Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThus Log file - request for analysis please


  • This topic is locked This topic is locked
14 replies to this topic

#1 bahjan17

bahjan17

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 31 May 2015 - 07:48 AM

Hi,

 

I am new to the forum as a member although I have surfed here before.

 

I was hit by a Torjan virus - (my own dumb fault) - immediately disconnected from Internet - I ran the following scans while disconnected:

 

VirpreResucue (in Safe Mode)  according to log deleted 

 

Trojan.Win32.Generic.pak!cobra  ID 4657539

WGA remover  BehavesLike.Win32.Malware.kitb(mx-v)  ID 4726274

Trojan.Win32.Generic!BT  ID 4150696

 

Emisoft Emergency Kit - removed what it found

 

AdwCleaner -  found/removed 

C:\Windows\SusWOW64 \Search Protect

c:\Windowssystem32\tasks\GoForFiles

c:\Users\***\AppData\Roaming\newnext.me

Also removed Ffirefox\Profiles\ ****.default\prefs.js  and Google default prefernces

 

Then ran  latest Sophos Virus Removal Tool  which told me my system was clean -  is that true? 

I have the following log file produced by Hijackthis.  Having a Windows7 64Bit  Hijackthis was not able to gain access to the Hosts file - should I be worried about this?  As far as I can remeber the Trojan I picked up was the type that execute sneaky protocols to hide from Antivirus/Malware scans and can reinfect the system.  For that reason I am here on a different machine...Unfortunately, the one thing I didn't note of the exact name of the nasty,  but was something like 'avast.exe' (which is was what fooled me.)

 

Concerned if my router breached, I have checked my router with another machine  using ShieldsUP!  utility says everything is fine - so I assume it is.  The only reason I ask is this machine says it's connected via a routers cable to a wifi repeater, rather than my infected machine which was connecting via LAN/WAN, down the router cable.  I haven't dared reconnect my attacked equipment to the net.  I checked the router settings for DNS changes  but all addresses checked out, so am I just being paranoid?   But as the saying goes, 'better safe than sorry'    By the way,  I surf the web using Firefox inside Sandboxie, unfortunately was infected just after boot up - by a message New service detected  'do you want X to run?'  Message just after boot up.  Broke the cardinal rule, if in doubt click 'no' - yes, I know I'm an idiot........Thanks in advance.

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:23:11, on 30/05/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)

FIREFOX: 38.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE
I:\Sophos\HijackThis (17-45).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\PROGRA~2\Ontrack\Fix-It\mxtask.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9871 bytes


Edited by bahjan17, 31 May 2015 - 12:32 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 02 June 2015 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

p.s.
HijackThis is no longer supported.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 bahjan17

bahjan17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 03 June 2015 - 11:27 AM

Hi nasdaq,

 

Here's the mbam log file:  ( I scanned in normal mode not Safe Mode)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 03/06/2015
Scan Time: 16:42:41
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356936
Time Elapsed: 30 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ConduitSearch.A, HKU\S-1-5-21-543730625-1147475543-2362608401-1000\SOFTWARE\Conduit_Search_Protect, , [d17effb7ec9ea5913f596a89a261ee12],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.OpenCandy, C:\Users\LdeF\Downloads\SetupImgBurn_2.5.8.0(1).exe, , [1c33288e73179a9c911bca90bf47c43c],
PUP.Optional.OpenCandy, C:\Users\LdeF\Downloads\SetupImgBurn_2.5.8.0.exe, , [94bb6c4a03872c0a5656b3a783834cb4],
PUP.Optional.Bubbledock.A, C:\Users\LdeF\AppData\Roaming\Bubble Dock.boostrap.log, , [5bf49026c2c889ad1d55827738cb8779],
PUP.Optional.Bubbledock.A, C:\Users\LdeF\AppData\Roaming\Bubble Dock.installation.log, , [113e74420a807bbb4b273ebb37cce917],

Physical Sectors: 0
(No malicious items detected)


(end)

 

All 5 Quarantined with no removal issues reported.

I recognise Imgburn 2.5.8.0  as a legit programme (or at least I believe so) - but quarantined anyway.


Edited by bahjan17, 03 June 2015 - 11:57 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 03 June 2015 - 01:10 PM

All 5 Quarantined with no removal issues reported.
I recognise Imgburn 2.5.8.0 as a legit programme (or at least I believe so) - but quarantined anyway.


