Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Nailed (most software disappeared(not rly though) AV/AM not working)


  • This topic is locked This topic is locked
7 replies to this topic

#1 Apollo767

Apollo767

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 27 May 2016 - 11:02 AM

Hello guys, 

 

so, most of my software and icons disappeared (not really gone though (probably) as SSD capacity did not change). 

Can't run Malwarebytes - not in chameleon, not in safe mode, nothing)

AV - no result (tried ESET online, Avast, KVRT)

CBF - no result 

Emsisoft Emergency no result 

 

 

 

FRST log1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
Ran by John (administrator) on JOHNS_LAPTOP (27-05-2016 16:50:29)
Running from H:\Downloads\Chrome
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) H:\Programs\System\avast\AvastSvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\3GUty\tw3gsvc.exe
(Bitsum LLC) H:\Programs\Process Lasso\ProcessLasso.exe
(Bitsum LLC) H:\Programs\Process Lasso\ProcessGovernor.exe
(AVAST Software) H:\Programs\System\avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() H:\Programs\GnuPG\dirmngr.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() H:\Programs\System\ExpressVPN\bootstrap\AMD64\nssm.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() H:\Programs\System\ExpressVPN\xvpnd\xvpnd.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(VMware, Inc.) H:\Programs\System\VMW\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avast Software) H:\Programs\System\avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) H:\Programs\System\avast\avastui.exe
(Microsoft Corporation) C:\Windows\hh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [381784 2013-11-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [230752 2013-08-26] (TOSHIBA)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [287104 2014-04-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2767088 2013-07-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => H:\Programs\System\avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM-x32\...\RunOnce: [C:\Users\John\Desktop\Malwarebytes Anti-Malware\Chameleon\Windows\Windows] => cmd /C rd "C:\Users\John\Desktop\Malwarebytes Anti-Malware\Chameleon\Windows\Windows" /s/q
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => H:\Programs\System\MS Office 2013\Office15\GROOVEEX.DLL [2013-07-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => H:\Programs\System\MS Office 2013\Office15\GROOVEEX.DLL [2013-07-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => H:\Programs\System\MS Office 2013\Office15\GROOVEEX.DLL [2013-07-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => H:\Programs\System\avast\ashShA64.dll [2016-05-10] (AVAST Software)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2013-07-17] (TOSHIBA)
ShellIconOverlayIdentifiers: [TFPUOverlayIcon] -> {8DBDDA23-34E3-4BF1-A107-67B94C080A1F} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2013-07-17] (TOSHIBA)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 212.56.132.20 212.56.129.228
Tcpip\..\Interfaces\{2E7796AC-921C-4FE8-B21F-D5F0CD151134}: [DhcpNameServer] 212.56.132.20 212.56.129.228
Tcpip\..\Interfaces\{6D300D16-9307-462F-8ABB-5E8879B0B620}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7A0054FB-CC58-4DA5-8F30-7E43C7D3F99F}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{C421A704-742A-47AA-B8FB-2DAE47BEF013}: [NameServer] 10.206.128.1 10.206.128.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_b
SearchScopes: HKU\S-1-5-21-2008919785-3521510025-3119924549-1000 -> DefaultScope {0E29641C-F825-493F-84E1-BA5D022B97AE} URL = 
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> H:\Programs\System\MS Office 2013\Office15\OCHelper.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> H:\Programs\System\avast\aswWebRepIE64.dll [2016-05-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> H:\Programs\System\MSOFFI~1\Office15\URLREDIR.DLL => No File
