Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jelbrus Secure Web + Live Malware Protection


  • This topic is locked This topic is locked
14 replies to this topic

#1 clef

clef

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 27 February 2015 - 08:23 PM

Hi to all and thanks for your work

 

I have an attack after a bad download and install. 

The result is redirection to adds websites after to click a link or to select a field of a form, etc ... 

My attention was to see each time I click the icon google in the taskbar a second appear and open.

I check the link of the shortcut andit was change to a folder Jelbrus Secure Web. I discover a proxy in the internet connection :127.0.0.1:8118, also with the task Manager some new process and services.

I make a search to see the files with the same date and hour in my computer.

 

NameFile                                   DateFile                            DateNewFolder
 
upd_v614.exe                            ‎11 ‎February ‎2015, ‏‎17:40:46      16 ‎February ‎2015, ‏‎16:53:02
malware_defender_v1.exe        ‎07 ‎February ‎2015, ‏‎14:02:34      ‎16 ‎February ‎2015, ‏‎16:53:01
Google Chrome.link ‎                  16 ‎February ‎2015, ‏‎16:53:36     
Google Chrome.link (on desktop) ‎16 ‎February ‎2015, ‏‎16:53:37       
privoxy.log                                     ‎16 ‎February ‎2015, ‏‎16:53:35
default.filter                                 16 ‎February ‎2015, ‏‎16:53:24
mgwz.dll                ‎        16 ‎February ‎2015, ‏‎16:53:24
config.txt                         16 ‎February ‎2015, ‏‎16:53:24
default.action                ‎16 ‎February ‎2015, ‏‎16:53:24
default.action                ‎16 ‎February ‎2015, ‏‎16:53:24
privoxy.exe                ‎16 ‎February ‎2015, ‏‎16:53:24
jsie.dll                         ‎16 ‎February ‎2015, ‏‎16:53:24
jswff.exe                     ‎16 ‎February ‎2015, ‏‎16:53:24
jsweb64.dll                ‎16 ‎February ‎2015, ‏‎16:53:24
jswchromium64.exe        ‎16 ‎February ‎2015, ‏‎16:53:24
00000015 ‎                 16 ‎February ‎2015, ‏‎16:53:23
index.xml ‎                  16 ‎February ‎2015, ‏‎16:53:23
jswchromium.exe                ‎16 ‎February ‎2015, ‏‎16:53:13
jswtask.exe                   ‎16 ‎February ‎2015, ‏‎16:53:13
mlwps.exe                    ‎16 ‎February ‎2015, ‏‎16:53:09
trz760D.tmp                ‎16 ‎February ‎2015, ‏‎16:53:06
8E4E510F44A56B8C8ECFEC352907C373_EF66476FB131116A2B8AADAAAEEDE26A ‎16 ‎February ‎2015, ‏‎16:53:05
F3BE.tmp                    ‎16 ‎February ‎2015, ‏‎16:53:03
8E4E510F44A56B8C8ECFEC352907C373_EF66476FB131116A2B8AADAAAEEDE26A ‎16 ‎February ‎2015, ‏‎16:52:35
Report.wer                   ‎16 ‎February ‎2015, ‏‎16:56:17
TileCacheLogo-290736625_100.dat 16 ‎February ‎2015, ‏‎17:03:14
 

I attach the file where the location are.

 

We see the timing and the progress of the install. In my case "Jelbrus Secure Web + Live Malware Protection " is linked. I compare with the topic 

open the 10 Feb 2015 and close the 19Feb 2015 and managed by OCD.
He don't  mention The mlwps.exe (Live Malware Protection)
Can I use the same "repair" as this topic to remove the two?  My OS is Windows 8 updated 8.1, Google, Avast (who is neutralised)

 

All help to be welcome.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 01 March 2015 - 12:26 PM

Hello 

clef

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 clef

clef
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 01 March 2015 - 08:10 PM

Hello fireman4it

 

I am glad to meet you and thanks for that and all the team

 

Before your files I would like to notice you

If I start with no connection internet (no wifi no ethernet) the proxy not run when I reconnect the ethernet and I surf with no ads. If I start my laptop with a connection and I close the proxy, he connect alone and the ramdom ads come back on click to link or in field of a form.

 

 

After the clean of Adwcleaner in the proxy windows I don't see the value of 127.0.0.1  8118 and he start with no proxy.

 

I go to bed now and I check here in few hours

 

Thanks you for your time.

 

I run  AdwCleaner

 

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 02:28:24

# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Sue - SW6
# Running from : C:\Users\Sue\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : DatamngrCoordinator
Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Program Files (x86)\Movies App
Folder Deleted : C:\Users\Sue\AppData\Local\torch
Folder Deleted : C:\Users\Sue\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg
File Deleted : C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2448}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2448}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [3540 bytes] - [02/03/2015 02:19:03]
AdwCleaner[S0].txt - [3113 bytes] - [02/03/2015 02:28:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3172  bytes] ##########
 
 
 
 
 