Imgburn comes bundled with unwanted programs.
What was removed is the installer.

We must remove what was installed.

Download and run the Farbar tools as previously suggested.

Post the logs for my review.

#5 bahjan17

bahjan17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 04 June 2015 - 08:31 AM

Hi nasdaq,

Two scan Logs generated by  Farbar 64 bit:

 

Scan 1:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by **** (administrator) on****-TOSHIBA on 04-06-2015 14:09:22
Running from C:\Users\***\Downloads
Loaded Profiles: **** (Available Profiles:****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ontrack Data International) C:\Program Files (x86)\Ontrack\Fix-It\mxtask.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Ontrack Data International, Inc.) C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-22] (BillP Studios)
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [666384 2012-02-08] (SANDBOXIE L.T.D)
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-09-01]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-09-01]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-03] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-543730625-1147475543-2362608401-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {8995EACF-AB49-451C-AD97-8BC323680E06} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8995EACF-AB49-451C-AD97-8BC323680E06} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {9BB2D01E-B9EE-417A-919D-B964539B3B11} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-543730625-1147475543-2362608401-1000 -> {4952E085-AF2E-415F-8A9B-D4D7BDEFCC40} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-543730625-1147475543-2362608401-1000 -> {8995EACF-AB49-451C-AD97-8BC323680E06} URL =
SearchScopes: HKU\S-1-5-21-543730625-1147475543-2362608401-1000 -> {9BB2D01E-B9EE-417A-919D-B964539B3B11} URL =
SearchScopes: HKU\S-1-5-21-543730625-1147475543-2362608401-1000 -> {D1BB18F4-E0CB-4B9B-972B-910AE184754C} URL = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-04-12] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-12] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6sbi35pn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Extension: VideoSurf Videos at a Glance - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6sbi35pn.default\Extensions\videosurf_enhanced@videosurf.com [2011-03-11]
FF Extension: ColorfulTabs - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6sbi35pn.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-05-26]
FF Extension: The Addon Bar (restored) - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6sbi35pn.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-01-07]
FF Extension: NoScript - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6sbi35pn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]
FF Extension: Video DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6sbi35pn.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-14]
FF Extension: QuickJava - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\6sbi35pn.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-01-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-25]

