Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus and/or Malware removal assistance request


  • This topic is locked This topic is locked
20 replies to this topic

#1 Christelle2015

Christelle2015

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 21 April 2015 - 01:57 PM

Hello,

Please help, I can’t use my computer. I keep getting hijacked, pop ups...

Thank you so much for your hard work.

Results of screen317's Security Check version 1.00 

   x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Windows Defender  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 Java 7 Update 45 

 Java version 32-bit out of Date!

 Adobe Flash Player        17.0.0.169 

 Adobe Reader XI 

 Mozilla Firefox (37.0.1)

````````Process Check: objlist.exe by Laurent```````` 

 Windows Defender MSMpEng.exe

 Ger Desktop Remove virus SecurityCheck.exe

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:  %

````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 17-01-2015

Ran by Ger (administrator) on 21-04-2015 at 10:44:07

Running from "C:\Users\Ger\AppData\Local\Microsoft\Windows\INetCache\IE\CYIMHV62"

Microsoft Windows 8.1  (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Policy:

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

MiniToolBox by Farbar  Version: 14-04-2015

Ran by Ger (administrator) on 21-04-2015 at 10:47:07

Running from "C:\Users\Ger\AppData\Local\Microsoft\Windows\INetCache\IE\EGTQAK6E"

Microsoft Windows 8.1  (X64)

Model: Satellite C875 Manufacturer: TOSHIBA

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ==============================

 

========================= Hosts content: =================================

 

 

========================= IP Configuration: ================================

 

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)

Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="wireless_9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : JE

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Local Area Connection* 11:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 24-EC-99-D7-11-98

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : triad.rr.com

   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Physical Address. . . . . . . . . : 4C-72-B9-FB-34-88

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

   Physical Address. . . . . . . . . : 24-EC-99-D7-11-98

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::15dc:7194:75a2:b8bb%3(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Tuesday, April 21, 2015 10:29:47 AM

   Lease Expires . . . . . . . . . . : Tuesday, April 21, 2015 12:29:46 PM

   Default Gateway . . . . . . . . . : 192.168.0.1

   DHCP Server . . . . . . . . . . . : 192.168.0.1

   DHCPv6 IAID . . . . . . . . . . . : 254078105

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-0F-8E-92-24-EC-99-D7-11-98

   DNS Servers . . . . . . . . . . . : 192.168.0.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

Server:  UnKnown

Address:  192.168.0.1

 

Name:    google.com

Addresses:  2607:f8b0:4002:c06::8b

                  74.125.196.138

                  74.125.196.100

                  74.125.196.139

                  74.125.196.101

                  74.125.196.102

                  74.125.196.113

 

 

Pinging google.com [64.233.185.139] with 32 bytes of data:

Reply from 64.233.185.139: bytes=32 time=23ms TTL=41

Reply from 64.233.185.139: bytes=32 time=21ms TTL=41

 

Ping statistics for 64.233.185.139:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 21ms, Maximum = 23ms, Average = 22ms

Server:  UnKnown

Address:  192.168.0.1

 

Name:    yahoo.com

Addresses:  206.190.36.45

                  98.138.253.109

                  98.139.183.24

 

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=46ms TTL=47

Reply from 98.139.183.24: bytes=32 time=42ms TTL=47

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 42ms, Maximum = 46ms, Average = 44ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

  5...24 ec 99 d7 11 98 ......Microsoft Wi-Fi Direct Virtual Adapter

  4...4c 72 b9 fb 34 88 ......Realtek PCIe FE Family Controller

  3...24 ec 99 d7 11 98 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

  1...........................Software Loopback Interface 1

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.0.0    255.255.255.0         On-link     192.168.0.100    281

    192.168.0.100  255.255.255.255         On-link     192.168.0.100    281

    192.168.0.255  255.255.255.255         On-link     192.168.0.100    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.0.100    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.0.100    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  1    306 ::1/128                  On-link

  3    281 fe80::/64                On-link

  3    281 fe80::15dc:7194:75a2:b8bb/128

                                    On-link

  1    306 ff00::/8                 On-link

  3    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (04/21/2015 10:33:28 AM) (Source: Application Error) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5

Exception code: 0xc0000374

Fault offset: 0x00000000000f12a0

Faulting process id: 0x12f4

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/20/2015 08:52:20 PM) (Source: Application Error) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5

Exception code: 0xc0000374

Fault offset: 0x00000000000f12a0

Faulting process id: 0x1184

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/18/2015 02:25:51 AM) (Source: Application Error) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5

Exception code: 0xc0000374

Fault offset: 0x00000000000f12a0

Faulting process id: 0x15e4

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/17/2015 05:23:16 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/17/2015 04:47:20 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/17/2015 04:12:07 AM) (Source: Application Error) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5

Exception code: 0xc0000374

Fault offset: 0x00000000000f12a0

Faulting process id: 0xd9c

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/15/2015 05:20:41 PM) (Source: Application Error) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5

Exception code: 0xc0000374

Fault offset: 0x00000000000f12a0

Faulting process id: 0x158c

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/14/2015 06:17:05 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/14/2015 05:37:30 PM) (Source: Application Error) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5

Exception code: 0xc0000374

Fault offset: 0x00000000000f12a0

Faulting process id: 0x11cc

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/14/2015 05:17:49 AM) (Source: Application Error) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5

Exception code: 0xc0000374

Fault offset: 0x00000000000f12a0

Faulting process id: 0x13f4

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

 

System errors:

=============

Error: (04/21/2015 10:35:12 AM) (Source: DCOM) (User: JE)

Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

 

Error: (04/21/2015 10:33:32 AM) (Source: Service Control Manager) (User: )

Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/20/2015 09:48:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3048778).

 

Error: (04/20/2015 09:46:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB3045999).

 

Error: (04/20/2015 09:46:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3042085).

 

Error: (04/20/2015 09:46:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB3045755).

 

Error: (04/20/2015 09:06:22 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.

 

Error: (04/20/2015 09:06:22 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.

 

Error: (04/20/2015 08:53:59 PM) (Source: DCOM) (User: JE)

Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

 

Error: (04/20/2015 08:52:41 PM) (Source: Service Control Manager) (User: )

Description: The TPCH Service service terminated unexpectedly.  It has done this 19 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (04/21/2015 10:33:28 AM) (Source: Application Error)(User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a012f401d07c4018764dc2C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll5fcfff4d-e833-11e4-befb-4c72b9fb3488

 

Error: (04/20/2015 08:52:20 PM) (Source: Application Error)(User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a0118401d07bcd5f555555C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dlla9e642a5-e7c0-11e4-befa-4c72b9fb3488

 

Error: (04/18/2015 02:25:51 AM) (Source: Application Error)(User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a015e401d079a0813818b5C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dllc1f0de30-e593-11e4-befa-4c72b9fb3488

 

Error: (04/17/2015 05:23:16 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

 

Error: (04/17/2015 04:47:20 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

 

Error: (04/17/2015 04:12:07 AM) (Source: Application Error)(User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a0d9c01d078e630d10ab1C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll7039e367-e4d9-11e4-befa-4c72b9fb3488

 

Error: (04/15/2015 05:20:41 PM) (Source: Application Error)(User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a0158c01d077c20547c25fC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll445a47d0-e3b5-11e4-befa-4c72b9fb3488

 

Error: (04/14/2015 06:17:05 PM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

 

Error: (04/14/2015 05:37:30 PM) (Source: Application Error)(User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a011cc01d076fb3429f09fC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll7377cafa-e2ee-11e4-befa-4c72b9fb3488

 

Error: (04/14/2015 05:17:49 AM) (Source: Application Error)(User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1766854c850f5c000037400000000000f12a013f401d07693deab6a56C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll1e0a3aa7-e287-11e4-befa-4c72b9fb3488

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-04-21 10:45:47.555

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:47.399

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:11.159

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:11.003

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-07 15:23:41.587

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-07 08:09:38.221

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-03-26 21:23:53.891

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-03-21 03:46:22.421

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-03-17 03:12:14.600

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-03-17 03:12:14.428

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

 

=========================== Installed Programs ============================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)

4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 15.0.0.356 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

C501 Checkers 1.1.3 (HKLM-x32\...\{7B35966E-246C-4D0B-98E8-53F1F1C9D5F5}_is1) (Version:  - Congelli 501 / Colin GILLE)

CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)

Checkers (HKLM-x32\...\{739E66B1-1B80-4F3F-8D19-342A89631E1A}_is1) (Version:  - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB2965299) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D1102BF0-0FBC-4344-BF90-95DA329C6D4A}) (Version:  - Microsoft)

Definition Update for Microsoft Office 2010 (KB2965299) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D1102BF0-0FBC-4344-BF90-95DA329C6D4A}) (Version:  - Microsoft)

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)

Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)

Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office InfoPath MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)

TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)

Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)

Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)

Toshiba Password Utility (x32 Version: 2.00.800 - Toshiba Corporation) Hidden

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{53FAC141-5C6B-4F97-ABC4-E635ABBC59E5}) (Version:  - Microsoft)

Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{53FAC141-5C6B-4F97-ABC4-E635ABBC59E5}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{530585A7-6AC9-4C29-81B7-D24A6CB031C8}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-0016-040C-0000-0000000FF1CE}_Office14.PROPLUS_{592AF4E7-9AFC-407E-8C34-2BFE2ECA836D}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-0018-040C-0000-0000000FF1CE}_Office14.PROPLUS_{592AF4E7-9AFC-407E-8C34-2BFE2ECA836D}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-001B-040C-0000-0000000FF1CE}_Office14.PROPLUS_{592AF4E7-9AFC-407E-8C34-2BFE2ECA836D}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{530585A7-6AC9-4C29-81B7-D24A6CB031C8}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E9B182C4-9B69-4A42-A799-C145FED67701}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-040C-0000-0000000FF1CE}_Office14.PROPLUS_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{60C9499F-B532-4206-AB19-F88C3A7684D5}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{74BC74BD-9032-4646-B248-F9F45E6D1326}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{74BC74BD-9032-4646-B248-F9F45E6D1326}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{53FDC948-3ABA-4BDE-BCEB-F1465C93D91C}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{53FDC948-3ABA-4BDE-BCEB-F1465C93D91C}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2956191) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{500A5B54-0498-45EA-9AB9-5BB61F984FDF}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2956191) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{500A5B54-0498-45EA-9AB9-5BB61F984FDF}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{82148027-13B5-4920-97F3-6A44A29B83D0}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-040C-0000-0000000FF1CE}_Office14.PROPLUS_{7AB85FD3-57D2-4D20-BC0A-7632FDA3003F}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C4C319F9-25AE-4EF5-B3EB-1C1EE9AA520D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{2F63E4DE-723C-4785-9776-9F54D456DE31}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{90140000-001A-040C-0000-0000000FF1CE}_Office14.PROPLUS_{B8F0FB77-3D97-481C-B815-D01E9E9D1725}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C4C319F9-25AE-4EF5-B3EB-1C1EE9AA520D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2956190) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6634BCE3-2F6D-4E7F-A02C-6F045FC1F075}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2956190) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6634BCE3-2F6D-4E7F-A02C-6F045FC1F075}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2881025) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8764EC2A-9F51-483B-9E00-82806B6A6909}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2881025) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8764EC2A-9F51-483B-9E00-82806B6A6909}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{30B9D112-E68C-461D-B370-6D0B6AD61AC6}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{30B9D112-E68C-461D-B370-6D0B6AD61AC6}) (Version:  - Microsoft)

USB Driver (HKLM-x32\...\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}) (Version:  - )

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

 

========================= Memory info: ===================================

 

Percentage of memory in use: 47%

Total physical RAM: 3979.22 MB

Available physical RAM: 2086 MB

Total Pagefile: 4683.22 MB

Available Pagefile: 2932.09 MB

Total Virtual: 4095.88 MB

Available Virtual: 3982.66 MB

 

========================= Partitions: =====================================

 

1 Drive c: (TI10648300K) (Fixed) (Total:455.2 GB) (Free:344.71 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\JE

 

Administrator            Ger                      Guest                   

Jules                   

 

========================= Restore Points ==================================

 

26-03-2015 00:56:51 Revo Uninstaller's restore point - SmartPurple

03-04-2015 22:32:21 Scheduled Checkpoint

09-04-2015 20:41:37 Windows Update

17-04-2015 09:33:30 Scheduled Checkpoint

21-04-2015 00:49:08 Windows Update

21-04-2015 00:52:19 Windows Modules Installer

 

**** End of log ****

 

 

 

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 4/21/2015 10:52:23 AM, SYSTEM, JE, Manual, Remediation Database, 2015.3.9.1, 2015.4.6.2,

Update, 4/21/2015 10:52:24 AM, SYSTEM, JE, Manual, Rootkit Database, 2015.2.25.1, 2015.4.20.1,

Update, 4/21/2015 10:53:07 AM, SYSTEM, JE, Manual, Malware Database, 2015.3.9.5, 2015.4.21.3,

Update, 4/21/2015 10:54:05 AM, SYSTEM, JE, Manual, Malware Database, 2015.4.21.3, 2015.4.21.4,

Scan, 4/21/2015 11:28:30 AM, SYSTEM, JE, Manual, Start:4/21/2015 10:54:05 AM, Duration:32 min 13 sec, Threat Scan, Completed, 0 Malware Detections, 181 Non-Malware Detections,

Error, 4/21/2015 11:33:06 AM, SYSTEM, JE, Protection, IsLicensed, 13,

Protection, 4/21/2015 11:33:06 AM, SYSTEM, JE, Protection, Malware Protection, Stopping,

Protection, 4/21/2015 11:33:06 AM, SYSTEM, JE, Protection, Malware Protection, Stopped,

 

(end)

 

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

www.malwarebytes.org

 

Database version:

  main:    v2015.04.21.05

  rootkit: v2015.04.20.01

 

Windows 8.1 x64 NTFS

Internet Explorer 11.0.9600.17690

Ger :: JE [administrator]

 

4/21/2015 11:48:26 AM

mbar-log-2015-04-21 (11-48-26).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 447388

Time elapsed: 49 minute(s), 54 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.3.9200 Windows 8.1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.17690

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.395000 GHz

Memory total: 4172513280, free: 2545750016

 

Downloaded database version: v2015.04.21.05

Downloaded database version: v2015.04.20.01

Downloaded database version: v2015.04.06.02

=======================================

Initializing...

------------ Kernel report ------------

     04/21/2015 11:48:12

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\werkernel.sys

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\kqwmw.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\storahci.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Wof.sys

\SystemRoot\system32\drivers\WdFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\tos_sps64.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\intelpep.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys

\SystemRoot\system32\DRIVERS\VBoxDrv.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ahcache.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\HECIx64.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\rtwlane.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\??\C:\windows\system32\drivers\UBHelper.sys

\??\C:\windows\system32\drivers\NTIDrvr.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\System32\drivers\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\drivers\NdisVirtualBus.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\iwdbus.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\drivers\Thotkey.sys

\SystemRoot\System32\drivers\mshidkmdf.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_storahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\??\C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\Drivers\WdNisDrv.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

----------- End -----------

Done!

 

Scan started

Database versions:

  main:    v2015.04.21.05

  rootkit: v2015.04.20.01

 

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffe00108351060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffe00108351a40, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe00108351060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffe001079523a0, DeviceName: \Device\0000002d\, DriverName: \Driver\storahci\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rndismpx.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usb8023x.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usb8023x.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 0

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 2432423175

    GPT Header CurrentLba = 1 BackupLba 976773167

    GPT Header FirstUsableLba 34  LastUsableLba 976773134

    GPT Header Guid 7c63321-fed0-11e1-b2d-abac6cc64625

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 2432423175

    Backup GPT header CurrentLba = 976773167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134

    Backup GPT header Guid 7c63321-fed0-11e1-b2d-abac6cc64625

    Backup GPT header Contains 128 partition entries starting at LBA 976773135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 7c63322-fed0-11e1-b2d-abac6cc64625

    FirstLBA 2048  Last LBA 923647

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 7c6332a-fed0-11e1-b2d-abac6cc64625

    FirstLBA 923648  Last LBA 1456127

    Attributes 0

    Partition Name                 Basic data partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID 7c6332c-fed0-11e1-b2d-abac6cc64625

    FirstLBA 1456128  Last LBA 1718271

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 7c63334-fed0-11e1-b2d-abac6cc64625

    FirstLBA 1718272  Last LBA 956340223

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID c433016f-2e65-4509-a358-ebf24ebe9e7c

    FirstLBA 956340224  Last LBA 957261823

    Attributes 1

    Partition Name                                    

 

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 999a0848-f857-488c-8936-4e81666c6a1f

    FirstLBA 957261824  Last LBA 976773119

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.3.9200 Windows 8.1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.17728

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.395000 GHz

Memory total: 4172513280, free: 2571296768

----------------------------------------------------------------END---------------------------------------------------------------------

Rkill 2.7.0 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2015 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 04/21/2015 02:13:11 PM in x64 mode.

