Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC seems to send suspicious email (maybe spam)


  • This topic is locked This topic is locked
7 replies to this topic

#1 soegiartoadi

soegiartoadi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 10 April 2015 - 03:58 AM

So, I just installed Norton 360 today and everything is good.

But at some circumstances, I got pop up message about Email Error and the sender is not me. I thought it was a spam email because same sender sent many email to people. My PC infected by PClock2 virus before and I think I removed it. Can you please help me to detect and remove if there're any malwares or viruses?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 12 April 2015 - 08:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 soegiartoadi

soegiartoadi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 April 2015 - 01:29 AM

Hi nasdaq, how are you? I hope you are doing well

Thank you for the response, I have done all of your instructions and here are the reports:

 

For the MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2015
Scan Time: 12:03:48 PM
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.13.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: toshiba

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433755
Time Elapsed: 43 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.StartNow.A, HKU\S-1-5-21-398046743-804850369-2392899342-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0388404D-6072-4CEB-B521-8F090FEAEE57}|URL, http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=ID&install_date=20120624&user_guid=D5EB23AE1A8C4D548DACEE893FE35128&machine_id=5a26854cb429a3e98a72d7effc300c16&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}, , [9482a0cc99f151e51ccde8d4e91aac54]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkcfnpmodkanelilkoijenldmlcemje\0.9, , [d93d7cf0e0aae155877cc78eaf5654ac],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkcfnpmodkanelilkoijenldmlcemje, , [d93d7cf0e0aae155877cc78eaf5654ac],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkobdcgekembedlgndfpmknobjlgeepk\1.0, , [cb4b145875151c1a4db679dcf70e0bf5],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkobdcgekembedlgndfpmknobjlgeepk, , [cb4b145875151c1a4db679dcf70e0bf5],
PUP.Optional.StartNow.A, C:\Users\toshiba\AppData\Roaming\StartNow Toolbar, , [7d994f1dfc8e47efeae416a6ef14956b],
PUP.Optional.StartNow.A, C:\Users\toshiba\AppData\Roaming\StartNow Toolbar\CR, , [7d994f1dfc8e47efeae416a6ef14956b],

Files: 11
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkcfnpmodkanelilkoijenldmlcemje\0.9\lsdb.js, , [d93d7cf0e0aae155877cc78eaf5654ac],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkcfnpmodkanelilkoijenldmlcemje\0.9\background.html, , [d93d7cf0e0aae155877cc78eaf5654ac],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkcfnpmodkanelilkoijenldmlcemje\0.9\content.js, , [d93d7cf0e0aae155877cc78eaf5654ac],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkcfnpmodkanelilkoijenldmlcemje\0.9\icon48.png, , [d93d7cf0e0aae155877cc78eaf5654ac],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkcfnpmodkanelilkoijenldmlcemje\0.9\manifest.json, , [d93d7cf0e0aae155877cc78eaf5654ac],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkobdcgekembedlgndfpmknobjlgeepk\1.0\lsdb.js, , [cb4b145875151c1a4db679dcf70e0bf5],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkobdcgekembedlgndfpmknobjlgeepk\1.0\background.html, , [cb4b145875151c1a4db679dcf70e0bf5],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkobdcgekembedlgndfpmknobjlgeepk\1.0\content.js, , [cb4b145875151c1a4db679dcf70e0bf5],
PUP.Optional.MultiPlug.A, C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkobdcgekembedlgndfpmknobjlgeepk\1.0\manifest.json, , [cb4b145875151c1a4db679dcf70e0bf5],
PUP.Optional.StartNow.A, C:\Users\toshiba\AppData\Roaming\StartNow Toolbar\CR\installer.json, , [7d994f1dfc8e47efeae416a6ef14956b],
PUP.Optional.StartNow.A, C:\Users\toshiba\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx, , [7d994f1dfc8e47efeae416a6ef14956b],

Physical Sectors: 0
(No malicious items detected)


(end)

 

============================================================================

For the AdwCleaner log:

 

 

# AdwCleaner v4.201 - Logfile created 13/04/2015 at 13:04:04
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : toshiba - XIONG
# Running from : C:\Users\toshiba\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[x] Not Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\94d9435a7d2c292a
Folder Deleted : C:\Program Files (x86)\MiniLyrics
Folder Deleted : C:\Users\toshiba\AppData\Local\Mobogenie
Folder Deleted : C:\Users\toshiba\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\toshiba\AppData\Roaming\Babylon
Folder Deleted : C:\Users\toshiba\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\toshiba\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\toshiba\Documents\Mobogenie
Folder Deleted : C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\Extensions\ooeaaau@xa.com
File Deleted : C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incfcgceegpikennjoplhfghaaikdgei_0.localstorage
File Deleted : C:\Users\toshiba\daemonprocess.txt
File Deleted : C:\Users\toshiba\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\toshiba\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\searchplugins\safesearch.xml
File Deleted : C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\searchplugins\search.xml
File Deleted : C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\searchplugins\yahoo-zugo.xml
File Deleted : C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\user.js
File Deleted : C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_kendaraan.trovit.co.id_0.localstorage
File Deleted : C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_kendaraan.trovit.co.id_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : Your File Updater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\aartemisSoftware
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Sk-Enhancer
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKU\.DEFAULT\Software\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sk-enh~1\psupport.dll
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 192.168.12.4:8080
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v41.0.2272.118