Chrome:
=======
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-21] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-04-05] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-03] (Avast Software s.r.o.)
R2 Fix-It Task Manager; C:\Program Files (x86)\Ontrack\Fix-It\mxtask.exe [118784 2001-07-31] (Ontrack Data International) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [97552 2012-02-08] (SANDBOXIE L.T.D)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-05-29] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-03] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-03] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-29] (Emsisoft GmbH)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-04-05] (Emsisoft GmbH)
S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2010-08-25] (Paragon Software Group)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161432 2012-02-08] (SANDBOXIE L.T.D)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-08-25] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-08-25] (Paragon)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 14:09 - 2015-06-04 14:09 - 00019093 _____ () C:\Users\****\Downloads\FRST.txt
2015-06-04 14:09 - 2015-06-04 14:09 - 00000000 ____D () C:\FRST
2015-06-03 17:51 - 2015-06-03 17:51 - 02108928 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2015-06-03 16:40 - 2015-06-03 16:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 16:40 - 2015-06-03 16:40 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-03 16:40 - 2015-06-03 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-03 16:39 - 2015-06-03 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-03 16:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-03 16:39 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 16:39 - 2015-05-31 16:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-****-TOSHIBA-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 16:39 - 2015-05-31 16:39 - 00000000 ____D () C:\RegBackup
2015-05-31 13:35 - 2015-05-31 13:35 - 00000000 __SHD () C:\Users\****\AppData\Local\EmieBrowserModeList
2015-05-30 18:50 - 2015-05-30 18:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-30 18:16 - 2015-05-30 18:16 - 00000000 ____D () C:\Users\****\AppData\Roaming\Malwarebytes
2015-05-30 11:21 - 2015-05-30 11:21 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-30 11:18 - 2015-05-30 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-30 11:18 - 2015-05-30 11:18 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-29 13:37 - 2013-09-04 14:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-05-29 13:37 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-05-29 13:36 - 2015-05-29 20:28 - 00000000 ____D () C:\VIPRERESCUE
2015-05-29 13:32 - 2015-05-31 17:35 - 00000000 ____D () C:\EEK
2015-05-26 10:59 - 2015-05-26 10:59 - 00000000 ____D () C:\Program Files\avast software
2015-05-18 14:32 - 2015-05-18 14:31 - 00965433 _____ () C:\Users\****\Downloads\f5885449u14863.zip
2015-05-18 12:46 - 2015-05-18 12:46 - 01191719 _____ () C:\Users\****\Downloads\f5885449u14856.zip
2015-05-14 11:49 - 2015-05-01 14:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 11:49 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 11:46 - 2015-04-22 03:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 11:46 - 2015-04-22 02:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 11:46 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 11:46 - 2015-04-21 18:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 11:46 - 2015-04-21 18:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 11:46 - 2015-04-21 17:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 11:46 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 11:46 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 11:46 - 2015-04-21 17:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 11:46 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 11:46 - 2015-04-21 17:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 11:46 - 2015-04-21 17:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 11:46 - 2015-04-21 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 11:46 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 11:46 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 11:46 - 2015-04-21 17:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 11:46 - 2015-04-21 17:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 11:46 - 2015-04-21 17:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 11:46 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 11:46 - 2015-04-21 17:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 11:46 - 2015-04-21 17:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 11:46 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 11:46 - 2015-04-21 17:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 11:46 - 2015-04-21 17:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 11:46 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 11:46 - 2015-04-21 17:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 11:46 - 2015-04-21 17:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 11:46 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 11:46 - 2015-04-21 17:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 11:46 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 11:46 - 2015-04-21 17:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 11:46 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 11:46 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 11:46 - 2015-04-21 17:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 11:46 - 2015-04-21 17:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 11:46 - 2015-04-21 17:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 11:46 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 11:46 - 2015-04-21 16:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 11:46 - 2015-04-21 16:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 11:46 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 11:46 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 11:46 - 2015-04-21 16:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 11:46 - 2015-04-21 16:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 11:46 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 11:46 - 2015-04-21 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 11:46 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 11:46 - 2015-04-21 16:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 11:46 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 11:46 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 11:46 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 11:46 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 11:46 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 11:46 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 11:46 - 2015-04-21 16:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 11:46 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 11:46 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 11:46 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 11:46 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 11:46 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 11:46 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 11:17 - 2015-04-13 04:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 11:07 - 2015-05-14 11:07 - 01332872 _____ (Ruiware) C:\Users\****\Downloads\wpsetup.exe
2015-05-14 10:52 - 2015-05-05 02:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 10:52 - 2015-05-05 02:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 10:52 - 2015-04-20 04:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 10:52 - 2015-04-20 04:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 10:52 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 10:52 - 2015-04-20 03:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 10:52 - 2015-04-18 04:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 10:52 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 10:52 - 2015-04-04 04:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 10:52 - 2015-04-04 04:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 10:52 - 2015-04-04 04:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 10:52 - 2015-04-04 04:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 10:52 - 2015-04-04 04:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 10:52 - 2015-04-04 04:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 10:52 - 2015-04-04 04:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 10:52 - 2015-04-04 04:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 10:52 - 2015-04-04 04:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 10:52 - 2015-04-04 04:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 10:52 - 2015-04-04 04:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 10:52 - 2015-04-04 04:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 10:52 - 2015-04-04 04:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 10:52 - 2015-04-04 04:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 10:52 - 2015-04-04 04:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 10:52 - 2015-04-04 04:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 10:52 - 2015-04-04 04:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 10:52 - 2015-04-04 04:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 10:52 - 2015-04-04 04:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 10:52 - 2015-04-04 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 10:52 - 2015-04-04 03:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 10:50 - 2015-04-08 04:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 10:50 - 2015-04-08 04:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 10:50 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 10:50 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 10:50 - 2015-02-18 08:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 14:03 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 14:03 - 2009-07-14 05:45 - 00016304 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 13:59 - 2010-11-24 18:36 - 01513322 _____ () C:\Windows\WindowsUpdate.log
2015-06-04 13:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-04 13:54 - 2009-07-14 05:51 - 00197983 _____ () C:\Windows\setupact.log
2015-06-04 13:52 - 2014-06-05 09:27 - 00014054 _____ () C:\Windows\PFRO.log
2015-06-04 13:52 - 2011-01-11 12:45 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-06-03 17:51 - 2009-07-14 06:13 - 00714818 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-03 17:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-06-03 17:33 - 2015-02-08 15:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 16:45 - 2011-01-11 19:05 - 00000000 ___RD () C:\Users\****\Desktop\anit-maleware
2015-06-03 16:39 - 2011-01-25 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-03 16:38 - 2012-07-09 18:19 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-31 17:19 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-31 14:23 - 2011-01-11 12:45 - 00000000 ____D () C:\Users\****\Documents\Anti-Malware
2015-05-30 18:42 - 2011-01-11 13:16 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-30 18:13 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-30 14:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-05-29 21:13 - 2014-03-09 18:07 - 00000000 ____D () C:\AdwCleaner
2015-05-29 15:31 - 2011-01-13 18:34 - 00000000 ____D () C:\Users\****\Downloads\WGA remover
2015-05-28 10:50 - 2011-01-11 13:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-23 11:25 - 2014-11-11 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-23 11:21 - 2015-02-08 15:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-23 11:21 - 2014-11-06 12:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-23 11:21 - 2014-11-06 12:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-18 14:56 - 2009-07-14 08:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-17 15:02 - 2011-08-16 11:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\Audacity
2015-05-14 14:38 - 2013-02-27 14:33 - 00000000 ____D () C:\video
2015-05-14 12:22 - 2013-07-13 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 12:14 - 2011-01-11 19:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 12:01 - 2013-01-26 12:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 12:01 - 2013-01-26 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 12:00 - 2009-07-14 08:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 11:49 - 2013-01-26 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 11:02 - 2009-07-14 05:45 - 00266992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-11 14:02 - 2011-12-14 12:01 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

