Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attacks from C/Windows/explorer.exe


  • This topic is locked This topic is locked
11 replies to this topic

#1 Glombak

Glombak

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 26 December 2014 - 07:00 AM

Hello, a few days ago my computer rebooted itself (after someone from my family had used it and probably clicked on a link in a message).

The following morning I opened google chrome, which closed itself after a few minutes. I was not able to open it again.

When I opened internet explorer, I could see in history that it tried to get to strange websites multiple times.

Then, in Task Menager I could see that there are multiple explorers.exe are opening (there were always 2 - 1 normal , and the other one infected). The infected one was using a lot of CPU, RAM, wrote a lot on the disk and used network.

At that moment I installed Kaspersky turning off explorer.exe every time it turned on itself.

I made scan with TDSS killer and it found viruses (bohucsv.exe and a few others).

I ordered Kaspersky to block explorer.exe. I received multiple messages from Kaspersky about attacks blocked (from the internet.

I then used CCleaner, AdwCleaner, TDSS killer, made multiple scans with Kaspersky, used Combofix (I know, I panicked a bit).

Then, yesterday I used Norton Power Eraser and after it made its changes I think the computer started to work normally, because I no longer receive messages about attacks from explorer.exe.

 

But I'm still afraid that it is not the end and as requested in "Am I infected topic, I wil post Combofix log (made when things were really bad) and DDS log (made today when things appear to be normal).

 

Thank you


Edited by Glombak, 26 December 2014 - 07:05 AM.


BC AdBot (Login to Remove)

 


#2 Glombak

Glombak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 26 December 2014 - 07:01 AM

Combofix log

 

 

 

ComboFix 14-12-23.01 - remigiuszm 24/12/2014  15:07:40.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.4004.2409 [GMT 0:00]
Running from: F:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
    /wow section - STAGE 10
Access is denied.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Search Results Toolbar\Datamngr
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\lib\analytics.js
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\lib\constant.js
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\lib\default-config.js
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\lib\jquery.js
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\lib\localStorage.js
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\lib\new-tab.js
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\lib\preferences.js
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\manifest.json
c:\program files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\OurLocalPage.html
c:\program files (x86)\Search Results Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll
c:\users\Administrator\AppData\Local\ejdhsqwi.log
c:\users\Administrator\AppData\Local\emqdouks.log
c:\users\Administrator\AppData\Local\gakgfcuk.log
c:\users\Administrator\AppData\Local\lpgqhnoe.log
c:\users\Administrator\AppData\Local\nlaktmsh.log
c:\users\Administrator\AppData\Local\qgcvvykj.log
c:\users\Administrator\AppData\Local\rwpayvsf.log
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-24 to 2014-12-24  )))))))))))))))))))))))))))))))
.
.
2014-12-24 15:19 . 2014-12-24 15:19    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-12-24 15:19 . 2014-12-24 15:19    --------    d-----w-    c:\users\Tosh\AppData\Local\temp
2014-12-24 15:19 . 2014-12-24 15:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-12-24 13:48 . 2014-12-24 13:48    --------    d-----w-    c:\users\Administrator\AppData\Local\Google
2014-12-24 11:47 . 2014-12-24 11:47    --------    d-----w-    c:\programdata\New folder
2014-12-23 14:57 . 2013-05-06 09:13    110176    ----a-w-    c:\windows\system32\klfphc.dll
2014-12-23 14:56 . 2014-12-23 14:56    --------    d-----w-    c:\windows\ELAMBKUP
2014-12-23 14:56 . 2014-12-23 14:56    --------    d-----w-    c:\program files (x86)\Kaspersky Lab
2014-12-23 14:56 . 2014-12-23 15:17    793800    ----a-w-    c:\windows\system32\drivers\klif.sys
2014-12-23 14:56 . 2014-12-23 15:17    141320    ----a-w-    c:\windows\system32\drivers\klflt.sys
2014-12-23 14:56 . 2014-04-10 17:25    243808    ----a-w-    c:\windows\system32\drivers\klhk.sys
2014-12-23 14:41 . 2014-12-24 14:10    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-12-23 14:37 . 2014-12-24 15:22    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-12-23 14:25 . 2014-12-23 14:25    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2014-12-22 23:10 . 2014-12-22 23:10    --------    d-----w-    c:\users\Administrator\AppData\Roaming\DAT1
2014-12-22 23:10 . 2014-12-24 15:22    --------    d--h--w-    c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-12-19 16:43 . 2014-12-22 23:10    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{757CDB8A-2ADC-48BD-AAB1-BAE1CF39389A}\offreg.dll
2014-11-27 20:19 . 2014-11-27 20:19    --------    d-----w-    c:\windows\Offline Address Books
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-04 14:30 . 2010-11-21 03:27    275080    ------w-    c:\windows\system32\MpSigStub.exe
2014-10-20 02:37 . 2014-11-14 17:29    11627712    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{757CDB8A-2ADC-48BD-AAB1-BAE1CF39389A}\mpengine.dll
2014-10-14 18:11 . 2014-10-14 18:11    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-07-06 900160]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-25 39408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
R4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
R4 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
R4 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 17:05]
.
2014-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 17:05]
.
2014-12-23 c:\windows\Tasks\New scan.job
- c:\program files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-06-15 11:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 17:52    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 17:52    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 17:52    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 17:52    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 17:52    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 17:52    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-04 150992]
"combofix"="c:\combofix\CF9309.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-!{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-50301596.sys
SafeBoot-64391164.sys
SafeBoot-79992858.sys
SafeBoot-81651743.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2014-12-24  15:29:35 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-24 15:29
.
Pre-Run: 187,219,066,880 bytes free
Post-Run: 186,660,057,088 bytes free
.
- - End Of File - - DE3C077657DD07C85CB72F9D87DB58BC
 