FRST log
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Sue (administrator) on SW6 on 02-03-2015 02:36:31
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue (Available profiles: Sue & WFZC)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AV Security Software) C:\Windows\mlwps.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(GCT) C:\Program Files (x86)\Magicbox\Voice 220\Voice 220.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Magicbox\Voice 220\player_btn.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
() C:\Program Files (x86)\Magicbox\Voice 220\player_setting.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-22] (Pegatron Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [591696 2008-05-07] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-73445902-2519470046-259975719-1001\...\Run: [Voice 220] => C:\Program Files (x86)\Magicbox\Voice 220\Voice 220.exe [102400 2007-02-06] (GCT)
HKU\S-1-5-21-73445902-2519470046-259975719-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\WFZC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.0.lnk
ShortcutTarget: LibreOffice 4.0.lnk -> C:\Program Files (x86)\LibreOffice 4.0\program\quickstart.exe (No File)
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\movies app\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\movies app\datamngr\apcrtldr.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-73445902-2519470046-259975719-1001 -> {4B41ED83-FA33-412C-8653-4011460C69E2} URL = 
BHO: Movies Search App (Dist. by Torch Media, Inc.) -> {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} -> C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~4.DLL No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Movies Search App (Dist. by Torch Media, Inc.) -> {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} -> C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~2.DLL No File
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Movies Search App (Dist. by Torch Media, Inc.) - {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~4.DLL No File
Toolbar: HKLM-x32 - Movies Search App (Dist. by Torch Media, Inc.) - {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~2.DLL No File
Toolbar: HKU\S-1-5-21-73445902-2519470046-259975719-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-73445902-2519470046-259975719-1001: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\LibreOffice 4\program ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://home.torchbrowser.com/?systemid=448&appid=144&ua=Torch
CHR StartupUrls: Default -> "hxxp://home.torchbrowser.com/?systemid=448&appid=144&ua=Torch", "torch://start"
CHR Profile: C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-12-08]
CHR Extension: (Google Slides) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-02]
CHR Extension: (Prezi) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg [2014-12-08]
CHR Extension: (Sudoku) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2014-12-08]
CHR Extension: (Google Docs) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-02]
CHR Extension: (Google Drive) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-02]
CHR Extension: (UJAM - Make your music.) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2014-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-02]
CHR Extension: (YouTube) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-02]
CHR Extension: (Google Cast) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-03]
CHR Extension: (Link Grabber) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\caodelkhipncidmoebgbbeemedohcdma [2015-01-21]
CHR Extension: (Google Search) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-02]
CHR Extension: (Scrape.it Web Scraper) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\dahgmkmenffebhjdnmlemhbjiocpbbon [2015-01-21]
CHR Extension: (SEO SERP Workbench) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2014-12-03]
CHR Extension: (Google Apps Script) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoieeedlomnegifmaghhjnghhmcldobl [2014-12-08]
CHR Extension: (Google Sheets) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-02]
CHR Extension: (Caret) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljalecfjciodhpcledpamjachpmelml [2014-12-08]
CHR Extension: (Avast Online Security) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
CHR Extension: (Dimensions Legacy) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmihohhdcbejdkidbfijmfehjbnmifk [2014-12-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-21]
CHR Extension: (Pinegrow Web Designer) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpddbdepndjfcccdmoogflacnflpoka [2014-12-08]
CHR Extension: (Email Extractor) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdianbbpnakhcmfkcckaboohfgnngfcc [2015-01-21]
CHR Extension: (Pixlr Touch Up) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-12-08]
CHR Extension: (Web Scraper) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2015-01-21]
CHR Extension: (SEO Tool 2015) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladhladelompbblgdnnejbeljfbjkeol [2014-12-08]
CHR Extension: (Currency Converter) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2014-12-08]
CHR Extension: (HTML5 Animation & Widget Designer) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkiefejkflopfbagflkahaakmfjjdbd [2014-12-08]
CHR Extension: (NodeFire HTML5 Menu Builder) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mejleipjfgbhnkmedifmppclnbofncdp [2014-12-08]
CHR Extension: (Until AM for Chrome) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-12-03]
CHR Extension: (PHP Docs-to-go) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlilmganaobieaclflbciblffhaagnip [2014-12-08]
CHR Extension: (GetThemAll Downloader) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-01-21]
CHR Extension: (CSS Shapes Editor) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenndldnbcncjmeacmnondmkkfedmgmp [2014-12-22]
CHR Extension: (Mobincube - FREE smartphone App builder) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfbnofjiempfokaedcfllenpopocpjid [2014-12-08]
CHR Extension: (Edge: The Web Ruler) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\njlkegdphefeellhaongiopcfgcinikh [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
CHR Extension: (DataMiner) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2015-01-21]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2014-12-08]
CHR Extension: (CSS3 Generator) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\objoeachdkkeopnmlgablcjhifbahmbg [2014-12-08]
CHR Extension: (Web Server for Chrome) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofhbbkphhbklhfoeikjpcbhemlocgigb [2014-12-08]
CHR Extension: (Swimbi - CSS Menu Maker) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifipbbfaomegkfhpdbopinkndcdmaop [2014-12-08]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-21]