Windows Version: Windows 8.1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity:

 

 * No issues found.

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * No issues found.

 

Program finished at: 04/21/2015 02:16:50 PM

Execution time: 0 hours(s), 3 minute(s), and 39 seconds(s)



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 21 April 2015 - 04:24 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 23 April 2015 - 06:27 PM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 Christelle2015

Christelle2015
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 23 April 2015 - 08:14 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02

Ran by Ger (administrator) on JE on 23-04-2015 21:05:43

Running from C:\Users\Ger\Desktop\Remove virus

Loaded Profiles: Ger (Available profiles: Ger & Jules & Guest)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\UserAccountControlSettings.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)

HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {12be5f0f-9171-11e4-beec-4c72b9fb3488} - "D:\AutoRun.exe"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {77a1e4d6-3cce-11e4-bee3-4c72b9fb3488} - "D:\AutoRun.exe"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {87b0150e-7aa0-11e4-beea-4c72b9fb3488} - "D:\AutoRun.exe"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {d3a6eae1-dca7-11e4-bef9-4c72b9fb3488} - "D:\AutoRun.exe"

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/news/world/africa

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =

SearchScopes: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> {5B03F13E-D9C5-4365-AD5F-A85D1D23C08D} URL =

SearchScopes: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)

Toolbar: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File

Toolbar: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\Ger\AppData\Roaming\Mozilla\Firefox\Profiles\fpw2frhb.default-1405555309375

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-11-09] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-11-09] (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Ger\AppData\Roaming\Mozilla\Firefox\Profiles\fpw2frhb.default-1405555309375\user.js [2015-03-26]

FF Plugin ProgramFiles/Appdata: C:\Users\Ger\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-09]

FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-03-15]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

S4 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)

S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation                           )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-23 21:05 - 2015-04-23 21:05 - 00000000 ____D () C:\FRST

2015-04-21 14:13 - 2015-04-21 14:16 - 00001990 _____ () C:\Users\Ger\Desktop\Rkill.txt

2015-04-21 12:13 - 2015-04-21 12:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-21 11:48 - 2015-04-21 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-04-21 11:46 - 2015-04-21 14:06 - 00000000 ____D () C:\Users\Ger\Desktop\mbar

2015-04-21 10:52 - 2015-04-21 14:05 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-04-21 10:51 - 2015-04-21 14:06 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-04-21 10:51 - 2015-04-21 10:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-21 10:51 - 2015-04-21 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-21 10:51 - 2015-04-21 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-21 10:51 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-04-21 10:51 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-04-21 10:47 - 2015-04-21 10:47 - 00060119 _____ () C:\Users\Ger\Desktop\Result.txt

2015-04-21 10:44 - 2015-04-21 10:44 - 00002321 _____ () C:\Users\Ger\Desktop\FSS.txt

2015-04-21 10:43 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-04-21 10:43 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-04-21 10:43 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-04-21 10:43 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-04-21 10:43 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-04-21 10:42 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-04-21 10:42 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-04-21 10:42 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-04-21 10:42 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-04-21 10:42 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-04-21 10:42 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-04-21 10:42 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-04-21 10:42 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-04-21 10:42 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-04-21 10:42 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-04-21 10:42 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-04-21 10:42 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-04-21 10:42 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-04-21 10:42 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-04-21 10:42 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-04-21 10:42 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-04-21 10:42 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-04-21 10:42 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-04-21 10:42 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-04-21 10:38 - 2015-04-23 21:05 - 00000000 ____D () C:\Users\Ger\Desktop\Remove virus

2015-04-20 21:52 - 2015-04-20 21:52 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2015-04-20 21:28 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2015-04-20 21:28 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2015-04-20 21:23 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-04-20 21:23 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-04-20 21:05 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-04-20 21:05 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-04-20 21:05 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll

2015-04-20 21:05 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-04-20 21:05 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll

2015-04-20 21:05 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2015-04-20 21:05 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll

2015-04-20 21:05 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll

2015-04-20 21:05 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe

2015-04-20 21:05 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe

2015-04-20 21:05 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll

2015-04-20 21:05 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll

2015-04-20 21:04 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll

2015-04-20 21:04 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

2015-04-20 21:04 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2015-04-20 21:04 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll

2015-04-18 02:31 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

2015-04-18 02:31 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll

2015-04-18 02:31 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll

2015-04-18 02:29 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2015-04-18 02:29 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2015-04-18 02:29 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2015-04-18 02:29 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll

2015-04-18 02:29 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll

2015-04-18 02:29 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2015-04-18 02:29 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-04-18 02:29 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2015-04-18 02:29 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2015-04-18 02:29 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2015-04-18 02:29 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2015-04-18 02:29 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2015-04-18 02:29 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2015-04-18 02:29 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2015-04-18 02:29 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2015-04-18 02:29 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2015-04-18 02:29 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2015-04-18 02:29 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2015-04-17 08:04 - 2015-04-17 08:04 - 00000000 ____D () C:\Users\Ger\Desktop\Compilation Ivoirienne

2015-04-17 04:31 - 2015-04-17 05:09 - 00000000 ____D () C:\Users\Ger\Desktop\DDR Congo

2015-04-07 07:30 - 2015-04-07 18:40 - 00000000 ____D () C:\Users\Ger\Desktop\BETHEL

2015-04-06 08:18 - 2015-04-06 08:19 - 00000000 ___SD () C:\WINDOWS\system32\GWX

2015-04-06 08:18 - 2015-04-06 08:18 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

2015-04-06 08:06 - 2015-04-21 14:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-06 08:06 - 2015-04-06 08:06 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-04-06 08:06 - 2015-04-06 08:06 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-04-06 07:40 - 2015-04-06 07:40 - 00243312 _____ () C:\Users\Ger\Downloads\Firefox Setup Stub 37.0.1.exe

2015-04-04 19:43 - 2015-04-08 08:46 - 00000000 ____D () C:\Users\Ger\Desktop\Associate Expert

2015-04-02 04:24 - 2015-04-02 04:24 - 00003584 _____ () C:\Users\Ger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-03-26 21:08 - 2015-04-22 22:09 - 00012310 _____ () C:\WINDOWS\setupact.log

2015-03-26 21:08 - 2015-04-21 13:12 - 00122758 _____ () C:\WINDOWS\PFRO.log

2015-03-26 21:08 - 2015-03-26 21:08 - 00000000 _____ () C:\WINDOWS\setuperr.log

2015-03-26 20:29 - 2015-04-21 13:24 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2303896276-1334946689-739301612-1001

2015-03-26 20:20 - 2015-03-26 20:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Ger\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-26 19:49 - 2015-04-23 20:59 - 02067791 _____ () C:\WINDOWS\WindowsUpdate.log

2015-03-25 21:00 - 2015-03-29 15:49 - 00000000 ____D () C:\ProgramData\9d8b6bdf00007a6f

2015-03-25 19:21 - 2015-03-25 19:21 - 00000000 ____D () C:\ProgramData\05aaabf9150243ab97605a4c8a7b05cd

2015-03-25 19:21 - 2015-03-25 19:21 - 00000000 _____ () C:\Users\Ger\AppData\Local\.a852.db

2015-03-24 20:14 - 2015-03-29 15:49 - 00000000 ____D () C:\ProgramData\d94af08700005d8b

2015-03-24 19:54 - 2015-04-21 11:28 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\rQWlqpB

2015-03-24 19:54 - 2015-04-21 11:28 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\Obr9JiL

2015-03-24 19:54 - 2015-04-21 11:28 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\e7nEfdf