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> H:\Programs\System\MS Office 2013\Office15\GROOVEEX.DLL [2013-07-12] (Microsoft Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> H:\Programs\System\avast\aswWebRepIE.dll [2016-05-10] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ehdh37os.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-19] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> H:\Programs\System\MSOFFI~1\Office15\NPSPWRAP.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-07-10] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - H:\Programs\System\avast\WebRep\FF
FF Extension: Avast Online Security - H:\Programs\System\avast\WebRep\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: TOSHIBA Fingerprint Utility Web Site Passwords - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - H:\Programs\System\avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - H:\Programs\System\avast\SafePrice\FF
FF Extension: Avast SafePrice - H:\Programs\System\avast\SafePrice\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-05-27]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/?clid=13415
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-17]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-17]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - H:\Programs\System\avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - H:\Programs\System\avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; H:\Programs\System\avast\AvastSvc.exe [243296 2016-05-10] (AVAST Software)
R2 avast! Firewall; H:\Programs\System\avast\afwServ.exe [370656 2016-05-10] (AVAST Software)
R3 AvastVBoxSvc; H:\Programs\System\avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-05-10] (Avast Software)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-06] (Kaspersky Lab ZAO)
R2 DirMngr; H:\Programs\GnuPG\dirmngr.exe [216576 2016-04-05] () [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-10-05] ()
R2 ExpressVpnService; H:\Programs\System\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-12-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [312112 2013-08-21] (Sierra Wireless, Inc.)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [648456 2014-12-29] (Sierra Wireless, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [186816 2014-12-15] (TOSHIBA CORPORATION)
R2 valWBFPolicyService; C:\windows\system32\valWBFPolicyService.exe [33280 2013-08-27] (Validity Sensors, Inc.) [File not signed]
R2 VMAuthdService; H:\Programs\System\VMW\vmware-authd.exe [87744 2015-05-30] (VMware, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S2 SkypeUpdate; H:\Programs\System\Skype\Updater\Updater.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-10] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-05-10] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-10] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-09-19] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-10] (AVAST Software)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 D9497565; C:\Windows\System32\drivers\D9497565.sys [478392 2016-05-27] (Kaspersky Lab ZAO)
R0 D94975656; C:\Windows\System32\drivers\D94975656.sys [478392 2016-05-27] (Kaspersky Lab ZAO)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\Users\John\Desktop\ee\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [87696 2013-01-11] (O2Micro)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-08] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-05-27] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-06] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-05-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-27] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-06] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3599840 2013-10-14] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-05-10] (AVAST Software)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [411208 2013-06-07] (Realsil Semiconductor Corporation)
R3 swg3kmbb06; C:\Windows\System32\DRIVERS\swg3kmbb06.sys [493840 2014-12-29] (Sierra Wireless Incorporated)
R3 swg3knmea06; C:\Windows\System32\DRIVERS\swg3knmea06.sys [275216 2014-12-29] (Sierra Wireless Incorporated)
R3 swg3kser06; C:\Windows\System32\DRIVERS\swg3kser06.sys [275216 2014-12-29] (Sierra Wireless Incorporated)
R3 swibus06; C:\Windows\System32\DRIVERS\swibus06.sys [88848 2013-09-14] (Sierra Wireless Inc.)