CHR Extension: (Coding the Web) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbinfbikhndabcdlabpcbhggkcdakgfg [2014-12-08]
CHR Extension: (Gmail) - C:\Users\Sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-29] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-29] (Avast Software)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Live Malware Protection; C:\WINDOWS\mlwps.exe [239104 2015-02-16] (AV Security Software) [File not signed] <==== ATTENTION
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-02-16] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-29] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-29] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-25] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 02:36 - 2015-03-02 02:37 - 00023646 _____ () C:\Users\Sue\Desktop\FRST.txt
2015-03-02 02:35 - 2015-03-02 02:35 - 00000000 ____D () C:\Users\Sue\Desktop\FRST-OlderVersion
2015-03-02 02:34 - 2015-03-02 02:35 - 00000197 _____ () C:\WINDOWS\system32\2015-03-02-00-34-01.023-AvastVBoxSVC.exe-3856.log
2015-03-02 02:18 - 2015-03-02 02:29 - 00000000 ____D () C:\AdwCleaner
2015-03-02 02:17 - 2015-02-28 15:12 - 02126848 _____ () C:\Users\Sue\Desktop\AdwCleaner.exe
2015-03-02 01:51 - 2015-03-02 01:51 - 00379899 _____ () C:\Users\Sue\Downloads\notepad2_4.2.25_x64.zip
2015-03-02 01:51 - 2015-03-02 01:51 - 00358912 _____ () C:\Users\Sue\Downloads\Notepad2_4.2.25_x64.exe
2015-03-02 01:33 - 2015-03-02 01:34 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Sue\Downloads\cbSetup.exe
2015-03-02 01:10 - 2015-03-02 01:10 - 01132032 _____ (Farbar) C:\Users\Sue\Downloads\FRST.exe
2015-03-01 10:11 - 2015-03-02 02:16 - 00000000 ____D () C:\Users\Sue\Desktop\Start
2015-02-28 12:57 - 2015-03-02 02:36 - 00000000 ____D () C:\FRST
2015-02-28 12:51 - 2015-03-02 02:35 - 02092544 _____ (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2015-02-28 12:24 - 2015-02-28 12:35 - 00000000 ____D () C:\Users\Sue\Desktop\Folders
2015-02-28 12:24 - 2015-02-28 12:30 - 00000000 ____D () C:\Users\Sue\Desktop\Files
2015-02-28 12:03 - 2015-02-28 12:03 - 00852604 _____ () C:\Users\Sue\Desktop\SecurityCheck.exe
2015-02-27 13:02 - 2015-02-27 13:02 - 00000146 _____ () C:\Users\Sue\Desktop\Internet Options - Shortcut.lnk
2015-02-26 19:54 - 2015-02-28 03:14 - 00018432 _____ () C:\Users\Sue\Documents\JelbusSecureWeb.xls
2015-02-25 23:02 - 2015-02-25 23:03 - 00000197 _____ () C:\WINDOWS\system32\2015-02-25-21-02-53.056-AvastVBoxSVC.exe-3068.log
2015-02-25 22:59 - 2015-02-25 22:59 - 00000197 _____ () C:\WINDOWS\system32\2015-02-25-20-59-03.064-AvastVBoxSVC.exe-3788.log
2015-02-25 16:24 - 2015-02-25 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 11:03 - 2015-02-25 11:04 - 00001821 _____ () C:\Users\Sue\Desktop\chrome.exe - Shortcut.lnk
2015-02-25 10:27 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 10:27 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 10:27 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 10:27 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 10:27 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 10:27 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-25 10:24 - 2015-02-25 10:24 - 00000197 _____ () C:\WINDOWS\system32\2015-02-25-08-24-11.018-AvastVBoxSVC.exe-2172.log
2015-02-24 21:25 - 2015-02-24 21:25 - 00014336 _____ () C:\Users\Sue\Documents\DimitrisDeclaration IKA2014.xls
2015-02-24 11:03 - 2015-02-24 11:05 - 00000197 _____ () C:\WINDOWS\system32\2015-02-24-09-03-16.036-AvastVBoxSVC.exe-2764.log
2015-02-23 17:34 - 2015-02-23 17:34 - 00000000 ____D () C:\Users\Sue\AppData\Local\Apps\2.0
2015-02-23 16:53 - 2015-02-16 16:53 - 00851968 _____ () C:\Users\Sue\AppData\Roaming\trz760D.tmp
2015-02-18 00:47 - 2015-02-16 16:53 - 00000021 _____ () C:\Users\Sue\Documents\default.action
2015-02-16 16:53 - 2015-03-01 11:07 - 00003264 _____ () C:\WINDOWS\System32\Tasks\Jelbrus Secure Web Task
2015-02-16 16:53 - 2015-02-16 16:53 - 00239104 _____ (AV Security Software) C:\WINDOWS\mlwps.exe
2015-02-16 16:53 - 2015-02-16 16:53 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2015-02-16 16:53 - 2015-02-16 16:53 - 00000000 _____ () C:\Users\Sue\AppData\Roaming\F3BE.tmp
2015-02-13 08:20 - 2015-02-13 08:21 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-06-20-39.072-AvastVBoxSVC.exe-2564.log
2015-02-12 09:05 - 2015-01-23 06:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 09:05 - 2015-01-23 05:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 08:44 - 2015-02-12 08:44 - 00000197 _____ () C:\WINDOWS\system32\2015-02-12-06-44-26.068-AvastVBoxSVC.exe-1648.log
2015-02-11 08:59 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 08:59 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 08:59 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 08:59 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 08:59 - 2015-01-14 00:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 08:59 - 2015-01-14 00:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 08:59 - 2015-01-10 11:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 08:59 - 2015-01-10 11:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 08:59 - 2015-01-10 10:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 08:59 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 08:59 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 08:59 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 08:59 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 08:59 - 2014-12-09 01:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 08:59 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 08:59 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 08:59 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 08:59 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 08:59 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 08:59 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 08:59 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 08:59 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 08:59 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 08:59 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 08:59 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 08:59 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 08:59 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 08:58 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 08:58 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 08:58 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 08:58 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 08:58 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 08:58 - 2015-01-12 04:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 08:58 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 08:58 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 