[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=ID&install_date=20120624&user_guid=D5EB23AE1A8C4D548DACEE893FE35128&machine_id=5a26854cb429a3e98a72d7effc300c16&browser=CR&os=win&os_version=6.1-x64-SP1
[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=People&qry={searchTerms}&pg={startPage?}&g={myspace:gender?}&npic={myspace:hasPhoto?}&minAge={myspace:minAge?}&maxAge={myspace:maxAge?}&loc={myspace:location?}&d={myspace:distance?}
[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : incfcgceegpikennjoplhfghaaikdgei
[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://aartemis.com/?type=hp&ts=1386300362&from=wpc&uid=TOSHIBAXMK5076GSXN_329AP077TXX329AP077T

*************************

AdwCleaner[R0].txt - [12531 bytes] - [13/04/2015 13:00:54]
AdwCleaner[R1].txt - [12591 bytes] - [13/04/2015 13:03:09]
AdwCleaner[S0].txt - [11834 bytes] - [13/04/2015 13:04:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11894  bytes] ##########
 

===================================================================

For the FRST.txt:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by toshiba (administrator) on XIONG on 13-04-2015 13:11:52
Running from C:\Users\toshiba\Desktop\farbar
Loaded Profiles: toshiba (Available profiles: toshiba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
() C:\Program Files\Smartfren Connex AC81B UI\bin\MonServiceUDisk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(BitTorrent Inc.) C:\Users\toshiba\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(JMST©) C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroBar.exe
(Dropbox, Inc.) C:\Users\toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\BOLT Mobile WiFi Hostless Modem\BOLT! 4G MF90\CheckNDISPort_df.exe
() C:\Program Files (x86)\BOLT Mobile WiFi Hostless Modem\BOLT! 4G MF90\CancelAutoPlay_df.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2011-12-06] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-30] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1131880 2013-01-30] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-19] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [CheckNDISPort00ac23] => C:\Program Files (x86)\BOLT Mobile WiFi Hostless Modem\BOLT! 4G MF90\CheckNDISPort_df.exe [459008 2013-08-05] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\BOLT Mobile WiFi Hostless Modem\BOLT! 4G MF90\CancelAutoPlay_df.exe [446208 2013-08-05] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3532816 2012-12-15] (Tonec Inc.)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [Connectify] => C:\Program Files (x86)\Connectify\Connectify.exe [4013568 2012-12-21] (Connectify)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [uTorrent] => C:\Users\toshiba\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe [14432256 2014-07-04] ()
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [Owdics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\toshiba\AppData\Local\Ulqjmedia\Shlcrypttor16.dll
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {047626c0-ffab-11e1-a4ec-e89a8f35ce2d} - H:\Setup.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {07a5f1fe-657f-11e2-aec2-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {07a5f203-657f-11e2-aec2-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {07a5f219-657f-11e2-aec2-001e101f3315} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {0a78490d-b4de-11e4-89a0-e89a8f35ce2d} - H:\install.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {0a78494b-b4de-11e4-89a0-e89a8f35ce2d} - H:\install.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {114844f7-1a9c-11e3-a5d0-e89a8f35ce2d} - H:\setup.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {16aa502b-66f1-11e2-a5da-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {23b24d66-bddc-11e1-9bd3-001e101fb681} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {25675e5f-4b46-11e3-b043-001e101f2c0e} - D:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {285de7fc-c69f-11e1-9640-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {2c8304dd-c60b-11e2-a673-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {2c8304e3-c60b-11e2-a673-e89a8f35ce2d} - I:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {307ec75a-bd36-11e1-9faf-001e101f7f74} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {307ec784-bd36-11e1-9faf-001e101f7f74} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {307ec7a3-bd36-11e1-9faf-001e101f7f74} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {3565dcba-8ad4-11e2-b0fc-001e101f9843} - D:\.\StartModem.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {36d40eb5-7bcc-11e2-b078-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {3f706f3d-0814-11e3-a722-001e101f36d9} - D:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {41ff0d0e-6571-11e2-b6af-001e101fe70e} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {44a654ad-1b46-11e2-a5f3-001e101fe5e1} - I:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {4aab2700-4532-11e2-b1c0-001e101f2c0e} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {4c051ed0-c535-11e1-9689-001e101f36d9} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {4c051ed4-c535-11e1-9689-001e101f36d9} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {5112e339-682f-11e2-b2a4-001e101fb4df} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {5564757d-bb0f-11e4-86d1-e89a8f35ce2d} - H:\install.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {556475a5-bb0f-11e4-86d1-e89a8f35ce2d} - H:\install.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {5766169f-defa-11e1-a1d3-e89a8f35ce2d} - D:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {576616bc-defa-11e1-a1d3-001e101f57d0} - D:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {5aa5af06-c5df-11e1-88e8-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {615a8391-c91a-11e1-a5b8-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {629519cb-c58e-11e1-9276-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {668b9eb0-7716-11e2-9ba8-001e101fe5e1} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {6c59cbfc-949e-11e2-b078-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {7ac18c2c-4d4d-11e3-befc-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {833cb8d7-bc6f-11e1-be36-e89a8f35ce2d} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {833cb8dd-bc6f-11e1-be36-e89a8f35ce2d} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {86f859e4-c517-11e1-a37f-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {86f859e7-c517-11e1-a37f-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {86f85a04-c517-11e1-a37f-001e101f2b52} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {975e2e5e-00e5-11e4-a02b-e89a8f35ce2d} - J:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {983ddb7a-cc31-11e1-a1de-e89a8f35ce2d} - D:\Setup.exe /Auto