==================== Files in the root of some directories =======

2014-02-17 13:28 - 2014-02-17 13:28 - 0000007 _____ () C:\Users\****\AppData\Local\~wmrg

Some files in TEMP:
====================
C:\Users\****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfe4ifv.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-30 14:43

==================== End of log ============================

 

Scan 2:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by bahjan17 at 2015-06-04 14:10:23
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-543730625-1147475543-2362608401-500 - Administrator - Disabled)
Guest (S-1-5-21-543730625-1147475543-2362608401-501 - Limited - Disabled)
****(S-1-5-21-543730625-1147475543-2362608401-1000 - Administrator - Enabled) => C:\Users\****

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon MP3 Downloader 1.0.9 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
Amazon.co.uk (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version:  - Amazon EU S.a.r.L.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{60A62452-6A08-4C51-8040-48351D850E9C}) (Version: 0.9.10 - Kovid Goyal)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MP Navigator 1.0 (HKLM-x32\...\MP Navigator 1.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.5.2014 - Georgy Berdyshev)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DVD Identifier (HKLM-x32\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.0 - Emsi Software GmbH)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version:  - )
Google Talk (remove only) (HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Jarte 4.2 (HKLM-x32\...\Jarte_is1) (Version: 4.2 - Carolina Road Software L.L.C.)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mobo Genie Removal Tool (HKLM-x32\...\Mobo Genie Removal Tool_is1) (Version: build_1.0.0.150_rev_3314_date_09:49:21 10-02-14 - Security Stronghold)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{e6de6d0e-c5e4-446a-ae6f-66b4cf69be4b}) (Version:  - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.25002 - Nero AG)
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version:  - )
Ontrack® Fix-It Utilities 4.0 (HKLM-x32\...\{4DFC423E-1E7B-4F72-AC00-E2FA164D62C4}) (Version: 4.0.0.12 - ONTRACK® Data International, Inc.)
Paragon Backup & Recovery™ 2010 Free Advanced (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
PlanMaker Viewer (HKLM-x32\...\PlanMaker Viewer) (Version:  - SoftMaker Software GmbH)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
PowerDesk 4.0 (HKLM-x32\...\PowerDesk4.0) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Sandboxie 3.64 (64-bit) (HKLM\...\Sandboxie) (Version: 3.64 - SANDBOXIE L.T.D)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
TitleWriter (HKLM-x32\...\TitleWriter) (Version:  - )
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.33 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.10C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{DBB7021A-3437-446F-ACE5-7261644A972C}) (Version: 3.33 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.14.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.5.2014.1 - BillP Studios)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-543730625-1147475543-2362608401-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