08:58 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 08:58 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 08:58 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 08:58 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 08:58 - 2015-01-12 03:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 08:58 - 2015-01-12 03:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 08:58 - 2015-01-12 03:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 08:58 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 08:58 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 08:58 - 2015-01-12 03:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 08:58 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 08:58 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 08:58 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 08:58 - 2015-01-12 03:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 08:58 - 2015-01-12 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 08:58 - 2015-01-12 03:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 08:58 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 08:58 - 2015-01-12 03:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 08:58 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 08:58 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 08:58 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 08:58 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 08:58 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 08:58 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 08:58 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 08:58 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 08:58 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 08:58 - 2015-01-10 10:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 08:58 - 2015-01-10 09:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 08:58 - 2015-01-10 08:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-09 15:40 - 2015-02-09 15:40 - 00002114 _____ () C:\Users\Sue\AppData\Local\recently-used.xbel
2015-02-07 15:54 - 2008-08-16 12:41 - 00000512 ____H () C:\Users\Sue\Documents\NIKON001.DSC
2015-02-06 17:57 - 2015-02-06 17:58 - 00000197 _____ () C:\WINDOWS\system32\2015-02-06-15-57-28.072-AvastVBoxSVC.exe-2956.log
2015-02-06 14:03 - 2015-02-06 14:03 - 00581714 _____ () C:\Users\Sue\Documents\Insurance2015_3150_2015-02-05_15.29.28.tif
2015-02-03 11:16 - 2015-02-03 11:16 - 00001516 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2015-02-03 11:15 - 2015-02-03 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-02-03 10:57 - 2015-03-01 19:49 - 00000000 ____D () C:\Users\Sue\Downloads\Tools
2015-02-03 10:56 - 2015-02-03 10:57 - 00000000 ____D () C:\Users\Sue\Downloads\Google
2015-02-03 10:55 - 2015-02-03 10:56 - 00000000 ____D () C:\Users\Sue\Downloads\Graphics
2015-02-03 10:53 - 2015-02-03 10:54 - 00000000 ____D () C:\Users\Sue\Downloads\Sounds
2015-02-03 10:51 - 2015-02-03 13:07 - 00000000 ____D () C:\Users\Sue\Downloads\LibreOffice
2015-02-03 10:49 - 2015-02-03 10:50 - 00000000 ____D () C:\Users\Sue\Downloads\Fly
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 02:35 - 2014-11-25 09:47 - 01867533 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-02 02:34 - 2013-11-23 14:21 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\Skype
2015-03-02 02:32 - 2014-12-02 19:34 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 02:31 - 2013-08-22 16:46 - 00340900 _____ () C:\WINDOWS\setupact.log
2015-03-02 02:31 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 02:30 - 2014-12-17 21:10 - 00000000 ____D () C:\ProgramData\Datamngr
2015-03-02 02:30 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 02:21 - 2014-12-02 19:34 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 02:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-01 19:46 - 2014-09-24 18:21 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-01 10:13 - 2013-01-03 18:05 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\CoffeeCup Software
2015-03-01 09:36 - 2014-09-24 08:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-01 09:36 - 2013-11-23 14:21 - 00000000 ____D () C:\ProgramData\Skype
2015-02-28 12:36 - 2012-12-11 15:24 - 00000000 ___RD () C:\Users\Sue\Desktop\Soft
2015-02-28 12:27 - 2013-01-20 09:37 - 00000000 ____D () C:\Users\Sue\My Tools
2015-02-27 14:12 - 2012-12-11 02:03 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-73445902-2519470046-259975719-1001
2015-02-27 13:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-26 01:32 - 2014-11-25 09:20 - 00000000 ____D () C:\Users\Sue
2015-02-25 22:57 - 2012-12-29 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 14:52 - 2013-10-09 09:05 - 00000000 ____D () C:\Users\Sue\Desktop\WFZC
2015-02-25 10:46 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 19:04 - 2013-10-09 09:04 - 00000000 ____D () C:\Users\Sue\Desktop\LGR
2015-02-24 11:00 - 2014-09-24 10:08 - 00016168 _____ () C:\WINDOWS\PFRO.log
2015-02-23 14:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-22 13:05 - 2013-10-01 17:21 - 21712896 _____ () C:\Users\Sue\Desktop\Resc2.mdb
2015-02-15 01:38 - 2013-11-03 20:47 - 00000000 ____D () C:\Users\Sue\AppData\Roaming\vlc
2015-02-12 10:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 08:41 - 2013-08-22 16:44 - 00527744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 09:12 - 2013-09-21 11:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 09:01 - 2012-12-13 13:46 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-09 15:40 - 2014-03-11 12:43 - 00000000 ____D () C:\Users\Sue\AppData\Local\gtk-2.0
2015-02-09 15:40 - 2014-03-11 12:22 - 00000000 ____D () C:\Users\Sue\.gimp-2.8
2015-02-09 11:13 - 2014-09-01 15:21 - 00182343 _____ () C:\WINDOWS\hpwins27.dat
2015-02-09 11:13 - 2014-09-01 15:21 - 00005910 _____ () C:\ProgramData\hpzinstall.log
2015-02-09 11:02 - 2012-07-26 07:26 - 00000234 _____ () C:\WINDOWS\win.ini
2015-02-07 19:11 - 2013-10-01 17:19 - 00000000 ____D () C:\Users\Sue\Desktop\Clef
2015-02-07 14:03 - 2013-12-31 18:02 - 00000000 ____D () C:\Users\Sue\Documents\USB_backUp
2015-02-04 20:42 - 2012-12-11 01:56 - 00000000 ____D () C:\Users\Sue\AppData\Local\Packages
2015-02-04 00:16 - 2014-12-02 19:34 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 00:16 - 2014-12-02 19:34 - 00003650 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 21:31 - 2014-12-11 10:17 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 21:31 - 2014-12-11 10:17 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 14:43 - 2013-01-28 00:07 - 00595968 _____ () C:\Users\Sue\AppData\Roaming\SharedSettings.ccs
2015-02-03 11:15 - 2014-11-27 19:23 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-02-02 06:28 - 2012-07-26 07:26 - 00000219 _____ () C:\WINDOWS\system.ini
2015-01-31 20:57 - 2015-01-29 17:24 - 00000000 ____D () C:\Users\Sue\Downloads\Grange
 