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {9f6bd605-d453-11e4-ac41-e89a8f35ce2d} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\autorun.bat
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {a3be4d24-3170-11e2-a1e5-001e101f2c0e} - D:\Setup.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {bbe08c45-f244-11e3-86c0-e89a8f35ce2d} - H:\.\StartModem.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {bcc53592-c6b6-11e1-9640-001e101fe70e} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {c8473d97-65c9-11e2-b6eb-001e101f82a7} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {cf2fe944-4478-11e2-b737-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {d6ede784-bced-11e1-b574-001e101f50a4} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {dcaaecbf-cdc8-11e1-ad99-e89a8f35ce2d} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {dcaaecd4-cdc8-11e1-ad99-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {dcaaece0-cdc8-11e1-ad99-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {dcaaeced-cdc8-11e1-ad99-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {dcaaecfc-cdc8-11e1-ad99-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {de9287c4-4d42-11e3-b2c6-e89a8f35ce2d} - D:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {e318a4a7-1411-11e4-8628-e89a8f35ce2d} - H:\Setup.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {e4bdb028-656f-11e2-ae72-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {e4bdb02d-656f-11e2-ae72-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {e5460e9e-362a-11e2-8b9d-001e101f7fb6} - G:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {e853d9bb-e776-11e1-ac41-e89a8f35ce2d} - F:\Setup.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {f905153a-e514-11e1-889c-e89a8f35ce2d} - H:\Setup.exe /Auto
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {fa2d454c-ad94-11e2-98b1-e89a8f35ce2d} - H:\autorun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {fb02bc5b-deef-11e1-9490-e89a8f35ce2d} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {fb02bc5f-deef-11e1-9490-e89a8f35ce2d} - F:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {ff3bd6df-cb75-11e2-a22c-e89a8f35ce2d} - H:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\MountPoints2: {ff3bd6e2-cb75-11e2-a22c-e89a8f35ce2d} - D:\AutoRun.exe
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-398046743-804850369-2392899342-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroBar.exe (JMST©)
Startup: C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiba\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
HKU\S-1-5-21-398046743-804850369-2392899342-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
HKU\S-1-5-21-398046743-804850369-2392899342-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.toshiba.com
SearchScopes: HKLM -> {0ADCABA2-00B0-4453-8A1C-6F029095948D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {74FDCA2A-83BE-4B64-9E58-94FB034F9296} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {4971D507-B1C3-400E-A009-C21F316BBF4E} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-398046743-804850369-2392899342-1000 -> {74FDCA2A-83BE-4B64-9E58-94FB034F9296} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-398046743-804850369-2392899342-1000 -> {94711710-9760-492F-9B62-3DDB479B073B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-07-26] (Internet Download Manager, Tonec Inc.)
BHO: No Name -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: No Name -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: No Name -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} ->  No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-07-26] (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-03] (Oracle Corporation)
BHO-x32: No Name -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} ->  No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-398046743-804850369-2392899342-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 111.94.159.250 140.0.223.250 61.247.0.133
Tcpip\..\Interfaces\{02896E49-3B04-44D1-A657-CAFAE7F00D3E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{1A445466-8B7B-411C-B35C-3761D622F9C6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5630924A-8914-47A7-955D-CCF3C22E2DB1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{70EB077F-42F0-4A79-AAD5-D70577F6DC5E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7FC5316F-D689-4F3B-BE74-057AC64D9E61}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9473E5AD-AFC9-4E3B-BCD2-0CD335390EFE}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{95EA1D32-C8FD-463E-930E-620C743B8649}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BE42653C-6E10-440C-AC9E-ABD82532A0BD}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C16C2078-D5B0-4F11-BF7F-BFC61DC3643E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D7572B89-497D-4816-9E5C-44D98E40731F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DA48E6A9-71C9-44C5-B863-966CC5A8C5A4}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DBA9A442-88F1-474E-9FFF-85C7A80D582F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DD8FC2CD-2823-4412-9904-C8C4EAB9513B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,192.168.12.165,202.46.25.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-03] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-07-03] ()
FF Plugin-x32: @t.garena.com/garenatalk -> E:\Game\GarenaFO3ID_20140212\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-398046743-804850369-2392899342-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-05-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-03-17] (Apple Inc.)
FF Extension: FT DeepDark - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-03-01]
FF Extension: anonymoX - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\Extensions\client@anonymox.net.xpi [2013-11-13]
FF Extension: SaveFrom.net helper - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\Extensions\helper@savefrom.net.xpi [2015-01-12]
FF Extension: Adblock Plus - C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\6zsu6juj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-04-13]
FF HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\toshiba\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\toshiba\AppData\Roaming\IDM\idmmzcc5 [2013-09-02]