2015-03-24 19:54 - 2015-03-24 19:54 - 00003276 _____ () C:\WINDOWS\System32\Tasks\UlXlvtUrFbuL3e0

2015-03-24 19:54 - 2015-03-24 19:54 - 00003236 _____ () C:\WINDOWS\System32\Tasks\Tke7zRUFAjNS8kO

2015-03-24 19:54 - 2015-03-24 19:54 - 00003234 _____ () C:\WINDOWS\System32\Tasks\XmAEGq1fzfmUWWZ

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-23 21:03 - 2013-07-26 14:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-04-23 21:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-04-23 20:47 - 2013-01-07 05:19 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-23 19:02 - 2014-07-02 01:49 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F3A9FC54-B68D-45F5-931A-8AABB46D9672}

2015-04-23 18:59 - 2014-03-18 06:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-04-23 18:59 - 2013-01-07 05:19 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-21 13:43 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat

2015-04-21 13:13 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-04-21 13:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-04-21 13:10 - 2012-12-19 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-21 13:08 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-04-21 11:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore

2015-04-21 10:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-04-20 21:52 - 2015-03-12 21:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-04-20 21:51 - 2013-07-24 17:30 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-04-20 21:48 - 2012-12-21 14:39 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-04-20 21:46 - 2014-09-11 23:03 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-04-20 21:46 - 2013-06-02 15:11 - 00000000 ____D () C:\ProgramData\Skype

2015-04-20 21:46 - 2012-07-26 01:26 - 00000304 _____ () C:\WINDOWS\win.ini

2015-04-20 21:04 - 2013-07-26 14:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-04-18 02:39 - 2015-01-21 21:09 - 00000000 ____D () C:\Users\Ger\Desktop\Mariage

2015-04-15 17:25 - 2014-11-11 19:42 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

2015-04-13 19:24 - 2013-08-22 11:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-04-13 19:24 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-11 19:26 - 2014-06-06 15:57 - 00000000 ____D () C:\Users\Ger\Desktop\Cabinet CECRAB

2015-04-11 16:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-04-10 05:20 - 2014-04-04 11:23 - 00000000 ____D () C:\Users\Ger\Desktop\OI 2014

2015-04-06 18:57 - 2014-07-02 01:03 - 00000000 ____D () C:\Users\Ger

2015-04-03 06:46 - 2014-04-04 11:22 - 00000000 ____D () C:\Users\Ger\Desktop\Perso

2015-03-29 15:49 - 2015-03-18 21:00 - 00000000 ____D () C:\ProgramData\365e8ca8000065d6

2015-03-26 21:08 - 2013-05-15 12:34 - 00000000 ____D () C:\WINDOWS\Downloaded Installations

2015-03-26 21:07 - 2015-02-24 20:19 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\RilEA6s

2015-03-26 21:07 - 2015-01-25 16:59 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\D97B4ux

2015-03-26 21:07 - 2014-12-13 21:25 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\FirefoxToolbar

2015-03-26 19:27 - 2013-01-01 02:11 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\uTorrent

 

==================== Files in the root of some directories =======

 

2014-07-06 20:57 - 2014-07-07 00:02 - 0000320 _____ () C:\Users\Ger\AppData\Roaming\aps.uninstall.scan.results

2015-03-25 19:21 - 2015-03-25 19:21 - 0000000 _____ () C:\Users\Ger\AppData\Local\.a852.db

2015-04-02 04:24 - 2015-04-02 04:24 - 0003584 _____ () C:\Users\Ger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-14 22:27 - 2014-09-14 22:27 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-07-24 00:18 - 2014-07-24 00:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2014-09-13 23:40 - 2014-09-13 23:48 - 0000830 _____ () C:\ProgramData\hpzinstall.log

 

Some content of TEMP:

====================

C:\Users\Ger\AppData\Local\Temp\124BF0B2-E53B-213B-268B-4511DD53B6AA.exe

C:\Users\Ger\AppData\Local\Temp\amisetup8212__12086.exe

C:\Users\Ger\AppData\Local\Temp\amisetup8251__12086.exe

C:\Users\Ger\AppData\Local\Temp\amisetup8382__12087.exe

C:\Users\Ger\AppData\Local\Temp\amisetup8411__12087.exe

C:\Users\Ger\AppData\Local\Temp\EAB3EB71-86DC-862C-E185-BE32B72AB11C.dll

C:\Users\Ger\AppData\Local\Temp\EAB3EB71-86DC-862C-E185-BE32B72AB11C.exe

C:\Users\Ger\AppData\Local\Temp\OnlineBackup.exe

C:\Users\Ger\AppData\Local\Temp\supoptsetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-04-21 13:24

 

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02

Ran by Ger at 2015-04-23 21:06:57

Running from C:\Users\Ger\Desktop\Remove virus

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2303896276-1334946689-739301612-500 - Administrator - Disabled)

Ger (S-1-5-21-2303896276-1334946689-739301612-1001 - Administrator - Enabled) => C:\Users\Ger

Guest (S-1-5-21-2303896276-1334946689-739301612-501 - Limited - Enabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-2303896276-1334946689-739301612-1003 - Limited - Enabled)

Jules (S-1-5-21-2303896276-1334946689-739301612-1005 - Limited - Enabled) => C:\Users\Jules

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)

4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

C501 Checkers 1.1.3 (HKLM-x32\...\{7B35966E-246C-4D0B-98E8-53F1F1C9D5F5}_is1) (Version:  - Congelli 501 / Colin GILLE)

CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)

Checkers (HKLM-x32\...\{739E66B1-1B80-4F3F-8D19-342A89631E1A}_is1) (Version:  - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)

Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)

TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)

Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)

Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

USB Driver (HKLM-x32\...\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}) (Version:  - )

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2303896276-1334946689-739301612-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ger\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

09-04-2015 16:41:37 Windows Update

17-04-2015 05:33:30 Scheduled Checkpoint

20-04-2015 20:49:08 Windows Update

20-04-2015 20:52:19 Windows Modules Installer

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-02-24 22:30 - 2015-02-24 22:30 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {02D4CE36-229E-4458-BCD7-27B11949CEE6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-20] (Microsoft Corporation)

Task: {03758832-5036-4098-9752-EEC7C657B935} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {058A0F87-2FF5-4334-8EA5-4F541015B842} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {1789EA55-41AE-4CB8-B300-FD08E4DDE704} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe

Task: {1E445305-EFA8-456C-B134-A35BC83A437F} - System32\Tasks\{977F5A27-CEEA-4BD0-BCED-C23DB15F8F48} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {20B4F8D8-7890-46A0-8308-9E9156114D4E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {31042B4C-C598-4B29-B550-1104904F7D22} - System32\Tasks\{8A6FDC99-B16A-492C-94C7-1D300681ED36} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {321C6D22-9F23-4102-A294-15A1F596CEBA} - System32\Tasks\{410D5053-6755-4A7B-956A-C9E45EBAC278} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {364B115D-F160-46F5-9219-7DD2F3C4250A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {37D84C64-5460-493D-8785-DE74C110BD98} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)

Task: {3E2AFB72-2311-4C1E-9A9A-9C1114BA7571} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {41CBCE1C-1D4F-41AB-A572-9F881DCED62A} - System32\Tasks\{BA9262E3-6C43-430D-90D8-1B1875570BB8} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {41FE982A-3B74-4521-A900-9CD4B1880730} - System32\Tasks\Tke7zRUFAjNS8kO => C:\Users\Ger\AppData\Roaming\Obr9JiL\xue6keo.exe

Task: {4C4FC9EA-92BB-4343-B20D-91BE62E9A1BD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {547F85A8-8EE9-49F4-95BB-289735C78572} - System32\Tasks\{5AC9D935-8B5B-46CF-AE77-146119723531} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {54C25B36-27F0-4F39-8B22-83104B3CD223} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)

Task: {587C11B0-932B-457B-A755-CC082B8FB353} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)

Task: {594A7A05-975E-4CCD-B8F0-AAE6489A3FFF} - System32\Tasks\{EF11E685-39C1-4FE0-8A1A-B1A9F790B9AF} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {6DD28B8E-6DED-4279-93A4-FD20BC1589C1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)