==================== Files in the root of some directories =======
 
2015-02-16 16:53 - 2015-02-16 16:53 - 0000000 _____ () C:\Users\Sue\AppData\Roaming\F3BE.tmp
2013-01-28 00:07 - 2015-02-03 14:43 - 0595968 _____ () C:\Users\Sue\AppData\Roaming\SharedSettings.ccs
2015-02-23 16:53 - 2015-02-16 16:53 - 0851968 _____ () C:\Users\Sue\AppData\Roaming\trz760D.tmp
2015-02-09 15:40 - 2015-02-09 15:40 - 0002114 _____ () C:\Users\Sue\AppData\Local\recently-used.xbel
2014-11-18 10:37 - 2014-12-06 18:43 - 0007594 _____ () C:\Users\Sue\AppData\Local\Resmon.ResmonCfg
2014-05-11 00:47 - 2014-05-11 00:47 - 0005013 _____ () C:\ProgramData\duavsiev.mnv
2014-09-01 15:21 - 2015-02-09 11:13 - 0005910 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Sue\AppData\Local\Temp\aev8_setup.exe
C:\Users\Sue\AppData\Local\Temp\Quarantine.exe
C:\Users\Sue\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sue\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-01 09:44
 
==================== End Of Log ============================
 
 
 
ADDITION
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Sue at 2015-03-02 02:37:37
Running from C:\Users\Sue\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510af_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510af (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Advanced Administrative Tools (HKLM-x32\...\Advanced Administrative Tools) (Version: 5.80 - G-Lock Software)
Advanced Email Verifier (HKLM-x32\...\Advanced Email Verifier_is1) (Version: 8.2.3.390 - G-Lock Software)
ALIAS Email List Manager 1.0.0 (HKLM-x32\...\ALIAS Email List Manager 1.0.0_is1) (Version: 2.0.0 - ALIAS Software)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AutoCAD Express Tools Volumes 1-9 (HKLM-x32\...\{5783F2D7-0211-0409-0000-0060B0CE6BBA}) (Version: 1.0.0.0 - Autodesk)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Boxxer Email-Phone-Fax Extractor (HKLM-x32\...\{1E146C79-EDBD-4961-833C-1E86A5491C87}) (Version: 3.0 - Exar Software Research Pvt Ltd)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CDR Viewer (HKLM-x32\...\{37955B24-82BC-4160-A867-285B87E62519}_is1) (Version:  - IdeaMK)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CoffeeCup Direct FTP (HKLM-x32\...\{88741A14-4C9D-469F-BA36-8FDF6037BB68}) (Version: 3.9.2015 - CoffeeCup Software Inc.)
CoffeeCup Flash FireStarter (HKLM-x32\...\CoffeeCup Flash FireStarter) (Version:  - )
CoffeeCup HTML Editor (HKU\S-1-5-21-73445902-2519470046-259975719-1001\...\CoffeeCup HTML Editor) (Version:  - )
CoffeeCup Image Mapper (HKLM-x32\...\CoffeeCup Image Mapper) (Version:  - )
CoffeeCup MP3 Rip & Burn (HKLM-x32\...\CoffeeCup MP3 Rip & Burn) (Version:  - )
CoffeeCup Password Wizard (HKLM-x32\...\CoffeeCup Password Wizard) (Version:  - )
CoffeeCup PixConverter (HKLM-x32\...\CoffeeCup PixConverter) (Version:  - CoffeeCup Software)
CoffeeCup StyleSheet Maker (HKLM-x32\...\CoffeeCup StyleSheet Maker) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EASEUS Data Recovery Wizard Professional 4.0.1 (HKLM-x32\...\{55BB6B67-EA70-4DD2-974D-9B9093BDA946}) (Version: 4.0.1 - EASEUS)
eDrawings 2014 x64 (HKLM\...\{A3FD5A58-C731-4DE7-BB86-2B4BB18CCE5D}) (Version: 14.3.107 - Dassault Systèmes SolidWorks Corp)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.01.00 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual (HKLM-x32\...\EPSON Stylus Office BX600FW_Office TX600FW_SX600FW User’s Guide) (Version:  - )
EPSON SX600FW Series Printer Uninstall (HKLM\...\EPSON SX600FW Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.2.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4h - SEIKO EPSON CORPORATION)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
G-Lock EasyMail (HKLM-x32\...\G-Lock EasyMail v6.89_is1) (Version: 6.89 - G-Lock Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
KWHotel Free FR (0.41.42) (HKLM-x32\...\KWHotel) (Version: 0.41.42.0 - KajWare)
LibreOffice 4.3 Help Pack (English (United Kingdom)) (HKLM-x32\...\{CF4587A8-20DF-4436-98FA-C29B45922887}) (Version: 4.3.4.1 - The Document Foundation)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movies Search App for Internet Explorer (Dist. by Torch Media, Inc.) (HKLM-x32\...\torchimeshmoviestoolbarIE) (Version: 2.1.0.0 - IAC Search and Media, Inc.) <==== ATTENTION
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
SafeCast Shared Components (HKLM-x32\...\CdaC13Ba) (Version:  - Macrovision)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voice 220 V3.0.0.0 (HKLM-x32\...\Voice 220_is1) (Version:  - )
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
WinHTTrack Website Copier 3.48-19 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-73445902-2519470046-259975719-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-73445902-2519470046-259975719-1001_Classes\CLSID\{00000002-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-73445902-2519470046-259975719-1001_Classes\CLSID\{00000003-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-73445902-2519470046-259975719-1001_Classes\CLSID\{00000006-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
 