FF HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\toshiba\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (Google Docs) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
CHR Extension: (Google Drive) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (YouTube) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Facebook Colour Changer) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam [2013-03-19]
CHR Extension: (Google Search) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (Kaspersky Protection) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-08]
CHR Extension: (Tampermonkey) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-01-16]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2013-03-19]
CHR Extension: (Google Sheets) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (IDM Integration Module) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
CHR Extension: (Google Wallet) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-04-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-398046743-804850369-2392899342-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [65536 2012-12-13] () [File not signed]
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
S4 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-10-07] (Nitro PDF Software)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2011-02-04] (Symantec Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [5016648 2013-07-02] (INCA Internet Co., Ltd.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-04] (Symantec Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-05-29] (Microsoft Corporation) [File not signed]
R2 UDisk Monitor; C:\Program Files\Smartfren Connex AC81B UI\bin\MonServiceUDisk.exe [405504 2012-05-10] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 EraserSvc11311; "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /h ccCommon [X]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-03-27] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys [165080 2015-03-27] (Symantec Corporation)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2012-12-06] (Connectify)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) [File not signed]
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-19] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150410.001\IDSvia64.sys [671448 2015-04-09] (Symantec Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150412.002\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150412.002\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2012-01-18] ()
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [361984 2012-05-02] (QUALCOMM Incorporated)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SRTSP; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSP64.SYS [916184 2015-03-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1602000.01F\SRTSPX64.SYS [42200 2015-03-27] (Symantec Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMDS64.SYS [490712 2015-03-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NSx64\1602000.01F\SYMEFA64.SYS [1151704 2015-03-27] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS [271576 2015-03-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1602000.01F\SYMNETS.SYS [565464 2015-03-27] (Symantec Corporation)
S3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_T.sys [28160 2011-04-08] ()
S3 USB_BusEnum_H; C:\Windows\System32\DRIVERS\USB_BusEnum_H.sys [44544 2009-11-05] ()
S3 USB_BusEnum_T; C:\Windows\System32\DRIVERS\USB_BusEnum_T.sys [44544 2009-11-05] ()
S3 USB_ETS_H; C:\Windows\System32\DRIVERS\USB_ETS_H.sys [21760 2008-05-30] (Via Telecom, Inc.)
S3 USB_ETS_T; C:\Windows\System32\DRIVERS\USB_ETS_T.sys [21760 2008-05-30] (Via Telecom, Inc.)
S3 USB_WinMux_H; C:\Windows\System32\DRIVERS\USB_WinMux_H.sys [37376 2009-10-27] ()
S3 USB_WinMux_T; C:\Windows\System32\DRIVERS\USB_WinMux_T.sys [37376 2009-10-27] ()
S3 wirelessusbser; C:\Windows\System32\DRIVERS\3GDatausbser64.sys [119680 2010-01-15] (QUALCOMM Incorporated)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2012-05-09] (ZTEMT Incorporated)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 13:11 - 2015-04-13 13:11 - 00000000 ____D () C:\FRST
2015-04-13 13:09 - 2015-04-13 13:11 - 00000000 ____D () C:\Users\toshiba\Desktop\farbar
2015-04-13 13:07 - 2015-04-13 13:07 - 00012019 _____ () C:\Users\toshiba\Desktop\AdwCleaner[S0].txt
2015-04-13 13:00 - 2015-04-13 13:04 - 00000000 ____D () C:\AdwCleaner
2015-04-13 12:55 - 2015-04-13 12:56 - 02217984 _____ () C:\Users\toshiba\Desktop\adwcleaner_4.201.exe
2015-04-10 14:38 - 2015-04-10 14:54 - 00000000 ____D () C:\Users\toshiba\Downloads\Brosur Ce Feli
2015-04-10 06:56 - 2015-04-10 06:56 - 00000831 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-10 06:56 - 2015-04-10 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-10 06:41 - 2015-04-10 06:41 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security
2015-04-10 06:36 - 2015-04-10 06:36 - 00102616 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-04-10 06:36 - 2015-04-10 06:36 - 00008214 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-04-10 06:36 - 2015-04-10 06:36 - 00003216 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2015-04-10 06:36 - 2015-04-10 06:36 - 00002427 _____ () C:\Users\Public\Desktop\Norton Security.lnk
2015-04-10 06:36 - 2015-04-10 06:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-04-10 06:35 - 2015-04-10 06:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-04-10 06:35 - 2015-04-10 06:35 - 00000000 ____D () C:\windows\system32\Drivers\NSx64
2015-04-10 06:35 - 2015-04-10 06:35 - 00000000 ____D () C:\Program Files (x86)\Norton Security
2015-04-10 01:42 - 2015-04-10 14:38 - 06002176 ___SH () C:\Users\toshiba\Downloads\Thumbs.db
2015-04-10 01:42 - 2015-04-10 01:42 - 83316820 _____ () C:\Users\toshiba\Downloads\Inside Suzuki's Return to MotoGP - MotoUSA.mp4
2015-04-10 01:42 - 2015-04-10 01:42 - 261820397 _____ () C:\Users\toshiba\Downloads\BLSTK.0.9.6.4092.ALL_WwW.Wadpod-Evolution.Com_2.rar
2015-04-10 01:42 - 2015-04-10 01:42 - 00166859 _____ () C:\Users\toshiba\Downloads\paddington_indonesian-1083802.zip
2015-04-10 01:34 - 2015-04-08 21:45 - 00000162 ____H () C:\Users\toshiba\Downloads\~$AB III.docx.decbak
2015-04-10 01:16 - 2015-04-10 01:16 - 00002803 _____ () C:\ads_err.dbf
2015-04-10 01:15 - 2015-04-10 01:15 - 00138387 _____ () C:\Users\toshiba\Documents\Fenom2.xmcd