03-05-2015 14:40:16 avast! antivirus system restore point
14-05-2015 10:52:47 Windows Update
14-05-2015 11:17:42 Windows Update
14-05-2015 11:46:27 Windows Update
14-05-2015 12:13:24 Windows Update
30-05-2015 11:17:57 Installed Sophos Virus Removal Tool.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E95ECA8-5E16-47DC-8973-A319366861E9} - System32\Tasks\{880E6F3D-EA20-4F26-AF7A-C1C4480F0688} => C:\Users\****\Desktop\Calisto.exe
Task: {14C262B5-2A62-4AB7-84D2-8E20E9B0157E} - System32\Tasks\{32B5B297-6363-4316-AD6D-8BE202314F7B} => C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE [2011-01-11] (Ontrack Data International, Inc.)
Task: {245083E5-05B4-4133-B1B3-183B2E800599} - System32\Tasks\{4A8CF04F-35AB-4A6A-8DBB-BCA436892A20} => C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE [2011-01-11] (Ontrack Data International, Inc.)
Task: {34A6AF01-7C97-4767-90CE-75BD6EBE966E} - System32\Tasks\{EC2EDA30-A508-4199-84BA-82B5821FC59A} => C:\Users\****\Desktop\Calisto.exe
Task: {3ED28242-F2DB-443D-B054-3FD6510DCC20} - System32\Tasks\{5C3FC71F-FA58-4F49-9732-3D9E34D0EE2E} => C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE [2011-01-11] (Ontrack Data International, Inc.)
Task: {4061ECA4-E239-4C9A-AC43-13DB1A81D9C6} - System32\Tasks\{C008008F-3588-4B07-A193-AF2C26AB2EFA} => C:\Program Files (x86)\Ontrack\Fix-It\Fix-It.exe [2001-08-01] (Ontrack Data International)
Task: {43E08E4A-81A5-46D6-8A24-7F4FD9C8B675} - System32\Tasks\{EA659344-BCA2-49D1-BD62-DD3B4A9041D5} => C:\Users\****\Desktop\Calisto.exe
Task: {6719081E-3F0C-44AC-9CB3-C7A0CE77860C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {6A4F2258-0879-4401-90BC-0A46CF8CE459} - System32\Tasks\{A66AB419-4E8E-4C96-A8BB-1259C571B88A} => C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE [2011-01-11] (Ontrack Data International, Inc.)
Task: {878A184A-9196-4CBE-950A-E1DDE9B60400} - System32\Tasks\{93DDEA28-1A29-4E02-B274-140FED4D35E0} => C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE [2011-01-11] (Ontrack Data International, Inc.)
Task: {97384E62-F493-42C3-8BDD-D7E7339C91AE} - System32\Tasks\{7F9D24F3-6BA0-4A57-94AF-E797DA7442B4} => C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE [2011-01-11] (Ontrack Data International, Inc.)
Task: {A2BB503A-E16C-482B-9BC7-BC97C1F7A98A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-12] (Microsoft Corporation)
Task: {BB6A8086-AF7E-4E98-BDE2-1893DEDD84DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated)
Task: {D6B51754-5F62-4D37-8119-04BF589A9E8D} - System32\Tasks\{0B5D3CF3-26D8-4A8B-B63B-4A4A9E96FE77} => C:\Program Files (x86)\Ontrack\Fix-It\Fix-It.exe [2001-08-01] (Ontrack Data International)
Task: {E83DB27B-C644-4D17-994D-B20F40051E3C} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {EC3B66F4-F093-444D-A71F-706DCAF6903C} - System32\Tasks\{9A8484BF-2C5B-45E6-9851-A1D8EE1C3A2C} => C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE [2011-01-11] (Ontrack Data International, Inc.)
Task: {F7A6D5BE-3C1E-440A-BF71-04D534F20228} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-03] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-03 14:41 - 2015-05-03 14:41 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-05-03 14:41 - 2015-05-03 14:41 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-06-03 16:38 - 2015-06-03 16:38 - 02951680 _____ () C:\Program Files\Alwil Software\Avast5\defs\15060300\algo.dll
2011-01-11 13:08 - 2014-02-18 04:46 - 00643948 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2015-03-20 12:52 - 2015-03-20 12:52 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-543730625-1147475543-2362608401-1000\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-543730625-1147475543-2362608401-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{04C6AA1A-8C50-4594-AE70-4849F7400F9A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{42B2942E-9F02-4805-BDBD-5E2FFA67F407}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{F1CF6405-B3B0-481D-B536-85CB7927FD81}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8A6590DC-5017-4310-AB28-D0544598ECD4}] => (Allow) svchost.exe
FirewallRules: [{F92286AA-AE6E-4640-AD5F-A7CD027C0857}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF798CF9-FA43-4672-A1EB-ADFE335F0395}] => (Allow) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
FirewallRules: [{F3495733-A733-4631-91FB-79CDD248A1DD}] => (Allow) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
FirewallRules: [{FF83BCCC-7095-4E7D-A099-024784897AFD}] => (Allow) C:\Windows\system32\xpsrchvw.exe
FirewallRules: [{1DB87B03-F909-47B4-A3F0-1F900E8F35D4}] => (Allow) C:\Windows\system32\xpsrchvw.exe
FirewallRules: [{5C8F3E49-2719-4D93-BE25-65E9FAA494CF}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{FB661676-E173-43E9-9797-77292FA78DAB}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{01B8B99B-E237-43A4-BBCE-57336E20347C}] => (Allow) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
FirewallRules: [{A75F1D68-3722-419A-AD7E-609AB890E4C8}] => (Allow) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
FirewallRules: [{17531371-99AC-4E27-9E21-FEC7486214E9}] => (Allow) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
FirewallRules: [{44CAB85A-D727-4DCA-983A-B6E512A3B228}] => (Allow) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