#3 Glombak

Glombak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 26 December 2014 - 07:03 AM

DDS log

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by remigiuszm at 11:28:42 on 2014-12-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.4004.2989 [GMT 0:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\sppsvc.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
uRunOnce: [*NPE] "F:\Muzyka\NPE.exe" /POSTFIX
uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[S1].txt
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
dRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{77FE8616-1FB0-4332-AC6F-0970A454883C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{77FE8616-1FB0-4332-AC6F-0970A454883C}\46C696E6B6 : DHCPNameServer = 213.172.186.4 192.168.0.1
TCP: Interfaces\{77FE8616-1FB0-4332-AC6F-0970A454883C}\66F697C65666F6F6467627F65707 : DHCPNameServer = 10.10.16.10
TCP: Interfaces\{E39A5D22-232D-41C5-BE97-344CF5B1D6CD} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a1uoxjl2.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: plugin.state.npcontentblocker - 2
.
FF - user.js: plugin.state.nponlinebanking - 2
.
FF - user.js: plugin.state.npvkplugin - 2
.
FF - user.js: plugin.state.anti_banner_native_proxy - 2
.
FF - user.js: plugin.state.url_advisor - 2
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-30 45856]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 klhk;klhk;C:\windows\System32\drivers\klhk.sys [2014-12-23 243808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2014-2-25 30304]
R1 klpd;klpd;C:\windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2014-3-25 55904]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2014-3-26 179296]
R1 SAVOnAccess;SAVOnAccess;C:\windows\System32\drivers\savonaccess.sys [2012-7-26 144672]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2011-7-14 20592]
R3 klflt;Kaspersky Lab Kernel DLL;C:\windows\System32\drivers\klflt.sys [2014-12-23 141320]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2014-3-28 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-8-8 29280]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-7-14 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-5-4 413800]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-4-20 233552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-15 111616]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\windows\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-7-14 247400]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-7-14 1809920]
S4 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-25 69640]
S4 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-11-12 216640]
S4 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-6-15 139840]
S4 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-7-6 232512]
S4 SophosBootDriver;SophosBootDriver;C:\windows\System32\drivers\SophosBootDriver.sys [2012-7-26 25608]
S4 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-11-12 2869824]
S4 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012-7-26 1998400]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-14 54136]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-14 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-26 00:47:01    --------    d-----w-    C:\Users\Administrator\AppData\Local\Google
2014-12-25 22:39:50    --------    d-----w-    C:\AdwCleaner
2014-12-25 21:17:40    --------    d-----w-    C:\NPE
2014-12-25 21:09:40    --------    d-----w-    C:\Users\Administrator\AppData\Local\NPE
2014-12-25 21:09:40    --------    d-----w-    C:\ProgramData\Norton
2014-12-24 17:14:23    7168    ----a-w-    C:\windows\SysWow64\drivers\utk0mti5.sys
2014-12-24 15:22:44    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-12-24 15:03:40    --------    d-----w-    C:\ComboFix
2014-12-24 14:23:20    0    ----a-r-    C:\windows\sed.exe
2014-12-24 14:23:20    0    ----a-r-    C:\windows\PEV.exe
2014-12-24 14:23:20    0    ----a-r-    C:\windows\MBR.exe
2014-12-23 14:57:30    110176    ----a-w-    C:\windows\System32\klfphc.dll
2014-12-23 14:56:38    --------    d-----w-    C:\windows\ELAMBKUP
2014-12-23 14:56:34    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2014-12-23 14:56:17    243808    ----a-w-    C:\windows\System32\drivers\klhk.sys
2014-12-23 14:56:17    141320    ----a-w-    C:\windows\System32\drivers\klflt.sys
2014-12-23 14:41:16    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-12-23 14:37:54    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-12-23 14:25:10    --------    d-s---w-    C:\windows\SysWow64\Microsoft
2014-12-22 23:10:25    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\DAT1
2014-11-27 20:19:57    --------    d-----w-    C:\windows\Offline Address Books
.
==================== Find3M  ====================
.
2014-11-04 14:30:58    275080    ------w-    C:\windows\System32\MpSigStub.exe
.
============= FINISH: 11:30:03.54 ===============
 