R3 swibusflt06; C:\Windows\System32\DRIVERS\swibusflt06.sys [88848 2013-09-14] (Sierra Wireless Inc.)
S3 SWUMX20; no ImagePath
R2 VBoxAswDrv; H:\Programs\System\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-05-10] (Avast Software)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146584 2015-10-02] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-27 16:50 - 2016-05-27 16:50 - 00000000 ____D C:\FRST
2016-05-27 16:42 - 2016-05-27 16:42 - 00000022 _____ C:\windows\S.dirmngr
2016-05-27 16:10 - 2016-05-27 16:40 - 00000000 ____D C:\Users\John\Desktop\ee
2016-05-27 15:50 - 2016-05-27 15:50 - 00029107 _____ C:\ComboFix.txt
2016-05-27 15:40 - 2016-05-27 15:50 - 00000000 ____D C:\ComboFix
2016-05-27 15:24 - 2016-05-27 15:24 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\D94975656.sys
2016-05-27 14:59 - 2016-05-27 14:59 - 00002409 _____ C:\Users\John\Desktop\Safe Money.lnk
2016-05-27 14:51 - 2016-05-27 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-05-27 14:51 - 2016-05-27 14:50 - 00002143 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-05-27 14:51 - 2016-05-27 14:50 - 00002143 _____ C:\ProgramData\Desktop\Kaspersky Internet Security.lnk
2016-05-27 14:50 - 2016-05-27 16:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-27 14:50 - 2016-05-27 14:50 - 00000000 ____D C:\windows\ELAMBKUP
2016-05-27 14:50 - 2016-05-27 14:50 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-05-27 14:50 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2016-05-27 14:49 - 2016-05-27 15:01 - 00943536 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-05-27 14:49 - 2015-12-06 01:12 - 00181640 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-05-27 14:47 - 2016-05-27 14:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-27 14:47 - 2016-05-27 14:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\D9497565.sys
2016-05-27 14:47 - 2016-05-27 14:47 - 00000000 ____D C:\KVRT_Data
2016-05-27 14:45 - 2016-05-27 14:45 - 00000000 ____D C:\Users\John\Desktop\Malwarebytes Anti-Malware
2016-05-27 14:31 - 2016-05-27 14:31 - 00003640 _____ C:\windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-05-27 14:29 - 2016-05-27 16:42 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-05-27 14:29 - 2016-05-27 14:29 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-05-27 14:24 - 2016-05-27 16:45 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-05-27 14:24 - 2016-05-27 16:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-27 14:24 - 2016-05-27 14:24 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-27 14:24 - 2016-05-27 14:24 - 00001117 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-27 14:24 - 2016-05-27 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-27 14:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-05-27 14:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-05-27 14:22 - 2016-05-27 15:55 - 02248314 _____ C:\windows\ntbtlog.txt
2016-05-26 06:10 - 2016-05-26 06:10 - 00000909 _____ C:\Users\Public\Desktop\XCOM Enemy Unknown - The Complete Edition.lnk
2016-05-26 06:10 - 2016-05-26 06:10 - 00000909 _____ C:\ProgramData\Desktop\XCOM Enemy Unknown - The Complete Edition.lnk
2016-05-26 06:10 - 2016-05-26 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2016-05-26 05:55 - 2016-05-26 05:55 - 00000000 ____D C:\ProgramData\Synaptics
2016-05-25 18:43 - 2016-05-25 18:43 - 00000000 ____D C:\windows\System32\Tasks\Intel
2016-05-25 18:35 - 2016-05-25 18:35 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-25 18:06 - 2016-05-25 18:10 - 00000000 ____D C:\Users\John\Desktop\log
2016-05-25 18:00 - 2016-05-25 18:00 - 00000948 _____ C:\Users\Public\Desktop\XCOM 2.lnk
2016-05-25 18:00 - 2016-05-25 18:00 - 00000948 _____ C:\ProgramData\Desktop\XCOM 2.lnk
2016-05-25 17:51 - 2016-05-25 17:50 - 00061805 _____ C:\windows\SysWOW64\defaultengine.ini
2016-05-25 17:50 - 2016-05-25 17:50 - 00061805 _____ C:\windows\system32\defaultengine.ini
2016-05-25 17:45 - 2016-02-23 15:08 - 00175424 _____ (NVIDIA Corporation) C:\windows\system32\physxextensions64.dll
2016-05-25 17:44 - 2013-09-24 09:07 - 00058544 _____ (Intel Corporation) C:\windows\system32\tbbmalloc.dll
2016-05-25 17:43 - 2013-10-18 09:30 - 01703744 _____ (Epic Games, Inc.) C:\windows\system32\libvorbis_64.dll