FirewallRules: [{EA6AF1C5-F753-4BBC-80EA-3A6ACA7D639B}] => (Allow) C:\Program Files (x86)\Emsisoft Anti-Malware\a2HiJackFree.exe
FirewallRules: [{6DF9AF00-5B65-4658-9F32-93EA297323B1}] => (Allow) C:\Program Files (x86)\Emsisoft Anti-Malware\a2HiJackFree.exe
FirewallRules: [{0443D20B-CCEE-4F25-9BF2-C7B78029AC18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E42E7F2-A965-42D5-9CB4-DA12970FFFC7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DBCBD2A-8582-47B5-B937-6634C9998B12}] => (Allow) C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
FirewallRules: [{D3379EBB-D1AB-43D1-8047-F588B2E8CC1E}] => (Allow) C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
FirewallRules: [{FE19EBB8-9B5D-41DB-9C42-B42B45EBD12B}] => (Allow) C:\Program Files (x86)\NirSoft\VideoCacheView\VideoCacheView.exe
FirewallRules: [{C65E3DBA-F82A-401E-B938-759A8B36E5A4}] => (Allow) C:\Program Files (x86)\NirSoft\VideoCacheView\VideoCacheView.exe
FirewallRules: [{1A8816C0-67A0-4093-A6A7-68CF8621D11E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{462D12F5-21D3-435F-8A54-D3624076E4BB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B08C123D-FC2D-484E-96CD-08E13DE13D50}] => (Allow) svchost.exe
FirewallRules: [{B29B100D-D57D-47F2-9D9F-DE09E7C638E9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C7FA5E75-4855-48B3-98A4-F6F259D9AA36}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{402368DE-0AC8-40B1-844A-4E0628EC1F14}] => (Allow) C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE
FirewallRules: [{673806D8-642E-48E1-8869-1383B8CC9011}] => (Allow) C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE
FirewallRules: [{E5819C13-2BA3-409A-967B-250DF058A8BD}] => (Allow) C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE
FirewallRules: [{4700F741-0B4B-4970-9B17-F3D434D18C6A}] => (Allow) C:\Program Files (x86)\Ontrack\PowerDesk\PDEXPLO.EXE
FirewallRules: [{2C652938-1BEB-4469-B18B-F4F529D8C48D}] => (Allow) D:\Jarte\Jarte.exe
FirewallRules: [{7C4617A2-9DB4-4390-B09D-0766304A2E56}] => (Allow) D:\Jarte\Jarte.exe
FirewallRules: [{1CD3415A-C545-4A53-8F62-92EAA2143354}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{75772F25-94A5-480F-826E-C5AA84C87792}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{9AD33583-E636-4ADC-B753-9B5DECBEC4D9}] => (Allow) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
FirewallRules: [{158CBF6F-EBB5-45F4-B74B-3C68F3B6262C}] => (Allow) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
FirewallRules: [{91DD5FA2-7710-4D99-BA39-E4EE576D0452}] => (Allow) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
FirewallRules: [{5901B0A4-9B27-47E5-8775-A5C49680C39E}] => (Allow) %ProgramFiles% (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
FirewallRules: [{74572D80-84C6-4100-9A99-32E032D06DF3}] => (Allow) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
FirewallRules: [{A8EA65D5-77CD-4414-8D96-DB06BB62E085}] => (Allow) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
FirewallRules: [{D3228AEB-F878-4C2E-B1A6-4F3A302F9A58}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8CB29CBE-8FDE-4EFD-86F2-8B688D157AE3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8CBDF96-2327-459B-A8A8-B7B3531B8372}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{080E2F28-43D9-474E-9F29-069AC0A822D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0DBFF35C-9044-4E2D-8B9E-FFA7C6D1E346}] => (Allow) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07532EB1-E035-4B97-B443-95BC36C7D675}] => (Allow) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7B76C9EB-E3E5-4BA4-93B5-B7F0CF6C8920}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{81E3C2CB-72F4-40C6-9EE4-A39DF5AAE2DD}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{A097FC7D-00D2-49D6-A4C6-913E5E630C9B}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{610A6E55-4102-4D2B-87B8-3417FB6065BA}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{EF51232E-5CF1-4ACE-9EF4-12F75CC7B398}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{49D0D8CB-70EA-4E88-9F45-A7A9E3625E46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A3C3849-2079-4AD4-89FC-595389384AF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DB165CAA-F619-4BC5-843A-B30D33CF57BA}C:\sandbox\****\defaultbox\drive\c\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\sandbox\****\defaultbox\drive\c\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4F3BB4BC-A5DE-4C8C-AAE4-3B1A569AC464}C:\sandbox\****\defaultbox\drive\c\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\sandbox\****\defaultbox\drive\c\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2015 02:04:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/31/2015 05:28:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/31/2015 01:43:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/30/2015 06:38:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/30/2015 02:47:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/30/2015 11:25:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/29/2015 03:59:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/28/2015 10:45:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/28/2015 10:35:08 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (05/24/2015 01:21:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (06/04/2015 01:54:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Emsisoft Anti-Malware 6.0 - Service service hung on starting.