#4 Glombak

Glombak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 26 December 2014 - 07:09 AM

Here we have attach.txt


Sorry, here we have attach.txt

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 28 December 2014 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#6 Glombak

Glombak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 29 December 2014 - 05:39 AM

Ok, here I post my logs from Farbar. Additionally I would like to say that after DDS scan I run Junkware Removal tool, Adwcleaner (as always) and installed Malwarebytes antimalware to scan the computer. I did all of those because I read that a guy with the same problem was asked to do those. Would you like me to paste the logs.

The other thing is that although I no longer seem to be infected, this computer now has some problems ( I think resulting from some damage to files) and for example cannot open stuff with windows media player.

Once more I would like to say that combofix was run during the worst part of the infection, while DDS was run when everything appeared to be normal (afterwards).

Also, because it was Christmas, I allowed children to install War Thunder (they wanted to play together) but on partition D (not where the windows is). They haven't installed anything else.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by remigiuszm (administrator) on TOSHIBA142 on 29-12-2014 10:32:48
Running from C:\Users\Administrator\Desktop
Loaded Profile: remigiuszm (Available profiles: remigiuszm & Tosh)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-05-04] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900160 2012-07-06] (Sophos Limited)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-25] (Google Inc.)
AppInit_DLLs: c:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll => c:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218256 2014-01-06] (Sophos Limited)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/places?touch=4&cat=1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/places?touch=4&cat=1
HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {F8AA9E5A-DD31-417D-9544-FBD66EA140EE} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F8AA9E5A-DD31-417D-9544-FBD66EA140EE} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1535349040-3773854965-2112344007-3215 -> {3D523308-E05C-4642-A655-F0FB662D6133} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1535349040-3773854965-2112344007-3215 -> {411D4A36-E049-4F05-A134-6EBA0B7092DA} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - !{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -  No File
Toolbar: HKLM - No Name - !{73455575-E40C-433C-9784-C78DC7761455} -  No File
Toolbar: HKLM - No Name - !{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -  No File
Toolbar: HKLM - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -  No File
Toolbar: HKLM-x32 - No Name - !{73455575-E40C-433C-9784-C78DC7761455} -  No File
Toolbar: HKLM-x32 - No Name - !{7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -  No File
Toolbar: HKLM-x32 - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a1uoxjl2.default
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
S4 lxct_device; C:\windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
S4 lxct_device; C:\windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-11-12] (Sophos Limited)
S4 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-06-15] (Sophos Limited)
S4 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-07-06] (Sophos Limited)
S4 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2012-11-12] (Sophos Limited)
S4 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [1998400 2012-11-12] (Sophos Limited)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-05-21] (AVG Technologies)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-06-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-10-23] (Sophos Plc)
S3 utk0mti5; C:\windows\SysWOW64\Drivers\utk0mti5.sys [7168 2014-12-24] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 10:32 - 2014-12-29 10:33 - 00018626 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-12-29 10:32 - 2014-12-29 10:32 - 00000000 ____D () C:\FRST
2014-12-28 17:50 - 2014-12-28 17:50 - 02123264 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-12-27 12:53 - 2014-12-27 12:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\20192B88.sys
2014-12-26 20:37 - 2014-12-26 20:37 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-12-26 17:31 - 2014-12-26 17:31 - 00000000 ____D () C:\Users\Administrator\Documents\My Games
2014-12-26 17:31 - 2014-12-26 17:31 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2014-12-26 17:29 - 2014-12-26 17:30 - 04700448 _____ (Gaijin Entertainment ) C:\Users\Administrator\Downloads\wt_launcher_1.0.1.467.exe