Task: {75D2F593-205F-459D-96D9-D2274B5EA281} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2303896276-1334946689-739301612-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe

Task: {862A2D7B-3076-4AC8-97EE-4E154ACAAED1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)

Task: {9B66F7A6-04EF-45B1-94E0-1AF43C02E04A} - System32\Tasks\{BD9FAB71-C83A-4EFB-A206-0947754AC9A0} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {9D763F69-7728-4421-9956-7F60A2BA7B7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {A4AB3942-3779-49B5-83AE-00BAA05C1CB8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)

Task: {A861BFF5-F742-4423-B67F-E16E6FCAE934} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)

Task: {AC7A09AC-579C-4F69-ABF6-D61BF8C2BD33} - System32\Tasks\UlXlvtUrFbuL3e0 => C:\Users\Ger\AppData\Roaming\e7nEfdf\r27Aieg.exe

Task: {B179754E-DFD6-4355-9E3A-06BB7D5481A2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)

Task: {B5E9BB78-6273-480D-9013-3129A9247F4D} - System32\Tasks\{801241BC-6ED3-4F35-A236-806655E2E032} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {BF7C6FB7-9A5C-4B3C-A0D3-D216DF5BAC1B} - System32\Tasks\{BFE8C0E3-77A1-4CF2-9401-E32536D9E403} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {CA91AA2D-1AA6-4B35-867D-0E74B80F6A37} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {E2BE4ECD-72E4-4445-8DED-2B5A5D1A4C51} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe

Task: {F13D6D24-E111-485D-8160-D8F7933FB4E9} - System32\Tasks\XmAEGq1fzfmUWWZ => C:\Users\Ger\AppData\Roaming\rQWlqpB\TBYfMr2.exe

Task: {FEBDA78A-799D-4C62-B71B-D87C25813715} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-03-15 03:18 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-10-16 17:54 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A

AlternateDataStreams: C:\Users\Ger\OneDrive:ms-properties

AlternateDataStreams: C:\Users\Ger\AppData\Roaming\Microsoft\Windows\Start Menu\CNN.website:TASKICON_0favicon.ie9-704105598

AlternateDataStreams: C:\Users\Ger\AppData\Roaming\Microsoft\Windows\Start Menu\CNN.website:TASKICON_1favicon-953613648

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\medtech-itsupport.com -> hxxp://www.medtech-itsupport.com

IE restricted site: HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\mystart.com -> hxxp://www.mystart.com

IE restricted site: HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\trovi.com -> hxxp://www.trovi.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ger\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"

HKLM\...\StartupApproved\Run: => "Eraser"

HKLM\...\StartupApproved\Run32: => "TPUReg"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"

HKLM\...\StartupApproved\Run32: => "t4pc_en_8"

HKLM\...\StartupApproved\Run32: => "HP Software Update"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP ENVY 4500 series.lnk"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\StartupApproved\Run: => "Skype"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/23/2015 08:59:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

Error: (04/23/2015 07:38:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 14e8

 

Start Time: 01d07e1b43adf53a

 

Termination Time: 15

 

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

Report Id: d3876d41-ea11-11e4-befd-4c72b9fb3488

 

Faulting package full name:

 

Faulting package-relative application ID:

 

Error: (04/23/2015 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336

Exception code: 0xc0000374

Fault offset: 0x00000000000f0f20

Faulting process id: 0x1ad8

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/23/2015 08:21:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336

Exception code: 0xc0000374

Fault offset: 0x00000000000f0f20

Faulting process id: 0x1444

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/22/2015 09:58:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9

Faulting module name: Flash.ocx, version: 17.0.0.169, time stamp: 0x5529e2cc

Exception code: 0xc0000005

Fault offset: 0x00810850

Faulting process id: 0x1328

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

 

Error: (04/22/2015 07:29:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336

Exception code: 0xc0000374

Fault offset: 0x00000000000f0f20

Faulting process id: 0x6e8

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/21/2015 01:56:59 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/21/2015 01:32:36 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/21/2015 01:16:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336

Exception code: 0xc0000374

Fault offset: 0x00000000000f0f20

Faulting process id: 0xd4c

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/21/2015 01:05:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee

Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536

Exception code: 0x80000003

Fault offset: 0x00001aa1

Faulting process id: 0x13ac

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3

Faulting package full name: plugin-container.exe4

Faulting package-relative application ID: plugin-container.exe5

 

 

System errors:

=============

Error: (04/23/2015 07:45:10 PM) (Source: DCOM) (EventID: 10010) (User: JE)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (04/23/2015 07:44:40 PM) (Source: DCOM) (EventID: 10010) (User: JE)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (04/23/2015 07:03:18 PM) (Source: DCOM) (EventID: 10010) (User: JE)

Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

 

Error: (04/23/2015 07:01:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The TPCH Service service terminated unexpectedly.  It has done this 4 time(s).

 

Error: (04/23/2015 06:58:45 PM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR3.

 

Error: (04/23/2015 08:31:50 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR3.

 

Error: (04/23/2015 08:31:49 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR3.

 

Error: (04/23/2015 08:31:49 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR3.

 

Error: (04/23/2015 08:31:49 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR3.

 

Error: (04/23/2015 08:31:49 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR3.

 

 

Microsoft Office Sessions:

=========================

Error: (04/23/2015 08:59:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: -2147024883

 

Error: (04/23/2015 07:38:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: IEXPLORE.EXE11.0.9600.1741614e801d07e1b43adf53a15C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd3876d41-ea11-11e4-befd-4c72b9fb3488

 

Error: (04/23/2015 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f201ad801d07e1968a3eb04C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dlla7f8e805-ea0c-11e4-befd-4c72b9fb3488

 

Error: (04/23/2015 08:21:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f20144401d07dc0147cff5dC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll53c694e8-e9b3-11e4-befd-4c72b9fb3488

 

Error: (04/22/2015 09:58:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: IEXPLORE.EXE11.0.9600.174165452eed9Flash.ocx17.0.0.1695529e2ccc000000500810850132801d07d5419cc878fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx367bbbc7-e95c-11e4-befd-4c72b9fb3488

 

Error: (04/22/2015 07:29:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f206e801d07d5435e6fa66C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll7696f3c8-e947-11e4-befd-4c72b9fb3488

 

Error: (04/21/2015 01:56:59 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

 

Error: (04/21/2015 01:32:36 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

 

Error: (04/21/2015 01:16:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f20d4c01d07c56e8de6ebeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll292b6d21-e84a-11e4-befd-4c72b9fb3488

 

Error: (04/21/2015 01:05:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa113ac01d07c4aa7628243C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll96606d23-e848-11e4-befc-4c72b9fb3488

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-04-21 14:17:52.661

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 14:17:52.505

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 13:31:03.601

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:47.555

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:47.399

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:11.159

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:11.003

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-07 15:23:41.587

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-07 08:09:38.221

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-03-26 21:23:53.891

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz

Percentage of memory in use: 54%

Total physical RAM: 3979.22 MB

Available physical RAM: 1806.65 MB

Total Pagefile: 4683.22 MB

Available Pagefile: 2396.99 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB

 

==================== Drives ================================

 

Drive c: (TI10648300K) (Fixed) (Total:455.2 GB) (Free:345.5 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 24 April 2015 - 02:15 AM

Hi there,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 Christelle2015

Christelle2015
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 24 April 2015 - 09:29 PM

# AdwCleaner v4.202 - Logfile created 24/04/2015 at 21:22:00

# Updated 23/04/2015 by Xplode

# Database : 2015-04-23.2 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Ger - JE

# Running from : C:\Users\Ger\Desktop\Remove virus\adwcleaner_4.202.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Radsteroids

Folder Deleted : C:\Users\Ger\Favorites\StumbleUpon

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\ytd video downloader

Folder Deleted : C:\ProgramData\365e8ca8000065d6

Folder Deleted : C:\ProgramData\75f9c57600001064

Folder Deleted : C:\ProgramData\9d8b6bdf00007a6f

Folder Deleted : C:\ProgramData\d94af08700005d8b

Folder Deleted : C:\ProgramData\{9b08d1f1-2d15-19c1-9b08-8d1f12d147c4}

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader

Folder Deleted : C:\Program Files (x86)\Settings Manager

Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Appupdater

Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Ger\AppData\Local\SmartWeb

Folder Deleted : C:\Users\Ger\AppData\Local\FileViewPro

Folder Deleted : C:\Users\Ger\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Ger\AppData\LocalLow\SmartWeb