==================== Restore Points  =========================
 
11-02-2015 09:00:31 Windows Update
18-02-2015 12:54:21 Scheduled Checkpoint
25-02-2015 10:45:31 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1622ED03-196B-40B2-A003-2403DD85EC3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
Task: {26C895A2-626C-4FF1-8A37-022CD39C84C2} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {34DA3982-2058-4C99-AAB1-1351C5107F10} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-29] (AVAST Software)
Task: {40957594-C5A1-4F55-A729-283B8332274A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {4AF0B59B-D9BC-4762-A4FB-4AF9514E31ED} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-16] (Jelbrus) <==== ATTENTION
Task: {A7FFFDC4-770D-41D6-B17B-8D49AECCEC46} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {AB154605-8179-4DCE-9682-A4F24BDCE1B7} - System32\Tasks\{2BA893C1-BF1B-4311-85BD-9C4A4CCBA96B} => pcalua.exe -a C:\Users\Sue\Downloads\LCVM_PCDRV_US_1_03_02.exe -d C:\Users\Sue\Downloads
Task: {BC76C807-633C-42E3-A088-89429F14DB8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
Task: {BCCF3845-F620-495E-8ECE-3AE5DD1538E8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {CDA4530B-4320-4A10-B032-3773E903EC1A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-10-13 16:38 - 2011-10-13 16:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2014-11-29 12:07 - 2014-11-29 12:07 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-29 12:07 - 2014-11-29 12:07 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2012-12-24 21:10 - 2006-11-22 20:56 - 00024576 _____ () C:\Program Files (x86)\Magicbox\Voice 220\player_btn.exe
2012-12-24 21:10 - 2006-11-23 19:52 - 00024576 _____ () C:\Program Files (x86)\Magicbox\Voice 220\player_setting.exe
2014-11-25 11:16 - 2014-11-25 11:16 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-01-14 21:24 - 2015-01-14 21:24 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2014-11-25 11:16 - 2014-11-25 11:16 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-03-02 02:13 - 2015-03-02 02:13 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15030101\algo.dll
2014-11-29 12:07 - 2014-11-29 12:07 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-16 16:53 - 2015-02-16 16:53 - 00086528 _____ () C:\Program Files (x86)\Jelbrus Secure Web\mgwz.dll
2012-12-24 21:10 - 2007-02-02 17:55 - 00053248 _____ () C:\Program Files (x86)\Magicbox\Voice 220\EmluatorLib.dll
2012-12-24 21:10 - 2007-02-02 17:56 - 00028672 _____ () C:\Program Files (x86)\Magicbox\Voice 220\sleep.dll
2012-12-24 21:10 - 2007-02-02 17:56 - 00053248 _____ () C:\Program Files (x86)\Magicbox\Voice 220\setting.dll
2012-12-24 21:10 - 2007-02-02 18:03 - 00090112 _____ () C:\Program Files (x86)\Magicbox\Voice 220\call.dll
2012-12-24 21:10 - 2007-02-02 17:56 - 00053248 _____ () C:\Program Files (x86)\Magicbox\Voice 220\voicemail.dll
2012-12-24 21:10 - 2007-02-02 17:55 - 00032768 _____ () C:\Program Files (x86)\Magicbox\Voice 220\dial.dll
2014-11-29 12:08 - 2014-11-29 12:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-10 17:48 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Sue\Documents\NewYear.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-73445902-2519470046-259975719-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Toshiba\Standard.jpg
DNS Servers: 192.168.10.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-73445902-2519470046-259975719-500 - Administrator - Disabled)
Guest (S-1-5-21-73445902-2519470046-259975719-501 - Limited - Disabled)
Sue (S-1-5-21-73445902-2519470046-259975719-1001 - Administrator - Enabled) => C:\Users\Sue
WFZC (S-1-5-21-73445902-2519470046-259975719-1004 - Limited - Enabled) => C:\Users\WFZC
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/01/2015 11:38:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/01/2015 11:33:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/01/2015 09:45:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/28/2015 11:42:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HexEditor.exe, version: 1.0.0.0, time stamp: 0x51f0af28
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53086d7c
Exception code: 0xc000027b
Fault offset: 0x000fb152
Faulting process ID: 0x1248
Faulting application start time: 0xHexEditor.exe0
Faulting application path: HexEditor.exe1
Faulting module path: HexEditor.exe2
Report ID: HexEditor.exe3
Faulting package full name: HexEditor.exe4
Faulting package-relative application ID: HexEditor.exe5
 
 
System errors:
=============
Error: (03/02/2015 02:29:39 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TEMPRO Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/02/2015 02:29:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (03/02/2015 00:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SW6)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (03/01/2015 11:38:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\cdrviewer\uniconvertor\Lib\distutils\command\wininst-8_d.exe
 
Error: (03/01/2015 11:33:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\cdrviewer\uniconvertor\Lib\distutils\command\wininst-8_d.exe
 
Error: (03/01/2015 09:45:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\cdrviewer\uniconvertor\Lib\distutils\command\wininst-8_d.exe
 
Error: (02/28/2015 11:42:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HexEditor.exe1.0.0.051f0af28combase.dll6.3.9600.1703153086d7cc000027b000fb152124801d0533a53b59929C:\Program Files\WindowsApps\AFF540DC.HexEditorPro_1.0.7.16_neutral__v7353qx4kg3sa\HexEditor.exeC:\WINDOWS\SYSTEM32\combase.dll125455d3-bf2e-11e4-bf10-7054d2353c6cAFF540DC.HexEditorPro_1.0.7.16_neutral__v7353qx4kg3saApp
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-27 13:20:00.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-27 13:20:00.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-25 23:00:26.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-25 23:00:26.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-25 22:58:04.274
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-25 22:58:04.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-25 10:21:17.795
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-25 10:21:17.654
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-24 11:00:46.697
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-02-24 11:00:46.557
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 6027.22 MB
Available physical RAM: 4451.82 MB
Total Pagefile: 6987.22 MB
Available Pagefile: 5406.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (TI30992200A) (Fixed) (Total:585.49 GB) (Free:411 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 01 March 2015 - 11:44 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Movies Search App for Internet Explorer

Additional instructions can be found here if needed.