Error: (06/03/2015 05:44:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Emsisoft Anti-Malware 6.0 - Service service hung on starting.

Error: (06/03/2015 04:34:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Emsisoft Anti-Malware 6.0 - Service service hung on starting.

Error: (06/02/2015 04:35:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Emsisoft Anti-Malware 6.0 - Service service hung on starting.

Error: (05/31/2015 05:35:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cleanhlp service failed to start due to the following error:
%%183

Error: (05/31/2015 05:18:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Emsisoft Anti-Malware 6.0 - Service service hung on starting.

Error: (05/31/2015 05:11:29 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.

Error: (05/31/2015 05:10:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.

Error: (05/31/2015 05:09:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (05/31/2015 05:09:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.


Microsoft Office:
=========================
Error: (06/04/2015 02:04:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/31/2015 05:28:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/31/2015 01:43:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/30/2015 06:38:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/30/2015 02:47:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (05/30/2015 11:25:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/29/2015 03:59:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/28/2015 10:45:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/28/2015 10:35:08 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (05/24/2015 01:21:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8


CodeIntegrity Errors:
===================================
  Date: 2015-05-04 13:18:54.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-04 13:18:54.207
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-26 17:57:16.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-26 17:57:16.626
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-26 17:43:03.257
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-26 17:43:03.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-23 15:27:27.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-23 15:27:27.680
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-23 15:23:30.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-23 15:23:30.088
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 29%
Total physical RAM: 3932.88 MB
Available physical RAM: 2786.03 MB
Total Pagefile: 7863.95 MB
Available Pagefile: 6539.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:84.09 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:24.46 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:297.09 GB) (Free:267.68 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:1 GB) (Free:0.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA2AA1C9)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 8AB97450)
Partition 1: (Not Active) - (Size=297.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1020 MB) - (Type=07 NTFS)