2015-04-10 01:15 - 2015-04-08 21:23 - 15298080 _____ () C:\Users\toshiba\Documents\laporan PKM akhir.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 08600621 _____ () C:\Users\toshiba\Documents\IMG_20140303_0002.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 08096658 _____ () C:\Users\toshiba\Documents\IMG_20141001_0001.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 07890876 _____ () C:\Users\toshiba\Documents\IMG_20131207_0003.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 07492215 _____ () C:\Users\toshiba\Documents\IMG_20131207_0002.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 06008355 _____ () C:\Users\toshiba\Documents\IMG_20140303_0001.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01787121 _____ () C:\Users\toshiba\Documents\IMG_20141011_0004.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01704786 _____ () C:\Users\toshiba\Documents\IMG_20140725_0005.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01669310 _____ () C:\Users\toshiba\Documents\IMG_20140725_0015.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01654396 _____ () C:\Users\toshiba\Documents\IMG_20140725_0006.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01607502 _____ () C:\Users\toshiba\Documents\IMG_20141011_0003.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01579690 _____ () C:\Users\toshiba\Documents\IMG_20140725_0011.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01495697 _____ () C:\Users\toshiba\Documents\IMG_20140725_0013.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01478948 _____ () C:\Users\toshiba\Documents\IMG_20141011_0001.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01435394 _____ () C:\Users\toshiba\Documents\IMG_20140725_0023.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01411072 _____ () C:\Users\toshiba\Documents\IMG_20140725_0007.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01377357 _____ () C:\Users\toshiba\Documents\IMG_20140725_0008.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01280365 _____ () C:\Users\toshiba\Documents\IMG_20140725_0010.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01262699 _____ () C:\Users\toshiba\Documents\IMG_20140725_0014.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01238352 _____ () C:\Users\toshiba\Documents\IMG_20140725_0016.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01154992 _____ () C:\Users\toshiba\Documents\IMG_20140725_0002.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01025331 _____ () C:\Users\toshiba\Documents\IMG_20140725_0009.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 01020096 _____ () C:\Users\toshiba\Documents\IMG_20140725_0018.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00998580 _____ () C:\Users\toshiba\Documents\IMG_20140725_0012.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00997470 _____ () C:\Users\toshiba\Documents\IMG_20141011_0005.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00969206 _____ () C:\Users\toshiba\Documents\IMG_20131207_0004.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00966718 _____ () C:\Users\toshiba\Documents\IMG_20140725_0003.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00917299 _____ () C:\Users\toshiba\Documents\IMG_20141011_0002.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00794987 _____ () C:\Users\toshiba\Documents\IMG_20140725_0004.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00741898 _____ () C:\Users\toshiba\Documents\IMG_20141011_0006.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00689077 _____ () C:\Users\toshiba\Documents\IMG_20140725_0019.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00663044 _____ () C:\Users\toshiba\Documents\IMG_20140725_0021.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00656798 _____ () C:\Users\toshiba\Documents\IMG_20140725_0022.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00626018 _____ () C:\Users\toshiba\Documents\Tambahan.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00525866 _____ () C:\Users\toshiba\Documents\IMG_20140725_0017.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00495543 _____ () C:\Users\toshiba\Documents\IMG_20140725_0020.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:23 - 00462251 _____ () C:\Users\toshiba\Documents\IMG_20140725_0001.jpg.decbak
2015-04-10 01:15 - 2015-04-08 21:22 - 00667855 _____ () C:\Users\toshiba\Documents\IMG_20131207_0001.pdf.decbak
2015-04-10 01:15 - 2015-04-08 21:22 - 00138387 _____ () C:\Users\toshiba\Documents\Fenom2.xmcd.decbak
2015-04-10 01:15 - 2015-04-08 21:22 - 00067106 _____ () C:\Users\toshiba\Documents\Doc2.pdf.decbak
2015-04-10 01:03 - 2015-04-10 01:04 - 801280599 _____ () C:\Users\toshiba\Desktop\drmn.stnbme.bd720p-PaHe.in.mp4
2015-04-10 01:03 - 2015-04-10 01:03 - 251835268 _____ () C:\Users\toshiba\Desktop\5 SIMPLE moves to EASILY solve the Rubiks Cube.mp4
2015-04-10 00:03 - 2015-04-13 12:03 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-10 00:03 - 2015-04-10 00:03 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-10 00:03 - 2015-04-10 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-10 00:03 - 2015-04-10 00:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 00:03 - 2015-04-10 00:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-10 00:03 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-10 00:03 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-10 00:03 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-09 19:08 - 2015-04-09 23:48 - 00003447 _____ () C:\Users\toshiba\photorec.cfg
2015-04-09 11:04 - 2015-04-10 06:27 - 00000000 ____D () C:\Users\toshiba\Desktop\testdisk-7.0-WIP
2015-04-09 11:03 - 2015-04-09 11:04 - 12280216 _____ () C:\Users\toshiba\Desktop\testdisk-7.0-WIP.win.zip
2015-04-09 10:57 - 2015-04-09 10:57 - 00000000 ____D () C:\Users\toshiba\AppData\Roaming\www.shadowexplorer.com
2015-04-08 21:13 - 2015-04-08 21:13 - 02439826 _____ () C:\Users\toshiba\enc_files.txt
2015-04-08 21:08 - 2015-04-10 01:00 - 00000000 ____D () C:\Users\toshiba\AppData\Roaming\WinDsk
2015-04-08 20:35 - 2015-04-08 20:35 - 00000215 _____ () C:\Users\toshiba\AppData\Roaming\nyjuikoitg
2015-04-04 14:29 - 2015-04-04 14:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 08:47 - 2015-04-02 08:50 - 00000000 ____D () C:\Users\toshiba\Downloads\Root Tab S 8.4 ALTE
2015-03-31 18:49 - 2015-04-10 01:52 - 00000000 ____D () C:\Users\toshiba\Downloads\ROOT tab 3 7
2015-03-27 17:12 - 2015-03-27 17:12 - 02999166 _____ () C:\Users\toshiba\Desktop\Root Master 1.3.6_Cekas FIX Sharebertron.blogspot.com.apk
2015-03-27 16:28 - 2015-03-27 16:53 - 00000000 ____D () C:\Users\toshiba\Downloads\Root andromax tab 7
2015-03-15 21:52 - 2015-03-15 23:25 - 00000000 ____D () C:\Users\toshiba\Downloads\New folder