 

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   5.45KB   5 downloads

 

 

How is the computer running after this fix?

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 clef

clef
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 02 March 2015 - 09:15 AM

Hello fireman4it
 
After a good sleep I return to you 
 
Uninstall Message warning
 
An error occurred while trying to uninstall Movies Search App for Internet Explorer (....).it may have already been uninstalled.
Would you like to remove Movies Search App ...(..) from the Programs and Features List?
 
I answer YES and the he take off of the list.
 
Avast (free version) work now and alarm me 3 times in 2h. 
 
Alerte: Virus: Win32:Adware-gen[Adw}
object: C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll
Proccess: c:\windows\System32\Rundll32.exe
 
I check the Chest log and see 1 file during the install was puted in the Chest:
object: C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll
date last changed: 16/02/2015 13:53:13
date Transfert time: 16/02/2015 16:53:23
Virus:  Win32:Malware-gen
 
Also another file in 13 to 17/01/2015 was put in the chest (I have uninstalled the app and no problem after)
object: C:\Program Files\ WindowsApps\TheMGroup.MyWineLists_1.0.046_neutral__xm001nz2j6w0e
date last changed: 17/01/2015 07:14:50
date Transfert time: 17/01/2015 10:14:56
Virus:  Win32:Evo-gen [Sup]
 
 
I run the fixlist see the Fixlog.txt
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Sue at 2015-03-02 11:21:27 Run:1
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue (Available profiles: Sue & WFZC)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShortcutTarget: LibreOffice 4.0.lnk -> C:\Program Files (x86)\LibreOffice 4.0\program\quickstart.exe (No File)
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\movies app\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\movies app\datamngr\apcrtldr.dll <===== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-73445902-2519470046-259975719-1001 -> {4B41ED83-FA33-412C-8653-4011460C69E2} URL = 
BHO: Movies Search App (Dist. by Torch Media, Inc.) -> {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} -> C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~4.DLL No File
BHO-x32: Movies Search App (Dist. by Torch Media, Inc.) -> {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} -> C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~2.DLL No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Movies Search App (Dist. by Torch Media, Inc.) - {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~4.DLL No File
Toolbar: HKLM-x32 - Movies Search App (Dist. by Torch Media, Inc.) - {05bf0e05-a298-4d0a-b6eb-f55b30a2e662} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\SEARCH~2.DLL No File
Toolbar: HKU\S-1-5-21-73445902-2519470046-259975719-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HomePage: Default -> hxxp://home.torchbrowser.com/?systemid=448&appid=144&ua=Torch
CHR StartupUrls: Default -> "hxxp://home.torchbrowser.com/?systemid=448&appid=144&ua=Torch", "torch://start"
R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-02-16] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
2015-02-16 16:53 - 2015-02-16 16:53 - 0000000 _____ () C:\Users\Sue\AppData\Roaming\F3BE.tmp
2015-02-23 16:53 - 2015-02-16 16:53 - 0851968 _____ () C:\Users\Sue\AppData\Roaming\trz760D.tmp
emptytemp:
Task: {4AF0B59B-D9BC-4762-A4FB-4AF9514E31ED} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-16] (Jelbrus) <==== ATTENTION
 
 
 
*****************
 
C:\Program Files (x86)\LibreOffice 4.0\program\quickstart.exe not found.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-73445902-2519470046-259975719-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B41ED83-FA33-412C-8653-4011460C69E2}" => Key deleted successfully.
HKCR\CLSID\{4B41ED83-FA33-412C-8653-4011460C69E2} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662}" => Key deleted successfully.
"HKCR\CLSID\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662} => value deleted successfully.
HKCR\CLSID\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{05bf0e05-a298-4d0a-b6eb-f55b30a2e662} => Key not found. 
HKU\S-1-5-21-73445902-2519470046-259975719-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
PrivoxyService => Unable to stop service
PrivoxyService => Service deleted successfully.
C:\Users\Sue\AppData\Roaming\F3BE.tmp => Moved successfully.
C:\Users\Sue\AppData\Roaming\trz760D.tmp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AF0B59B-D9BC-4762-A4FB-4AF9514E31ED} => Key not found. 
C:\Windows\System32\Tasks\Jelbrus Secure Web Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully.
EmptyTemp: => Removed 1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:22:06 ====
 
 
 
I reboot and wait ... it is 2h running and 1 alarm (the fix, reboot and the wait was out of connection internet)
 
Alerte: Win32:Adware-gen[Adw]
object: C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll
Proccess: c:\windows\System32\Rundll32.exe
 
The process and the service of proxy (Privoxy) is gone, NOT the Jelbrus Secure Web folder and files. 
 
The process of Live Malware Protection is gone, BUT NOT the service, he stay stopped with activation Automatic. 
 
I try to open Chrome,--> message
Unable to connect to the proxy server 
 
I try to open IE --> message 
You aren’t connected to a network
 
Ok well, I connect mon network with internet, open IE --> message
Unable to connect to the proxy server
 
and ask me to check in the internet Options if in Connection tab and Lan Setting the value of the proxy is right 127.0.0.1:8118
 
I close IE, disconnect my network cable and check the connection options  --> The value are back and the proxy actif 
I take off the tick of the proxy and valid, reconnect the network cable open IE and Chrome all ok normal 
 
Also I check Connection tab and Lan Setting the value are and the tick is deactivated.
 
From Avast the Alarm is stopped. 
 
We go back to the "start", I thing!  Sorry to be so long for this steep. Thank you


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 02 March 2015 - 01:20 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.78KB   4 downloads

 

How is the machine running after this fix?