2014-12-26 15:34 - 2014-12-29 10:29 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 15:33 - 2014-12-26 15:36 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-26 15:33 - 2014-12-26 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-26 15:33 - 2014-12-26 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-26 15:33 - 2014-12-26 15:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-26 15:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-26 15:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-26 15:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-26 15:27 - 2014-12-26 15:27 - 00002122 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-12-26 15:19 - 2014-12-26 15:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2014-12-26 15:17 - 2014-12-26 15:17 - 00000000 ____D () C:\windows\ERUNT
2014-12-26 15:16 - 2014-12-26 15:16 - 00015268 _____ () C:\Users\Administrator\Desktop\ESETPoweliksCleaner.exe_20141226.151643.2440.log
2014-12-26 15:14 - 2014-12-26 15:14 - 00186568 _____ (ESET) C:\Users\Administrator\Desktop\ESETPoweliksCleaner.exe
2014-12-26 15:10 - 2014-12-26 15:10 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.3.1025.exe
2014-12-26 15:08 - 2014-12-26 15:08 - 01707646 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-12-26 11:30 - 2014-12-26 11:30 - 00018482 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-12-26 11:30 - 2014-12-26 11:30 - 00017330 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-12-26 01:10 - 2014-12-26 01:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-12-26 00:58 - 2014-12-26 00:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-12-26 00:47 - 2014-12-26 00:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-25 23:47 - 2014-12-25 18:10 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2014-12-25 23:26 - 2014-12-25 23:30 - 14447327 _____ () C:\Users\Administrator\Desktop\Kaspersky app control.txt
2014-12-25 22:48 - 2014-12-24 11:53 - 02173952 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-12-25 22:46 - 2014-12-29 10:27 - 00000448 _____ () C:\windows\setupact.log
2014-12-25 22:46 - 2014-12-25 22:46 - 00000000 _____ () C:\windows\setuperr.log
2014-12-25 22:45 - 2014-12-27 12:52 - 00001684 _____ () C:\windows\PFRO.log
2014-12-25 22:39 - 2014-12-25 23:07 - 00000000 ____D () C:\AdwCleaner
2014-12-25 22:38 - 2014-12-25 22:38 - 00001130 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-25 22:38 - 2014-12-25 22:38 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-25 22:38 - 2014-12-25 22:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-12-25 22:38 - 2014-12-25 22:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-25 22:38 - 2014-12-25 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-25 22:38 - 2014-12-25 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-25 21:34 - 2014-12-25 21:34 - 00028672 _____ () C:\ProgramData\SMRResults430.dat
2014-12-25 21:17 - 2014-12-25 21:17 - 00000000 ____D () C:\NPE
2014-12-25 21:09 - 2014-12-25 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NPE
2014-12-25 21:09 - 2014-12-25 21:09 - 00000000 ____D () C:\ProgramData\Norton
2014-12-25 20:49 - 2014-12-25 20:49 - 03148854 _____ () C:\Users\Administrator\Desktop\Date and logs.bmp
2014-12-25 20:47 - 2014-12-25 20:48 - 03148854 _____ () C:\Users\Administrator\Desktop\Readyboot.bmp
2014-12-25 20:39 - 2014-12-25 20:39 - 03148854 _____ () C:\Users\Administrator\Desktop\Explorers exe suspicious.bmp
2014-12-25 17:19 - 2014-12-25 17:19 - 00010146 _____ () C:\Users\Administrator\Desktop\install.txt
2014-12-24 17:22 - 2014-12-24 17:23 - 03148854 _____ () C:\Users\Administrator\Desktop\Virus skan.bmp
2014-12-24 17:14 - 2014-12-24 17:14 - 00007168 _____ () C:\windows\SysWOW64\Drivers\utk0mti5.sys
2014-12-24 17:11 - 2014-12-24 17:11 - 00000000 ____D () C:\Users\Administrator\Desktop\avz4
2014-12-24 17:10 - 2014-12-24 16:53 - 09370136 _____ () C:\Users\Administrator\Desktop\avz4.zip
2014-12-24 17:07 - 2014-12-24 17:07 - 00105349 _____ () C:\Users\Administrator\Desktop\GetSystemInfo_TOSHIBA142_remigiuszm_2014_12_24_17_06_31.zip
2014-12-24 16:57 - 2014-12-24 17:08 - 00147013 _____ () C:\Users\Administrator\Desktop\GetSystemInfo_TOSHIBA142_remigiuszm_2014_12_24_16_57_07.zip
2014-12-24 16:54 - 2014-12-24 16:54 - 00000000 _____ () C:\Users\Administrator\Desktop\Virus nothing detected.bmp
2014-12-24 16:27 - 2014-12-24 16:28 - 02318454 _____ () C:\Users\Administrator\Desktop\Virus two explorers.bmp
2014-12-24 15:29 - 2014-12-24 15:29 - 00021715 _____ () C:\ComboFix.txt
2014-12-24 15:24 - 2014-12-29 10:31 - 00689628 _____ () C:\windows\WindowsUpdate.log
2014-12-24 15:03 - 2014-12-24 15:32 - 00000000 ____D () C:\ComboFix
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\zip.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\SWXCACLS.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\SWSC.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\SWREG.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\sed.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\PEV.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\NIRCMD.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\MBR.exe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____R () C:\windows\grep.exe
2014-12-24 14:22 - 2014-12-24 15:32 - 00000000 ____D () C:\Qoobox
2014-12-24 14:21 - 2014-12-24 15:26 - 00000000 ____D () C:\windows\erdnt