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 13:12 - 2013-11-07 12:22 - 00000000 ____D () C:\Users\toshiba\AppData\Roaming\uTorrent
2015-04-13 13:08 - 2013-09-18 18:39 - 00000000 ___RD () C:\Users\toshiba\Dropbox
2015-04-13 13:08 - 2013-09-18 18:38 - 00000000 ____D () C:\Users\toshiba\AppData\Roaming\Dropbox
2015-04-13 13:06 - 2012-06-21 00:05 - 00001008 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 13:05 - 2013-12-06 12:58 - 01246148 _____ () C:\windows\PFRO.log
2015-04-13 13:05 - 2013-12-06 12:58 - 00118186 _____ () C:\windows\setupact.log
2015-04-13 13:05 - 2009-07-14 12:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-13 13:04 - 2012-07-02 17:43 - 00001002 _____ () C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-13 13:04 - 2012-06-20 10:22 - 00001145 _____ () C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-13 13:04 - 2012-06-20 10:21 - 00000000 ____D () C:\Users\toshiba
2015-04-13 12:59 - 2009-07-14 11:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 12:59 - 2009-07-14 11:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 12:56 - 2012-06-24 10:50 - 00000000 ____D () C:\Users\toshiba\AppData\Roaming\DMCache
2015-04-13 12:50 - 2012-06-23 23:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-13 12:50 - 2012-06-21 00:04 - 00000000 ___HD () C:\windows\msdownld.tmp
2015-04-13 12:47 - 2012-07-06 12:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 12:30 - 2012-06-21 00:05 - 00001012 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 16:03 - 2012-06-27 18:30 - 00000000 ____D () C:\Program Files (x86)\Smadav
2015-04-10 15:39 - 2009-07-14 12:13 - 00798514 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-10 15:20 - 2013-07-06 21:55 - 00000000 ____D () C:\Program Files (x86)\Connectify
2015-04-10 15:20 - 2013-01-30 21:43 - 00000000 ____D () C:\Program Files (x86)\DFX
2015-04-10 14:07 - 2012-06-28 03:54 - 00000000 ____D () C:\Users\toshiba\AppData\Local\CrashDumps
2015-04-10 06:56 - 2013-12-06 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-10 06:35 - 2012-06-21 00:01 - 00000000 ____D () C:\ProgramData\Norton
2015-04-10 06:19 - 2014-12-16 11:25 - 00000000 ____D () C:\windows\FrameworkUpdate
2015-04-10 01:57 - 2012-06-27 18:30 - 00000000 __SHD () C:\[Smad-Cage]
2015-04-10 01:54 - 2014-11-04 13:09 - 00000000 ____D () C:\Users\toshiba\Downloads\Wallpaper
2015-04-10 01:54 - 2012-06-24 10:50 - 00000000 ____D () C:\Users\toshiba\Downloads\Video
2015-04-10 01:53 - 2014-10-14 14:55 - 00000000 ____D () C:\Users\toshiba\Downloads\Two Stroke
2015-04-10 01:53 - 2014-09-08 20:12 - 00000000 ____D () C:\Users\toshiba\Downloads\Titip
2015-04-10 01:52 - 2015-03-04 21:34 - 00000000 ____D () C:\Users\toshiba\Downloads\Root Xperia SP
2015-04-10 01:52 - 2015-01-27 15:29 - 00000000 ____D () C:\Users\toshiba\Downloads\Novel
2015-04-10 01:52 - 2014-09-22 21:49 - 00000000 ____D () C:\Users\toshiba\Downloads\Tarno
2015-04-10 01:49 - 2015-01-16 13:41 - 00000000 ____D () C:\Users\toshiba\Downloads\Kontor House Of House Winter Edition 2015 (2014) (320kbps) (AciDToX8)
2015-04-10 01:49 - 2014-09-01 23:10 - 00000000 ____D () C:\Users\toshiba\Downloads\Lagu
2015-04-10 01:48 - 2014-11-11 13:50 - 00000000 ____D () C:\Users\toshiba\Downloads\Gemstone
2015-04-10 01:48 - 2014-10-08 09:19 - 00000000 ____D () C:\Users\toshiba\Downloads\GCMS
2015-04-10 01:48 - 2014-09-09 17:41 - 00000000 ____D () C:\Users\toshiba\Downloads\Driver VGA
2015-04-10 01:43 - 2015-01-28 09:51 - 00000000 ____D () C:\Users\toshiba\Downloads\Burner
2015-04-10 01:43 - 2013-09-15 14:43 - 00000000 ____D () C:\Users\toshiba\Downloads\Catatan_PTK3
2015-04-10 01:43 - 2013-04-09 15:48 - 00000000 ____D () C:\Users\toshiba\Downloads\Cetak Foto
2015-04-10 01:43 - 2012-06-24 10:50 - 00000000 ____D () C:\Users\toshiba\Downloads\Compressed
2015-04-10 01:42 - 2014-10-18 17:58 - 00000000 ____D () C:\Users\toshiba\Downloads\Bike
2015-04-10 01:42 - 2013-11-28 12:51 - 00000000 ____D () C:\Users\toshiba\.android
2015-04-10 01:41 - 2011-03-24 09:36 - 00000000 ____D () C:\Users\Public\Book Place
2015-04-10 01:40 - 2014-09-22 22:16 - 00000000 ____D () C:\g09w
2015-04-10 01:40 - 2014-01-21 15:42 - 00000000 ____D () C:\Lyrics
2015-04-10 01:40 - 2013-02-08 13:40 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-10 01:15 - 2014-09-12 13:37 - 00000000 ____D () C:\Users\toshiba\Desktop\AOT
2015-04-10 01:15 - 2014-06-05 13:51 - 00000000 ____D () C:\Users\toshiba\Documents\Outlook Files
2015-04-10 01:15 - 2013-04-25 23:24 - 00000000 ____D () C:\Users\toshiba\Documents\Corel User Files
2015-04-10 01:15 - 2013-01-04 17:02 - 00000000 ____D () C:\Users\toshiba\Documents\SimCity Societies
2015-04-10 00:52 - 2012-06-20 23:37 - 01924195 _____ () C:\windows\WindowsUpdate.log
2015-04-09 23:00 - 2012-06-22 14:50 - 00000000 ____D () C:\Users\toshiba\AppData\Local\Google
2015-04-09 09:51 - 2013-09-29 19:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-09 09:43 - 2013-09-18 18:38 - 00000000 ____D () C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-05 11:59 - 2014-09-17 04:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 15:16 - 2012-06-24 16:58 - 00000375 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-04-01 14:06 - 2013-08-05 22:57 - 00000000 _____ () C:\ProgramData\CLDShowX.ini
2015-04-01 13:07 - 2012-06-22 20:40 - 00000000 ____D () C:\ProgramData\DatacardService
2015-04-01 12:52 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 18:45 - 2012-07-02 12:10 - 00000114 _____ () C:\windows\SysWOW64\prsgrc.tgz
2015-03-21 18:45 - 2012-07-02 12:10 - 00000100 _____ () C:\windows\SysWOW64\prsgrc.dll
2015-03-21 18:45 - 2012-07-02 12:10 - 00000086 _____ () C:\windows\SysWOW64\ssprs.tgz

