check that Internet connection is working''.
    Which it seemed to be.




    Aside from that, and from the fact that your last message inexplicably wound up in my SPAM filter, everything looks spic and span. Finally. I never thought that a Spam page would be so difficult to eradicate once and for all.

    Thank you VERY MUCH for all your help. Your indications were clear and precise throughout and you managed to pull off the not insignificant feat of guiding a technological Neanderthal such as myself through to the final destination without any harm. Kudos to you, my friend.
     
  10. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  11. hina

    hina Techie7 New Member

    i also have a problem with systheal