2014-12-24 13:59 - 2014-12-25 22:46 - 00001850 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-24 13:15 - 2014-12-24 13:33 - 00000946 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-24 13:12 - 2014-12-24 11:53 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2014-12-24 11:53 - 2014-12-24 11:53 - 00262144 _____ () C:\windows\system32\config\elam
2014-12-24 10:37 - 2014-12-24 13:26 - 00003168 _____ () C:\windows\System32\Tasks\{244B6ED8-CBFB-4303-B77D-FC3B2FDA3357}
2014-12-23 22:58 - 2014-12-23 22:58 - 00000028 _____ () C:\Users\Administrator\Desktop\cos.txt
2014-12-23 14:57 - 2014-12-23 14:57 - 00001155 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-12-23 14:57 - 2014-12-23 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-12-23 14:57 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2014-12-23 14:56 - 2014-12-23 15:17 - 00793800 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-12-23 14:56 - 2014-12-23 15:17 - 00141320 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-12-23 14:56 - 2014-12-23 14:56 - 00000000 ____D () C:\windows\ELAMBKUP
2014-12-23 14:56 - 2014-12-23 14:56 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-23 14:56 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2014-12-23 14:41 - 2014-12-24 15:51 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-23 14:37 - 2014-12-29 10:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-23 14:03 - 2014-12-23 22:52 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller (2).exe
2014-12-23 14:00 - 2014-12-23 14:41 - 00000000 _____ () C:\Users\Administrator\AppData\Local\cbavarij.log
2014-12-22 23:15 - 2014-12-22 23:15 - 00000064 _____ () C:\ProgramData\rnyxmjrx.log
2014-12-22 23:10 - 2014-12-22 23:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DAT1
2014-12-11 15:41 - 2014-12-11 15:41 - 00039754 _____ () C:\Users\Administrator\Downloads\Expenses September 12 Remigiusz Malinowski.xlsx
2014-12-11 15:41 - 2014-12-11 15:41 - 00039754 _____ () C:\Users\Administrator\Downloads\Expenses September 12 Remigiusz Malinowski (1).xlsx
2014-12-11 09:53 - 2014-12-11 09:53 - 00793469 _____ () C:\Users\Administrator\Downloads\Vauxhall agilla (1).zip
2014-12-11 09:52 - 2014-12-11 09:53 - 00793469 _____ () C:\Users\Administrator\Downloads\Vauxhall agilla.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 10:27 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-28 17:54 - 2009-07-14 04:45 - 00033872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 17:54 - 2009-07-14 04:45 - 00033872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 21:00 - 2012-02-28 11:49 - 00000622 _____ () C:\windows\Tasks\New scan.job
2014-12-26 20:37 - 2012-11-17 19:04 - 00000000 ____D () C:\windows\SysWOW64\directx
2014-12-26 20:36 - 2009-07-14 05:13 - 00785302 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-26 00:55 - 2012-02-20 13:08 - 00000000 ____D () C:\Users\Administrator
2014-12-25 23:42 - 2012-02-15 10:16 - 00000000 ____D () C:\Users\Tosh
2014-12-25 22:12 - 2012-08-25 08:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 21:28 - 2012-11-27 09:08 - 00007593 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-12-25 16:54 - 2011-05-04 09:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 16:30 - 2013-06-12 15:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
2014-12-25 13:29 - 2013-12-19 21:08 - 00000000 ____D () C:\Users\Administrator\Desktop\zdjecia
2014-12-24 13:59 - 2012-08-25 08:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 13:59 - 2012-08-25 08:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 13:27 - 2013-03-17 11:32 - 00003132 _____ () C:\windows\System32\Tasks\{044CB0A8-3CB9-4415-A378-2E1F608D7B89}
2014-12-24 13:27 - 2012-08-25 08:49 - 00003906 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-24 13:27 - 2012-08-25 08:49 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-24 13:26 - 2013-07-04 08:23 - 00003296 _____ () C:\windows\System32\Tasks\{F1465D97-457C-4E67-8840-76C5F78FADD5}
2014-12-24 13:15 - 2013-08-30 05:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-24 12:55 - 2012-02-20 12:30 - 00000000 ____D () C:\windows\system32\appmgmt
2014-12-24 12:14 - 2012-02-20 13:09 - 00086096 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-24 12:11 - 2009-07-14 04:45 - 00342432 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-24 11:40 - 2014-02-28 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2014-12-24 10:43 - 2013-02-14 10:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Krzysztof
2014-12-24 10:21 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-24 10:15 - 2014-01-02 09:03 - 00000025 _____ () C:\windows\SIERRA.INI
2014-12-24 10:07 - 2012-12-11 16:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-12-18 02:26 - 2014-10-14 16:39 - 00000000 ____D () C:\Users\Administrator\Desktop\BIOLOGIA COURSEWORK
2014-12-06 11:00 - 2013-05-09 18:30 - 00000000 ____D () C:\Users\Administrator\Desktop\REMIGIUSZ MALINOWSKI NOV E&J
2014-12-06 10:59 - 2013-01-18 07:15 - 00000000 ___RD () C:\Users\Administrator\Desktop\WOJTEK
2014-12-06 10:56 - 2014-03-06 17:44 - 00000000 ____D () C:\Users\Administrator\Desktop\Wojtek = organizacje terrorystyczne

Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 00:44

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by remigiuszm at 2014-12-29 10:34:22
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Disabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Disabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Universal v2 Uninstaller (HKLM\...\Lexmark Universal v2) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 pl) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 pl)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.11 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.7.4.317 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-12-2014 16:19:17 Removed Skype™ 6.21
25-12-2014 16:22:40 Removed Skype Click to Call
25-12-2014 16:31:15 Removed Sophos Anti-Virus
25-12-2014 16:31:53 Removed Google Earth Plug-in.
25-12-2014 16:32:32 Removed TomTom HOME.
25-12-2014 16:33:48 Removed TomTom HOME Visual Studio Merge Modules
25-12-2014 16:48:52 Removed Adobe Reader X (10.1.7) MUI.
25-12-2014 17:18:24 Removed ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
25-12-2014 18:08:30 Removed FaxRedist
25-12-2014 21:28:55 Norton_Power_Eraser_20141225212853376
25-12-2014 23:43:00 Windows Backup
26-12-2014 23:31:08 Windows Update
28-12-2014 19:00:51 Windows Backup

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16B41974-65ED-4767-B6F6-734A4CD759B9} - System32\Tasks\New scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-06-15] (Sophos Limited)
Task: {2E3151CA-29B9-4C0C-8A7B-2C1C534C90C0} - System32\Tasks\{F1465D97-457C-4E67-8840-76C5F78FADD5} => pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty - World at War\pbsetup.exe" -d "C:\Program Files (x86)\Activision\Call of Duty - World at War"
Task: {4CF11BBE-F8AD-47D9-A647-50046E08B9FA} - System32\Tasks\{044CB0A8-3CB9-4415-A378-2E1F608D7B89} => pcalua.exe -a C:\drivers\printer\5400\Setup.exe -d C:\drivers\printer\5400
Task: {55EB7A1E-A701-4D29-9EF9-D1D9C2E83648} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {97E96417-A411-46AD-9FED-59DC02D98DA4} - System32\Tasks\{244B6ED8-CBFB-4303-B77D-FC3B2FDA3357} => pcalua.exe -a C:\windows\IsUninst.exe -c -f"C:\Program Files (x86)\NovaLogic\IBS\Uninst.isu"
Task: {B952B471-02B2-42E8-A9BB-AEF24B6FCA5D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C0A1E76C-907D-4E33-B204-AED428131B07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {DABBFA28-A34A-4ECD-A01C-F3139FA3B823} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F5E45E2F-E48E-4998-8721-701B351443FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\New scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

==================== Loaded Modules (whitelisted) =============

2012-10-26 20:25 - 2006-10-18 06:24 - 00045056 _____ () C:\windows\System32\lxctpmon.dll
2012-10-26 20:25 - 2006-10-18 04:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll
2012-10-26 20:27 - 2006-11-13 03:40 - 00146432 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll
2011-04-04 17:18 - 2011-04-04 17:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:7BEAD6C2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47453343.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82011245.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47453343.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82011245.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: lxct_device => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: SAVAdminService => 2
MSCONFIG\Services: SAVService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Sophos AutoUpdate Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: swi_service => 2
MSCONFIG\Services: swi_update_64 => 2
MSCONFIG\Services: TemproMonitoringService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vToolbarUpdater15.2.0 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Lexmark 5400 Series => "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
MSCONFIG\startupreg: lxctmon.exe => "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\Administrator\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1652250393-3418216761-2567294232-500 - Administrator - Enabled)
Guest (S-1-5-21-1652250393-3418216761-2567294232-501 - Limited - Disabled)
SophosSAUTOSH-TOSH0 (S-1-5-21-1652250393-3418216761-2567294232-1005 - Limited - Enabled)
Tosh (S-1-5-21-1652250393-3418216761-2567294232-1000 - Administrator - Disabled) => C:\Users\Tosh

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/29/2014 10:28:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 05:49:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/28/2014 05:48:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 05:40:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.


System errors:
=============
Error: (12/29/2014 10:29:55 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (12/29/2014 10:29:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (12/29/2014 10:29:21 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: EVILLEJONES)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/29/2014 10:27:48 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/29/2014 10:27:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/29/2014 10:28:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 05:49:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/28/2014 05:48:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 05:40:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.