==================== Files in the root of some directories =======

2013-06-19 09:51 - 2013-06-19 09:51 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-04-08 20:35 - 2015-04-08 20:35 - 0225280 _____ () C:\Users\toshiba\AppData\Roaming\01. Untrust Us.mp3
2012-07-07 21:41 - 2013-01-11 12:24 - 0000132 _____ () C:\Users\toshiba\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-03-18 01:37 - 2014-08-31 22:29 - 0000132 _____ () C:\Users\toshiba\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-08 20:35 - 2015-04-08 20:35 - 0000215 _____ () C:\Users\toshiba\AppData\Roaming\nyjuikoitg
2012-11-12 20:00 - 2013-10-08 23:21 - 0001617 _____ () C:\Users\toshiba\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-12 20:00 - 2012-11-12 20:00 - 0001153 _____ () C:\Users\toshiba\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-11-12 20:00 - 2013-10-08 23:21 - 0001694 _____ () C:\Users\toshiba\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-20 23:28 - 2013-10-20 23:28 - 0007605 _____ () C:\Users\toshiba\AppData\Local\Resmon.ResmonCfg
2013-08-05 22:57 - 2015-04-01 14:06 - 0000000 _____ () C:\ProgramData\CLDShowX.ini
2013-02-08 13:32 - 2013-02-08 13:32 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvuh1jl.dll
C:\Users\toshiba\AppData\Local\Temp\Quarantine.exe
C:\Users\toshiba\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 01:08

==================== End Of Log ============================

 

Attached File  Addition.txt   47.7KB   1 downloads

========================================================================================

 

I have uploaded the addition.txt file from FRST.

 

For your information, whan I am doing this, the Emai error notification from Norton still apperar until FRST scanning. After my PC reboot, the notification won't appear.

 

Update: The notification still appear after I followed all of your instructions.


Edited by soegiartoadi, 13 April 2015 - 01:45 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 13 April 2015 - 07:27 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [Owdics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\toshiba\AppData\Local\Ulqjmedia\Shlcrypttor16.dll
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
BHO: No Name -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} ->  No File
BHO: No Name -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} ->  No File
BHO: No Name -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} ->  No File
BHO-x32: No Name -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} ->  No File
BHO-x32: No Name -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} ->  No File
BHO-x32: No Name -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} ->  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> E:\Game\GarenaFO3ID_20140212\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 EraserSvc11311; "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /h ccCommon [X]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
U2 wuaserv; No ImagePath
C:\Users\toshiba\AppData\Local\Ulqjmedia
C:\Users\toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvuh1jl.dll
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\windows\system32\msln.exe:2b5407be22628cafe23b27239dc4c95d
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL
AlternateDataStreams: C:\ProgramData\Microsoft:uzIYuNlpr3R1WLu70EErvMabc
AlternateDataStreams: C:\ProgramData\Microsoft:yyvD8y39Gm9m8dPJJGCKg
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\toshiba\Local Settings:1qvZWfVlkRN4aMBP
AlternateDataStreams: C:\Users\toshiba\Local Settings:zI91kkUWRtyBNtYAmiJYRLh
AlternateDataStreams: C:\Users\toshiba\AppData\Local:1qvZWfVlkRN4aMBP
AlternateDataStreams: C:\Users\toshiba\AppData\Local:zI91kkUWRtyBNtYAmiJYRLh
AlternateDataStreams: C:\Users\toshiba\AppData\Local\Application Data:1qvZWfVlkRN4aMBP
AlternateDataStreams: C:\Users\toshiba\AppData\Local\Application Data:zI91kkUWRtyBNtYAmiJYRLh