Folder Deleted : C:\Users\Ger\AppData\LocalLow\Booster-Web

Folder Deleted : C:\Users\Ger\AppData\Roaming\FirefoxToolbar

Folder Deleted : C:\Users\Ger\AppData\Roaming\goforfiles

Folder Deleted : C:\Users\Ger\AppData\Roaming\Solvusoft

Folder Deleted : C:\Users\Ger\AppData\Roaming\Store

Folder Deleted : C:\Users\Ger\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Ger\AppData\Roaming\webplayer

Folder Deleted : C:\Users\Ger\AppData\Roaming\WTools

Folder Deleted : C:\Users\Ger\AppData\Roaming\Booster-Web

Folder Deleted : C:\Users\Ger\Documents\Flash Player Pro

Folder Deleted : C:\Users\Guest\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Guest\AppData\LocalLow\Yahoo! Companion

Folder Deleted : C:\Users\Guest\Favorites\StumbleUpon

File Deleted : C:\END

File Deleted : C:\WINDOWS\System32\roboot64.exe

File Deleted : C:\Users\Ger\AppData\Roaming\aps.uninstall.scan.results

File Deleted : C:\Users\Ger\Desktop\Continue Live Installation.lnk

File Deleted : C:\Users\Guest\Desktop\SPEEDbit Video Downloader.lnk

File Deleted : C:\Users\Ger\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js

File Deleted : C:\Users\Ger\AppData\Roaming\Mozilla\Firefox\Profiles\fpw2frhb.default-1405555309375\user.js

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Deleted : HKLM\SOFTWARE\af41c27b-5758-0a54-b17c-1e878e7f41c5

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Bitberry Software

Key Deleted : HKCU\Software\GoforFiles

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\simplytech

Key Deleted : HKCU\Software\SocialBit

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\Store

Key Deleted : HKCU\Software\DriverSupport

Key Deleted : HKCU\Software\WTools

Key Deleted : HKCU\Software\Local AppWizard-Generated Applications

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\GoforFiles

Key Deleted : HKLM\SOFTWARE\SupDp

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\TBID

Key Deleted : HKLM\SOFTWARE\SpeedBit

Key Deleted : [x64] HKLM\SOFTWARE\TBID

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

 

[fpw2frhb.default-1405555309375\prefs.js] - Line Deleted : user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%2[...]

 

*************************

 

AdwCleaner[R0].txt - [10444 bytes] - [24/04/2015 21:19:07]

AdwCleaner[S0].txt - [10024 bytes] - [24/04/2015 21:22:00]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10084  bytes] ##########

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/24/2015

Scan Time: 9:31:42 PM

Logfile: MAM Scan Log 1.txt

Administrator: Yes

 

Version: 2.01.4.1018

Malware Database: v2015.04.24.08

Rootkit Database: v2015.04.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Ger

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 447236

Time Elapsed: 36 min, 12 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.Spigot.A, C:\Users\Ger\Desktop\Software 2014\YTDSetup.exe, Quarantined, [f375541c96f4de58ccfdc8606b957a86],

PUP.Optional.OpenCandy, C:\Users\Ger\Desktop\Software 2014\Softwares 2013\RealPlayer-aoc-jd.exe, Quarantined, [5d0b2749701a53e3711ebc72b254b947],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 25 April 2015 - 10:08 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Christelle2015

Christelle2015
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 25 April 2015 - 10:32 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02

Ran by Ger (administrator) on JE on 25-04-2015 11:28:31

Running from C:\Users\Ger\Desktop\Remove virus

Loaded Profiles: Ger (Available profiles: Ger & Jules & Guest)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)

HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {12be5f0f-9171-11e4-beec-4c72b9fb3488} - "D:\AutoRun.exe"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {77a1e4d6-3cce-11e4-bee3-4c72b9fb3488} - "D:\AutoRun.exe"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {87b0150e-7aa0-11e4-beea-4c72b9fb3488} - "D:\AutoRun.exe"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\MountPoints2: {d3a6eae1-dca7-11e4-bef9-4c72b9fb3488} - "D:\AutoRun.exe"

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/news/world/africa

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> {5B03F13E-D9C5-4365-AD5F-A85D1D23C08D} URL =

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)

Toolbar: HKU\S-1-5-21-2303896276-1334946689-739301612-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\Ger\AppData\Roaming\Mozilla\Firefox\Profiles\fpw2frhb.default-1405555309375

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-11-09] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-11-09] (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Ger\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-09]

FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-03-15]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

S4 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)

S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-24] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-21] (Realtek Semiconductor Corporation                           )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-25 10:01 - 2015-04-25 10:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2303896276-1334946689-739301612-1001

2015-04-24 23:05 - 2015-04-24 23:05 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk

2015-04-24 23:05 - 2015-04-24 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

2015-04-24 23:05 - 2015-04-24 23:05 - 00000000 ____D () C:\Program Files (x86)\Sophos

2015-04-24 22:46 - 2015-04-24 22:46 - 00001748 _____ () C:\Users\Ger\Desktop\JRT.txt

2015-04-24 22:43 - 2015-04-24 22:43 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JE-Windows-8.1-(64-bit).dat

2015-04-24 22:43 - 2015-04-24 22:43 - 00000000 ____D () C:\RegBackup

2015-04-24 21:19 - 2015-04-24 21:22 - 00000000 ____D () C:\AdwCleaner

2015-04-23 21:05 - 2015-04-25 11:28 - 00000000 ____D () C:\FRST

2015-04-21 12:13 - 2015-04-21 12:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-21 11:48 - 2015-04-21 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-04-21 10:52 - 2015-04-24 22:24 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-04-21 10:51 - 2015-04-21 14:06 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-04-21 10:51 - 2015-04-21 10:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-21 10:51 - 2015-04-21 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-21 10:51 - 2015-04-21 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-21 10:51 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-04-21 10:51 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-04-21 10:43 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-04-21 10:43 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-04-21 10:43 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-04-21 10:43 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-04-21 10:43 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-04-21 10:42 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-04-21 10:42 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-04-21 10:42 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-04-21 10:42 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-04-21 10:42 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-04-21 10:42 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-04-21 10:42 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-04-21 10:42 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-04-21 10:42 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-04-21 10:42 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-04-21 10:42 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-04-21 10:42 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-04-21 10:42 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-04-21 10:42 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-04-21 10:42 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-04-21 10:42 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-04-21 10:42 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-04-21 10:42 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-04-21 10:42 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-04-21 10:38 - 2015-04-25 11:28 - 00000000 ____D () C:\Users\Ger\Desktop\Remove virus

2015-04-20 21:52 - 2015-04-20 21:52 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2015-04-20 21:28 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2015-04-20 21:28 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2015-04-20 21:23 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-04-20 21:23 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-04-20 21:23 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-04-20 21:05 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-04-20 21:05 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-04-20 21:05 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll

2015-04-20 21:05 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-04-20 21:05 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll

2015-04-20 21:05 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2015-04-20 21:05 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll

2015-04-20 21:05 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll

2015-04-20 21:05 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe

2015-04-20 21:05 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe

2015-04-20 21:05 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll

2015-04-20 21:05 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll

2015-04-20 21:04 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll

2015-04-20 21:04 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

2015-04-20 21:04 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2015-04-20 21:04 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll

2015-04-18 02:31 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

2015-04-18 02:31 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll

2015-04-18 02:31 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll

2015-04-18 02:29 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2015-04-18 02:29 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2015-04-18 02:29 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2015-04-18 02:29 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll

2015-04-18 02:29 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll

2015-04-18 02:29 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2015-04-18 02:29 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-04-18 02:29 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2015-04-18 02:29 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2015-04-18 02:29 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2015-04-18 02:29 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2015-04-18 02:29 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2015-04-18 02:29 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2015-04-18 02:29 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2015-04-18 02:29 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2015-04-18 02:29 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2015-04-18 02:29 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2015-04-18 02:29 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2015-04-17 08:04 - 2015-04-17 08:04 - 00000000 ____D () C:\Users\Ger\Desktop\Compilation Ivoirienne