CodeIntegrity Errors:
===================================
  Date: 2014-12-27 17:41:28.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 17:31:00.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 17:31:00.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 17:31:00.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 16:49:09.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 27%
Total physical RAM: 4003.76 MB
Available physical RAM: 2922.17 MB
Total Pagefile: 8005.7 MB
Available Pagefile: 6823.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:178.45 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:140.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4771F166)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by remigiuszm at 2014-12-29 10:34:22
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Disabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Disabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Universal v2 Uninstaller (HKLM\...\Lexmark Universal v2) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 pl) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 pl)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.11 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.7.4.317 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-12-2014 16:19:17 Removed Skype™ 6.21
25-12-2014 16:22:40 Removed Skype Click to Call
25-12-2014 16:31:15 Removed Sophos Anti-Virus
25-12-2014 16:31:53 Removed Google Earth Plug-in.
25-12-2014 16:32:32 Removed TomTom HOME.
25-12-2014 16:33:48 Removed TomTom HOME Visual Studio Merge Modules
25-12-2014 16:48:52 Removed Adobe Reader X (10.1.7) MUI.
25-12-2014 17:18:24 Removed ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
25-12-2014 18:08:30 Removed FaxRedist
25-12-2014 21:28:55 Norton_Power_Eraser_20141225212853376
25-12-2014 23:43:00 Windows Backup
26-12-2014 23:31:08 Windows Update
28-12-2014 19:00:51 Windows Backup

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16B41974-65ED-4767-B6F6-734A4CD759B9} - System32\Tasks\New scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2012-06-15] (Sophos Limited)
Task: {2E3151CA-29B9-4C0C-8A7B-2C1C534C90C0} - System32\Tasks\{F1465D97-457C-4E67-8840-76C5F78FADD5} => pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty - World at War\pbsetup.exe" -d "C:\Program Files (x86)\Activision\Call of Duty - World at War"
Task: {4CF11BBE-F8AD-47D9-A647-50046E08B9FA} - System32\Tasks\{044CB0A8-3CB9-4415-A378-2E1F608D7B89} => pcalua.exe -a C:\drivers\printer\5400\Setup.exe -d C:\drivers\printer\5400
Task: {55EB7A1E-A701-4D29-9EF9-D1D9C2E83648} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {97E96417-A411-46AD-9FED-59DC02D98DA4} - System32\Tasks\{244B6ED8-CBFB-4303-B77D-FC3B2FDA3357} => pcalua.exe -a C:\windows\IsUninst.exe -c -f"C:\Program Files (x86)\NovaLogic\IBS\Uninst.isu"
Task: {B952B471-02B2-42E8-A9BB-AEF24B6FCA5D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C0A1E76C-907D-4E33-B204-AED428131B07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {DABBFA28-A34A-4ECD-A01C-F3139FA3B823} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F5E45E2F-E48E-4998-8721-701B351443FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\New scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

==================== Loaded Modules (whitelisted) =============

2012-10-26 20:25 - 2006-10-18 06:24 - 00045056 _____ () C:\windows\System32\lxctpmon.dll
2012-10-26 20:25 - 2006-10-18 04:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll
2012-10-26 20:27 - 2006-11-13 03:40 - 00146432 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll
2011-04-04 17:18 - 2011-04-04 17:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:7BEAD6C2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47453343.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82011245.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47453343.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82011245.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: lxct_device => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: SAVAdminService => 2
MSCONFIG\Services: SAVService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Sophos AutoUpdate Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: swi_service => 2
MSCONFIG\Services: swi_update_64 => 2
MSCONFIG\Services: TemproMonitoringService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vToolbarUpdater15.2.0 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Lexmark 5400 Series => "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
MSCONFIG\startupreg: lxctmon.exe => "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\Administrator\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1652250393-3418216761-2567294232-500 - Administrator - Enabled)
Guest (S-1-5-21-1652250393-3418216761-2567294232-501 - Limited - Disabled)
SophosSAUTOSH-TOSH0 (S-1-5-21-1652250393-3418216761-2567294232-1005 - Limited - Enabled)
Tosh (S-1-5-21-1652250393-3418216761-2567294232-1000 - Administrator - Disabled) => C:\Users\Tosh

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/29/2014 10:28:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 05:49:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/28/2014 05:48:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 05:40:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.


System errors:
=============
Error: (12/29/2014 10:29:55 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (12/29/2014 10:29:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (12/29/2014 10:29:21 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: EVILLEJONES)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/29/2014 10:27:48 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/29/2014 10:27:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/29/2014 10:27:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/29/2014 10:30:41 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/29/2014 10:28:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 05:49:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/28/2014 05:49:18 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/28/2014 05:48:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 05:40:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/27/2014 00:55:06 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.