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#5 soegiartoadi

soegiartoadi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 April 2015 - 10:00 AM

Hi, here is the Fixlog.txt file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by toshiba at 2015-04-13 21:47:48 Run:1
Running from C:\Users\toshiba\Desktop\farbar
Loaded Profiles: toshiba (Available profiles: toshiba)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <====
ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Run: [Owdics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\toshiba\AppData\Local\Ulqjmedia\Shlcrypttor16.dll
HKU\S-1-5-21-398046743-804850369-2392899342-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] ->
{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
BHO: No Name -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} ->  No File
BHO: No Name -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} ->  No File
BHO: No Name -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} ->  No File
BHO-x32: No Name -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} ->  No File
BHO-x32: No Name -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} ->  No File
BHO-x32: No Name -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} ->  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> E:\Game\GarenaFO3ID_20140212\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
CHR
HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 EraserSvc11311; "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /h ccCommon [X]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
U2 wuaserv; No
ImagePath
C:\Users\toshiba\AppData\Local\Ulqjmedia
C:\Users\toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvuh1jl.dll
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\windows\system32\msln.exe:2b5407be22628cafe23b27239dc4c95d
AlternateDataStreams: C:\ProgramData\CLDShowX.ini:Update.CL
AlternateDataStreams: C:\ProgramData\Microsoft:uzIYuNlpr3R1WLu70EErvMabc
AlternateDataStreams: C:\ProgramData\Microsoft:yyvD8y39Gm9m8dPJJGCKg
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\Users\toshiba\Local Settings:1qvZWfVlkRN4aMBP
AlternateDataStreams: C:\Users\toshiba\Local Settings:zI91kkUWRtyBNtYAmiJYRLh
AlternateDataStreams: C:\Users\toshiba\AppData\Local:1qvZWfVlkRN4aMBP
AlternateDataStreams: C:\Users\toshiba\AppData\Local:zI91kkUWRtyBNtYAmiJYRLh
AlternateDataStreams: C:\Users\toshiba\AppData\Local\Application Data:1qvZWfVlkRN4aMBP
AlternateDataStreams:
C:\Users\toshiba\AppData\Local\Application Data:zI91kkUWRtyBNtYAmiJYRLh

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-398046743-804850369-2392899342-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-398046743-804850369-2392899342-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Owdics => value deleted successfully.
HKU\S-1-5-21-398046743-804850369-2392899342-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> => Key not found.
HKCR\Wow6432Node\CLSID\ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> => Key not found.
{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358}" => Key deleted successfully.
HKCR\CLSID\{03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5D5BB14-C8E2-478D-9C97-574AC10AF9E8}" => Key deleted successfully.
HKCR\CLSID\{B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3D96E85-529D-4269-AC6A-97CF9E2221E3}" => Key deleted successfully.
HKCR\CLSID\{E3D96E85-529D-4269-AC6A-97CF9E2221E3} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5D5BB14-C8E2-478D-9C97-574AC10AF9E8}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3D96E85-529D-4269-AC6A-97CF9E2221E3}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E3D96E85-529D-4269-AC6A-97CF9E2221E3} => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => Key deleted successfully.
CHR => Error: No automatic fix found for this entry.
HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
EraserSvc11311 => Service deleted successfully.
HWDeviceService64.exe => Service deleted successfully.
EagleX64 => Service deleted successfully.
ewusbmbb => Service deleted successfully.
ewusbnet => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
hwdatacard => Service deleted successfully.
pccsmcfd => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
wuaserv => Service deleted successfully.
ImagePath => Error: No automatic fix found for this entry.
C:\Users\toshiba\AppData\Local\Ulqjmedia => Moved successfully.
"C:\Users\toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvuh1jl.dll" => File/Directory not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\windows\system32\msln.exe => ":2b5407be22628cafe23b27239dc4c95d" ADS removed successfully.
C:\ProgramData\CLDShowX.ini => ":Update.CL" ADS removed successfully.
C:\ProgramData\Microsoft => ":uzIYuNlpr3R1WLu70EErvMabc" ADS removed successfully.
C:\ProgramData\Microsoft => ":yyvD8y39Gm9m8dPJJGCKg" ADS removed successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
"C:\Users\toshiba\Local Settings" => ":1qvZWfVlkRN4aMBP" ADS not found.
"C:\Users\toshiba\Local Settings" => ":zI91kkUWRtyBNtYAmiJYRLh" ADS not found.
C:\Users\toshiba\AppData\Local => ":1qvZWfVlkRN4aMBP" ADS removed successfully.
C:\Users\toshiba\AppData\Local => ":zI91kkUWRtyBNtYAmiJYRLh" ADS removed successfully.
"C:\Users\toshiba\AppData\Local\Application Data" => ":1qvZWfVlkRN4aMBP" ADS not found.
AlternateDataStreams: => Error: No automatic fix found for this entry.
"C:\Users\toshiba\AppData\Local\Application Data:zI91kkUWRtyBNtYAmiJYRLh" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 21:48:29 ====

 

The computer running well now. No Error message until I post this.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 13 April 2015 - 01:09 PM

Keep me posted.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 soegiartoadi

soegiartoadi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 April 2015 - 01:13 PM

No more email error message appeared after I have done your instructions.

I think my computer running well now.

Thank you so much for your help :)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 19 April 2015 - 07:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users