2015-04-17 04:31 - 2015-04-17 05:09 - 00000000 ____D () C:\Users\Ger\Desktop\DDR Congo

2015-04-07 07:30 - 2015-04-07 18:40 - 00000000 ____D () C:\Users\Ger\Desktop\BETHEL

2015-04-06 08:18 - 2015-04-06 08:19 - 00000000 ___SD () C:\WINDOWS\system32\GWX

2015-04-06 08:18 - 2015-04-06 08:18 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

2015-04-06 08:06 - 2015-04-23 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-06 08:06 - 2015-04-06 08:06 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-04-06 08:06 - 2015-04-06 08:06 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-04-06 07:40 - 2015-04-06 07:40 - 00243312 _____ () C:\Users\Ger\Downloads\Firefox Setup Stub 37.0.1.exe

2015-04-04 19:43 - 2015-04-08 08:46 - 00000000 ____D () C:\Users\Ger\Desktop\Associate Expert

2015-04-02 04:24 - 2015-04-02 04:24 - 00003584 _____ () C:\Users\Ger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-03-26 21:08 - 2015-04-24 22:10 - 00123378 _____ () C:\WINDOWS\PFRO.log

2015-03-26 21:08 - 2015-04-24 22:10 - 00012541 _____ () C:\WINDOWS\setupact.log

2015-03-26 21:08 - 2015-03-26 21:08 - 00000000 _____ () C:\WINDOWS\setuperr.log

2015-03-26 20:20 - 2015-03-26 20:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Ger\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-26 19:49 - 2015-04-25 10:52 - 01420124 _____ () C:\WINDOWS\WindowsUpdate.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-25 11:11 - 2013-07-26 14:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-04-25 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-04-25 10:48 - 2013-01-07 05:19 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-25 09:58 - 2014-07-02 01:49 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F3A9FC54-B68D-45F5-931A-8AABB46D9672}

2015-04-25 09:57 - 2013-01-07 05:19 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-24 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-04-24 22:10 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-04-24 22:09 - 2014-05-03 11:16 - 00000000 ____D () C:\Users\Ger\Desktop\Software 2014

2015-04-23 18:59 - 2014-03-18 06:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-04-21 13:43 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat

2015-04-21 13:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-04-21 13:10 - 2012-12-19 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-21 13:08 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-04-21 11:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore

2015-04-21 11:28 - 2015-03-24 19:54 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\rQWlqpB

2015-04-21 11:28 - 2015-03-24 19:54 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\Obr9JiL

2015-04-21 11:28 - 2015-03-24 19:54 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\e7nEfdf

2015-04-21 10:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-04-20 21:52 - 2015-03-12 21:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-04-20 21:51 - 2013-07-24 17:30 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-04-20 21:48 - 2012-12-21 14:39 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-04-20 21:46 - 2014-09-11 23:03 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-04-20 21:46 - 2013-06-02 15:11 - 00000000 ____D () C:\ProgramData\Skype

2015-04-20 21:46 - 2012-07-26 01:26 - 00000304 _____ () C:\WINDOWS\win.ini

2015-04-20 21:04 - 2013-07-26 14:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-04-18 02:39 - 2015-01-21 21:09 - 00000000 ____D () C:\Users\Ger\Desktop\Mariage

2015-04-15 17:25 - 2014-11-11 19:42 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

2015-04-13 19:24 - 2013-08-22 11:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-04-13 19:24 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-11 19:26 - 2014-06-06 15:57 - 00000000 ____D () C:\Users\Ger\Desktop\Cabinet CECRAB

2015-04-11 16:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-04-10 05:20 - 2014-04-04 11:23 - 00000000 ____D () C:\Users\Ger\Desktop\OI 2014

2015-04-06 18:57 - 2014-07-02 01:03 - 00000000 ____D () C:\Users\Ger

2015-04-03 06:46 - 2014-04-04 11:22 - 00000000 ____D () C:\Users\Ger\Desktop\Perso

2015-03-26 21:08 - 2013-05-15 12:34 - 00000000 ____D () C:\WINDOWS\Downloaded Installations

2015-03-26 21:07 - 2015-02-24 20:19 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\RilEA6s

2015-03-26 21:07 - 2015-01-25 16:59 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\D97B4ux

2015-03-26 19:27 - 2013-01-01 02:11 - 00000000 ____D () C:\Users\Ger\AppData\Roaming\uTorrent

 

==================== Files in the root of some directories =======

 

2015-03-25 19:21 - 2015-03-25 19:21 - 0000000 _____ () C:\Users\Ger\AppData\Local\.a852.db

2015-04-02 04:24 - 2015-04-02 04:24 - 0003584 _____ () C:\Users\Ger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-14 22:27 - 2014-09-14 22:27 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-07-24 00:18 - 2014-07-24 00:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2014-09-13 23:40 - 2014-09-13 23:48 - 0000830 _____ () C:\ProgramData\hpzinstall.log

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-04-24 22:58

 

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015 02

Ran by Ger at 2015-04-25 11:29:32

Running from C:\Users\Ger\Desktop\Remove virus

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2303896276-1334946689-739301612-500 - Administrator - Disabled)

Ger (S-1-5-21-2303896276-1334946689-739301612-1001 - Administrator - Enabled) => C:\Users\Ger

Guest (S-1-5-21-2303896276-1334946689-739301612-501 - Limited - Enabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-2303896276-1334946689-739301612-1003 - Limited - Enabled)

Jules (S-1-5-21-2303896276-1334946689-739301612-1005 - Limited - Enabled) => C:\Users\Jules

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)

4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

C501 Checkers 1.1.3 (HKLM-x32\...\{7B35966E-246C-4D0B-98E8-53F1F1C9D5F5}_is1) (Version:  - Congelli 501 / Colin GILLE)

CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)

Checkers (HKLM-x32\...\{739E66B1-1B80-4F3F-8D19-342A89631E1A}_is1) (Version:  - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)

Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)

TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)

Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)

Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

USB Driver (HKLM-x32\...\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}) (Version:  - )

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2303896276-1334946689-739301612-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ger\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

09-04-2015 16:41:37 Windows Update

17-04-2015 05:33:30 Scheduled Checkpoint

20-04-2015 20:49:08 Windows Update

20-04-2015 20:52:19 Windows Modules Installer

24-04-2015 23:05:00 Installed Sophos Virus Removal Tool.

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-02-24 22:30 - 2015-02-24 22:30 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {03758832-5036-4098-9752-EEC7C657B935} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {058A0F87-2FF5-4334-8EA5-4F541015B842} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {1789EA55-41AE-4CB8-B300-FD08E4DDE704} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe

Task: {1E445305-EFA8-456C-B134-A35BC83A437F} - System32\Tasks\{977F5A27-CEEA-4BD0-BCED-C23DB15F8F48} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {20B4F8D8-7890-46A0-8308-9E9156114D4E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {31042B4C-C598-4B29-B550-1104904F7D22} - System32\Tasks\{8A6FDC99-B16A-492C-94C7-1D300681ED36} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {321C6D22-9F23-4102-A294-15A1F596CEBA} - System32\Tasks\{410D5053-6755-4A7B-956A-C9E45EBAC278} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {364B115D-F160-46F5-9219-7DD2F3C4250A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {37D84C64-5460-493D-8785-DE74C110BD98} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)

Task: {3E2AFB72-2311-4C1E-9A9A-9C1114BA7571} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {41CBCE1C-1D4F-41AB-A572-9F881DCED62A} - System32\Tasks\{BA9262E3-6C43-430D-90D8-1B1875570BB8} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {41FE982A-3B74-4521-A900-9CD4B1880730} - System32\Tasks\Tke7zRUFAjNS8kO => C:\Users\Ger\AppData\Roaming\Obr9JiL\xue6keo.exe

Task: {4C4FC9EA-92BB-4343-B20D-91BE62E9A1BD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {547F85A8-8EE9-49F4-95BB-289735C78572} - System32\Tasks\{5AC9D935-8B5B-46CF-AE77-146119723531} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {54C25B36-27F0-4F39-8B22-83104B3CD223} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)

Task: {587C11B0-932B-457B-A755-CC082B8FB353} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)