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 clef

clef
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 02 March 2015 - 05:22 PM

Hello  fireman4it

 

With this steep, I make a tour

The service is out, The folder out and the files also EXCEPT on in Document default.action it is a double of the same file in the Jelbrus folder.

 

 
Fixlog.txt
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Sue at 2015-03-02 23:36:37 Run:2
Running from C:\Users\Sue\Desktop
Loaded Profiles: Sue (Available profiles: Sue & WFZC)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
R2 Live Malware Protection; C:\WINDOWS\mlwps.exe [239104 2015-02-16] (AV Security Software) [File not signed] <==== ATTENTION
C:\WINDOWS\mlwps.exe
C:\Program Files (x86)\Jelbrus Secure Web
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)
2015-02-26 19:54 - 2015-02-28 03:14 - 00018432 _____ () C:\Users\Sue\Documents\JelbusSecureWeb.xls
2015-02-16 16:53 - 2015-03-01 11:07 - 00003264 _____ () C:\WINDOWS\System32\Tasks\Jelbrus Secure Web Task
2015-02-16 16:53 - 2015-02-16 16:53 - 00239104 _____ (AV Security Software) C:\WINDOWS\mlwps.exe
2015-02-16 16:53 - 2015-02-16 16:53 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
Task: {4AF0B59B-D9BC-4762-A4FB-4AF9514E31ED} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-02-16] (Jelbrus) <==== ATTENTION
*****************
 
Live Malware Protection => Service deleted successfully.
C:\WINDOWS\mlwps.exe => Moved successfully.
C:\Program Files (x86)\Jelbrus Secure Web => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998} => Key not found. 
"HKCR\Wow6432Node\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}" => Key deleted successfully.
C:\Users\Sue\Documents\JelbusSecureWeb.xls => Moved successfully.
"C:\WINDOWS\System32\Tasks\Jelbrus Secure Web Task" => File/Directory not found.
"C:\WINDOWS\mlwps.exe" => File/Directory not found.
"C:\Program Files (x86)\Jelbrus Secure Web" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AF0B59B-D9BC-4762-A4FB-4AF9514E31ED} => Key not found. 
C:\Windows\System32\Tasks\Jelbrus Secure Web Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task => Key not found. 
 
==== End of Fixlog 23:36:38 ====
 
 
 
 
After the scan I check all, connect internet --> OK
I restart with the connection internet -->OK
Navigation IE and Chrome  -->OK
 
THank you for your Job


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 02 March 2015 - 05:32 PM

Lets make a final chack for any leftovers to make sure you all clean.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

 ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


Edited by fireman4it, 02 March 2015 - 05:33 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 clef

clef
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 02 March 2015 - 05:37 PM

fireman4it,

I must go to bed and see tomorrow your next steep.

Thank you and good night 



#10 clef

clef
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 03 March 2015 - 02:48 PM

Hi fireman4it,

The PC work well, but with mbam I have a log not well, I click on "All in Quarantine" and close I reopen check the log, no version and empty but I have see some Non Malware and 9 is in quarantine.  

I retry to scan but I don't have the files of the quarantine. I have writing manualy but we can take out free and rescan?

It is PUP.optional.DataMangr.A for REg Key and 1 is PUM.Bad proxy for Reg Value of the internet setting\proxy service

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 03/03/2015
Scan Time: 12:07:37
Logfile: mbam-log-2015-03-03-(11-13-56).txt
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.03.03.03
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sue
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 409766
Time Elapsed: 25 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
For ESETlog1.txt
 
 
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll a variant of Win32/Techsnab.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jswff.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Jelbrus Secure Web\jswtask.exe a variant of Win32/Techsnab.C potentially unwanted application
C:\Users\Public\Documents\RecoveryHP\1 NTFS\Users\WFZC\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Public\Documents\RecoveryHP\1 NTFS\Users\WFZC\Downloads\rcsetup141.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Sue\My Tools\Installed\TorchSetupFull-r0-n-bc.exe a variant of Win32/TorchMedia potentially unwanted application
C:\Users\Sue\My Tools\Torch\TorchSetupFull-r0-n-bc.exe a variant of Win32/TorchMedia potentially unwanted application
 

I com back in 2h 

 

 

Thanks you



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 03 March 2015 - 06:24 PM

Hello,

clef

.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

 

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 clef

clef
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 04 March 2015 - 11:27 AM

Hello fireman4it,
 
The PC run well, I am working today with no problem. Before I make your last steep.
For StartupLite he ask for the HP Update, I say ok but i have an error:
 
"Error on value: HP Sofware Update. There was an error creating a MSConfig key."
 
 -->  I apply no change
 
I uninstall adwCleaner --> the quarantine is gone with
 
The turn for the Delfix and this is the report:
 
# DelFix v10.9 - Logfile created 04/03/2015 at 16:28:53
# Updated 27/02/2015 by Xplode
# Username : Sue - SW6
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\Users\Sue\Desktop\FRST-OlderVersion
Deleted : C:\Users\Sue\Desktop\FRST64.exe
Deleted : C:\Users\Sue\Desktop\SecurityCheck.exe
 
########## - EOF - ##########
 
I run SecurityCheck.exe before your intervention  only the java 7 32bit must be updated to the 8 64bit.
 
 fireman4it,, I wait your green light before to check all the updates with  Secunia Software Inspector. and apply. 
 
Thank you 


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 04 March 2015 - 02:38 PM

Everything loooks good. If you dont have anymore questions I will go ahead and close this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 clef

clef
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece, Magnesia
  • Local time:02:40 PM

Posted 05 March 2015 - 04:58 PM

Hello fireman4it,

I upgrade the software and some modification to be more secure ...

All is good and no more question, Thank you to you and your team.



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:40 AM

Posted 05 March 2015 - 11:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users