CodeIntegrity Errors:
===================================
  Date: 2014-12-27 17:41:28.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-27 17:41:28.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 17:31:00.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 17:31:00.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 17:31:00.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-26 16:49:09.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 27%
Total physical RAM: 4003.76 MB
Available physical RAM: 2922.17 MB
Total Pagefile: 8005.7 MB
Available Pagefile: 6823.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:178.45 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:140.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4771F166)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 29 December 2014 - 09:51 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {F8AA9E5A-DD31-417D-9544-FBD66EA140EE} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F8AA9E5A-DD31-417D-9544-FBD66EA140EE} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1535349040-3773854965-2112344007-3215 -> {411D4A36-E049-4F05-A134-6EBA0B7092DA} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - !{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -  No File
Toolbar: HKLM - No Name - !{73455575-E40C-433C-9784-C78DC7761455} -  No File
Toolbar: HKLM - No Name - !{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -  No File
Toolbar: HKLM - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -  No File
Toolbar: HKLM-x32 - No Name - !{73455575-E40C-433C-9784-C78DC7761455} -  No File
Toolbar: HKLM-x32 - No Name - !{7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -  No File
Toolbar: HKLM-x32 - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 utk0mti5; C:\windows\SysWOW64\Drivers\utk0mti5.sys [7168 2014-12-24] () [File not signed]
AlternateDataStreams: C:\ProgramData\TEMP:7BEAD6C2
C:\windows\SysWOW64\Drivers\utk0mti5.sys

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 Glombak

Glombak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 29 December 2014 - 03:30 PM

The computer is running normally, I don't see any signs of infection, neither does Kaspersky.

I'll post fixlog.txt here and checkup.txt in the next post.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by remigiuszm at 2014-12-29 20:18:18 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profile: remigiuszm (Available profiles: remigiuszm & Tosh)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {F8AA9E5A-DD31-417D-9544-FBD66EA140EE} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F8AA9E5A-DD31-417D-9544-FBD66EA140EE} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1535349040-3773854965-2112344007-3215 -> {411D4A36-E049-4F05-A134-6EBA0B7092DA} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - !{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -  No File
Toolbar: HKLM - No Name - !{73455575-E40C-433C-9784-C78DC7761455} -  No File
Toolbar: HKLM - No Name - !{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -  No File
Toolbar: HKLM - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -  No File
Toolbar: HKLM-x32 - No Name - !{73455575-E40C-433C-9784-C78DC7761455} -  No File
Toolbar: HKLM-x32 - No Name - !{7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -  No File
Toolbar: HKLM-x32 - No Name - !{E33CF602-D945-461A-83F0-819F76A199F8} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 utk0mti5; C:\windows\SysWOW64\Drivers\utk0mti5.sys [7168 2014-12-24] () [File not signed]
AlternateDataStreams: C:\ProgramData\TEMP:7BEAD6C2
C:\windows\SysWOW64\Drivers\utk0mti5.sys

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8AA9E5A-DD31-417D-9544-FBD66EA140EE}" => Key deleted successfully.
HKCR\CLSID\{F8AA9E5A-DD31-417D-9544-FBD66EA140EE} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F8AA9E5A-DD31-417D-9544-FBD66EA140EE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F8AA9E5A-DD31-417D-9544-FBD66EA140EE} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1535349040-3773854965-2112344007-3215\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{411D4A36-E049-4F05-A134-6EBA0B7092DA}" => Key deleted successfully.
HKCR\CLSID\{411D4A36-E049-4F05-A134-6EBA0B7092DA} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} => value deleted successfully.
HKCR\CLSID\!{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{73455575-E40C-433C-9784-C78DC7761455} => value deleted successfully.
HKCR\CLSID\!{73455575-E40C-433C-9784-C78DC7761455} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} => value deleted successfully.
HKCR\CLSID\!{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{E33CF602-D945-461A-83F0-819F76A199F8} => value deleted successfully.
HKCR\CLSID\!{E33CF602-D945-461A-83F0-819F76A199F8} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{73455575-E40C-433C-9784-C78DC7761455} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{73455575-E40C-433C-9784-C78DC7761455} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{E33CF602-D945-461A-83F0-819F76A199F8} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{E33CF602-D945-461A-83F0-819F76A199F8} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKCR\PROTOCOLS\Handler\skype4com" => Key deleted successfully.
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
utk0mti5 => Service deleted successfully.
C:\ProgramData\TEMP => ":7BEAD6C2" ADS removed successfully.
C:\windows\SysWOW64\Drivers\utk0mti5.sys => Moved successfully.


The system needed a reboot.

==== End of Fixlog 20:19:03 ====



#9 Glombak

Glombak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 29 December 2014 - 03:34 PM

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Sophos Anti-Virus             
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 30 December 2014 - 10:22 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 Glombak

Glombak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 30 December 2014 - 12:12 PM

Thank you very much, it was very helpful :)



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 30 December 2014 - 02:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users