Task: {594A7A05-975E-4CCD-B8F0-AAE6489A3FFF} - System32\Tasks\{EF11E685-39C1-4FE0-8A1A-B1A9F790B9AF} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {6DD28B8E-6DED-4279-93A4-FD20BC1589C1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)

Task: {7543B23C-4FB4-477B-8C9A-ACC22A12749F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-20] (Microsoft Corporation)

Task: {75D2F593-205F-459D-96D9-D2274B5EA281} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2303896276-1334946689-739301612-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe

Task: {862A2D7B-3076-4AC8-97EE-4E154ACAAED1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)

Task: {9B66F7A6-04EF-45B1-94E0-1AF43C02E04A} - System32\Tasks\{BD9FAB71-C83A-4EFB-A206-0947754AC9A0} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {9D763F69-7728-4421-9956-7F60A2BA7B7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {A4AB3942-3779-49B5-83AE-00BAA05C1CB8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)

Task: {A861BFF5-F742-4423-B67F-E16E6FCAE934} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)

Task: {AC7A09AC-579C-4F69-ABF6-D61BF8C2BD33} - System32\Tasks\UlXlvtUrFbuL3e0 => C:\Users\Ger\AppData\Roaming\e7nEfdf\r27Aieg.exe

Task: {B179754E-DFD6-4355-9E3A-06BB7D5481A2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)

Task: {B5E9BB78-6273-480D-9013-3129A9247F4D} - System32\Tasks\{801241BC-6ED3-4F35-A236-806655E2E032} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {BF7C6FB7-9A5C-4B3C-A0D3-D216DF5BAC1B} - System32\Tasks\{BFE8C0E3-77A1-4CF2-9401-E32536D9E403} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.259/fr/abandoninstall?page=tsProgressBar

Task: {CA91AA2D-1AA6-4B35-867D-0E74B80F6A37} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {E2BE4ECD-72E4-4445-8DED-2B5A5D1A4C51} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe

Task: {F13D6D24-E111-485D-8160-D8F7933FB4E9} - System32\Tasks\XmAEGq1fzfmUWWZ => C:\Users\Ger\AppData\Roaming\rQWlqpB\TBYfMr2.exe

Task: {FEBDA78A-799D-4C62-B71B-D87C25813715} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2303896276-1334946689-739301612-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A

AlternateDataStreams: C:\Users\Ger\OneDrive:ms-properties

AlternateDataStreams: C:\Users\Ger\AppData\Roaming\Microsoft\Windows\Start Menu\CNN.website:TASKICON_0favicon.ie9-704105598

AlternateDataStreams: C:\Users\Ger\AppData\Roaming\Microsoft\Windows\Start Menu\CNN.website:TASKICON_1favicon-953613648

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\medtech-itsupport.com -> hxxp://www.medtech-itsupport.com

IE restricted site: HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\mystart.com -> hxxp://www.mystart.com

IE restricted site: HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\trovi.com -> hxxp://www.trovi.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ger\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"

HKLM\...\StartupApproved\Run: => "Eraser"

HKLM\...\StartupApproved\Run32: => "TPUReg"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"

HKLM\...\StartupApproved\Run32: => "t4pc_en_8"

HKLM\...\StartupApproved\Run32: => "HP Software Update"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP ENVY 4500 series.lnk"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

HKU\S-1-5-21-2303896276-1334946689-739301612-1001\...\StartupApproved\Run: => "Skype"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/25/2015 10:57:01 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/25/2015 10:42:50 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (04/25/2015 09:58:29 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336

Exception code: 0xc0000374

Fault offset: 0x00000000000f0f20

Faulting process id: 0x304

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/24/2015 11:10:07 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

 

Error: (04/24/2015 11:10:05 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

 

Error: (04/24/2015 11:07:42 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

 

Error: (04/24/2015 11:07:40 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

 

Error: (04/24/2015 11:07:08 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

 

Error: (04/24/2015 10:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336

Exception code: 0xc0000374

Fault offset: 0x00000000000f0f20

Faulting process id: 0x5d8

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

Error: (04/24/2015 09:27:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31

Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336

Exception code: 0xc0000374

Fault offset: 0x00000000000f0f20

Faulting process id: 0x5ec

Faulting application start time: 0xTPCHSrv.exe0

Faulting application path: TPCHSrv.exe1

Faulting module path: TPCHSrv.exe2

Report Id: TPCHSrv.exe3

Faulting package full name: TPCHSrv.exe4

Faulting package-relative application ID: TPCHSrv.exe5

 

 

System errors:

=============

Error: (04/25/2015 10:00:27 AM) (Source: DCOM) (EventID: 10010) (User: JE)

Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

 

Error: (04/25/2015 09:58:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The TPCH Service service terminated unexpectedly.  It has done this 2 time(s).

 

Error: (04/25/2015 09:55:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

 

Error: (04/24/2015 11:10:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

 

Error: (04/24/2015 11:10:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

 

Error: (04/24/2015 11:10:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

 

Error: (04/24/2015 11:10:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

 

Error: (04/24/2015 11:10:57 PM) (Source: DCOM) (EventID: 10010) (User: JE)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

 

Error: (04/24/2015 11:10:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

 

Error: (04/24/2015 10:43:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (04/25/2015 10:57:01 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

 

Error: (04/25/2015 10:42:50 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

 

Error: (04/25/2015 09:58:29 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f2030401d07f5fe747c42eC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll267c701c-eb53-11e4-bf00-4c72b9fb3488

 

Error: (04/24/2015 11:10:07 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (04/24/2015 11:10:05 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (04/24/2015 11:07:42 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (04/24/2015 11:07:40 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (04/24/2015 11:07:08 PM) (Source: MsiInstaller) (EventID: 11606) (User: JE)

Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (04/24/2015 10:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f205d801d07efd6bf20732C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dllac4f0871-eaf0-11e4-bf00-4c72b9fb3488

 

Error: (04/24/2015 09:27:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f205ec01d07ef6f4ca94f1C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dll355b6f65-eaea-11e4-beff-4c72b9fb3488

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-04-24 22:58:55.389

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-24 22:34:03.935

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-24 22:34:03.794

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-24 21:20:51.636

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-24 21:20:51.500

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-23 22:44:58.908

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 14:17:52.661

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 14:17:52.505

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 13:31:03.601

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-21 10:45:47.555

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz

Percentage of memory in use: 34%

Total physical RAM: 3979.22 MB

Available physical RAM: 2613.52 MB

Total Pagefile: 4683.22 MB

Available Pagefile: 2915.02 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (TI10648300K) (Fixed) (Total:455.2 GB) (Free:344.13 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 25 April 2015 - 10:35 AM

Could you please attach the logs? Thanks!
 
attachlogs.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Christelle2015

Christelle2015
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 25 April 2015 - 10:43 AM

Log files

Attached Files



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 25 April 2015 - 10:53 AM

Please attach the txt versions. You use MS Word, this format is difficult to read for me.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Christelle2015

Christelle2015
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 25 April 2015 - 11:15 AM

.txt files

Attached Files



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 25 April 2015 - 11:37 AM

Thank you very much! :)

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    C:\Users\Ger\AppData\Roaming\Obr9JiL
    C:\Users\Ger\AppData\Roaming\e7nEfdf
    C:\Users\Ger\AppData\Roaming\rQWlqpB\
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    GroupPolicy: Group Policy on Chrome detected 
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    Task: {41FE982A-3B74-4521-A900-9CD4B1880730} - System32\Tasks\Tke7zRUFAjNS8kO => C:\Users\Ger\AppData\Roaming\Obr9JiL\xue6keo.exe
    Task: {AC7A09AC-579C-4F69-ABF6-D61BF8C2BD33} - System32\Tasks\UlXlvtUrFbuL3e0 => C:\Users\Ger\AppData\Roaming\e7nEfdf\r27Aieg.exe
    Task: {F13D6D24-E111-485D-8160-D8F7933FB4E9} - System32\Tasks\XmAEGq1fzfmUWWZ => C:\Users\Ger\AppData\Roaming\rQWlqpB\TBYfMr2.exe
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Christelle2015

Christelle2015
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 25 April 2015 - 05:06 PM

Log files

Attached Files



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:09 PM

Posted 26 April 2015 - 09:15 AM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.45KB   3 downloads



lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users