==================== End of log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 04 June 2015 - 10:48 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-543730625-1147475543-2362608401-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
Task: {E83DB27B-C644-4D17-994D-B20F40051E3C} - \GoforFilesUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#7 bahjan17

bahjan17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 04 June 2015 - 11:43 AM

HI again, 

 

Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by bahjan17  at 2015-06-04 17:33:45 Run:1
Running from G:\Bleeping Comp Tools\Farbar
Loaded Profiles: **** (Available Profiles:****)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-543730625-1147475543-2362608401-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
Task: {E83DB27B-C644-4D17-994D-B20F40051E3C} - \GoforFilesUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-543730625-1147475543-2362608401-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value Removed successfully
"HKU\S-1-5-21-543730625-1147475543-2362608401-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value Removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key Removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value Removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key Removed successfully
Could not move "C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key Removed successfully
Could not move "C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E83DB27B-C644-4D17-994D-B20F40051E3C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E83DB27B-C644-4D17-994D-B20F40051E3C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => key Removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS Removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-04 17:37:11)<=

"C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx" => Could not move
"C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 17:37:13 ====

 

When I restarted my computer recieved this message

Winpatrol  watchdog dectected new Internet Explorer Add on has been installed

Toshiba Media Controller plug in  ver 1.0.5.10

C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

 

Given current activity  - rejected the change for now.


Edited by bahjan17, 04 June 2015 - 11:48 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 04 June 2015 - 12:43 PM

Winpatrol watchdog dectected new Internet Explorer Add on has been installed
Toshiba Media Controller plug in ver 1.0.5.10
C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll


Read about it. Decide if you need it.
http://www.shouldiremoveit.com/TOSHIBA-Media-Controller-Plug-in-5398-program.aspx

How is the computer running now?

#9 bahjan17

bahjan17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 04 June 2015 - 01:43 PM

Toshiba widget -  Not sure I need that - thanks for the link.

 

Computer seems to be running fine, Avast AV  reports all OK, there is a black screen lag between 'Starting Windows' Splash screen and the desktop appearing of some 90 seconds (just timed it ) - I think it may be Avast doing a  rootkit scan on start up, which is enabled in the settings  Shuts down quickly enough  (5 secs).



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 05 June 2015 - 07:26 AM


Computer seems to be running fine, Avast AV reports all OK, there is a black screen lag between 'Starting Windows' Splash screen and the desktop appearing of some 90 seconds (just timed it )


Check these two tasks.

Task: {F7A6D5BE-3C1E-440A-BF71-04D534F20228} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-03] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 bahjan17

bahjan17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 05 June 2015 - 08:25 AM

C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 

is present as a 'sheduled task'  in that location when viewed in 'Winpatrol'

 

File  AvastEmUpdate.exe  is present at location C:\Program Files\Alwil Software\Avast5\  -   but I can't see it as an active or sheduled task.  Only Avast active task is

C:\Program Files\Alwil Software\Avast5\avastui.exe

 

Is that what you were asking me to check?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 05 June 2015 - 01:29 PM

Disable them one by one and see if the problem persists?

p.s.
I do not think that you have to check the Flash player every time you start the computer.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 11 June 2015 - 12:48 PM

Are you still with me?

#14 bahjan17

bahjan17
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 12 June 2015 - 07:35 AM

Hi,

Sorry - yes, I am. Still trying to diagnose the lag at start up - I deleted Flash sheduled task, and it's not that. I tried turning off automatic updates in Avast Free settings and rebooted, the pause was still present. I have found task C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-03] (Avast Software s.r.o.) but can't figure out how to stop it running safely. I looked for it in Winpatrol, but cannot find that process. I still think it might be the rootkit scan at startup set by default in Avast settings. I'll try deselecting it and see if it does anything and get back a.s.a.p. Update - disabling rootkit scan didn't appear to make any difference.

Other than that niggle, everything seems to be working fine.

Edited by bahjan17, 12 June 2015 - 07:45 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 18 June 2015 - 08:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users