2016-05-25 17:42 - 2013-11-04 13:47 - 00027456 _____ (Epic Games, Inc.) C:\windows\system32\libogg_64.dll
2016-05-25 17:41 - 2013-10-18 09:30 - 00040768 _____ (Epic Games, Inc.) C:\windows\system32\libvorbisfile_64.dll
2016-05-25 17:40 - 2013-10-18 09:30 - 00139032 _____ (NVIDIA Corporation) C:\windows\system32\nvtt_64.dll
2016-05-25 17:07 - 2016-05-25 17:07 - 00001231 _____ C:\Users\John\Desktop\XCom2.exe - Shortcut.lnk
2016-05-25 16:57 - 2016-05-25 16:58 - 00000000 ____D C:\Users\John\Downloads\XCOM.2.Update.1.and.Crack
2016-05-25 16:39 - 2016-05-25 16:39 - 00003042 _____ C:\windows\System32\Tasks\Process Lasso Management Console (GUI)
2016-05-25 16:39 - 2016-05-25 16:39 - 00002990 _____ C:\windows\System32\Tasks\Process Lasso Core Engine Only
2016-05-25 16:39 - 2016-05-25 16:39 - 00000000 ____D C:\ProgramData\ProcessLasso
2016-05-25 16:39 - 2016-05-25 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2016-05-25 13:40 - 2016-05-27 16:40 - 00002960 _____ C:\windows\System32\Tasks\{C88890B5-F822-4773-A235-FE4AF699B442}
2016-05-25 13:40 - 2016-05-25 13:21 - 125862080 _____ (Intel Corporation) C:\Users\John\Desktop\win64_153631.4414.exe
2016-05-25 13:39 - 2016-05-25 13:39 - 00000118 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-25 13:30 - 2016-05-27 16:42 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2016-05-25 13:30 - 2016-05-25 18:58 - 00000401 _____ C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-05-25 13:28 - 2016-05-27 16:40 - 00003130 _____ C:\windows\System32\Tasks\{DF9AD636-BBB0-4F8B-9A9E-714E69F70975}
2016-05-25 13:28 - 2016-05-25 18:43 - 00000704 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-05-25 13:28 - 2016-05-25 18:43 - 00000704 _____ C:\ProgramData\Desktop\Intel® HD Graphics Control Panel.lnk
2016-05-25 11:59 - 2016-05-25 12:00 - 00000000 ____D C:\Users\John\AppData\Roaming\FiraxisLive
2016-05-25 03:09 - 2016-05-25 03:09 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-05-25 03:09 - 2016-05-25 03:09 - 00000000 ____D C:\Program Files\Synaptics
2016-05-25 01:23 - 2016-05-25 01:23 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-25 01:21 - 2016-05-25 01:21 - 00005222 _____ C:\Users\John\Desktop\JRT.txt
2016-05-25 01:17 - 2016-05-25 01:17 - 00002864 _____ C:\Users\John\Desktop\AdwCleaner[C1].txt
2016-05-25 01:12 - 2016-05-25 01:15 - 00000000 ____D C:\AdwCleaner
2016-05-25 01:12 - 2016-05-25 01:12 - 00001126 _____ C:\Users\John\Desktop\mwb.txt
2016-05-25 00:49 - 2016-05-25 00:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-24 22:54 - 2016-05-24 22:51 - 05659526 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2016-05-24 16:49 - 2016-05-24 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-05-21 16:44 - 2016-05-21 16:45 - 00000000 ____D C:\windows\SysWOW64\vbox
2016-05-21 16:44 - 2016-05-21 16:45 - 00000000 ____D C:\windows\system32\vbox
2016-05-21 15:56 - 2016-05-21 15:57 - 00000000 ____D C:\1
2016-05-21 15:15 - 2016-05-21 15:15 - 00000000 ____D C:\Users\John\AppData\Roaming\DOOM 3 BFG Edition
2016-05-21 15:15 - 2016-05-21 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-05-21 13:04 - 2016-05-21 13:04 - 00001157 _____ C:\Users\John\Desktop\asdsdasd.txt
2016-05-21 11:56 - 2016-05-21 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-05-20 09:48 - 2016-05-20 09:48 - 00113623 _____ C:\Users\John\Desktop\Diploma.pdf
2016-05-15 20:05 - 2016-05-15 20:05 - 00000000 ____D C:\Program Files (x86)\Skype
2016-05-14 22:19 - 2016-05-14 22:19 - 00000000 ____D C:\Users\John\Documents\Rock Guides
2016-05-13 20:14 - 2016-05-24 19:13 - 00000000 ____D C:\Users\John\AppData\Roaming\gnupg
2016-05-13 20:14 - 2016-05-13 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2016-05-13 20:14 - 2016-05-13 20:14 - 00000000 ____D C:\ProgramData\GNU
2016-05-13 18:44 - 2016-05-13 18:44 - 00000777 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-05-12 22:12 - 2015-12-11 14:04 - 00344168 _____ (Intel Corporation) C:\windows\system32\igfxCUIService.exe
2016-05-12 22:06 - 2016-05-12 22:06 - 00641530 _____ C:\windows\system32\FilmModeDetection.wmv
2016-05-12 22:06 - 2016-05-12 22:06 - 00609280 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2016-05-12 22:06 - 2016-05-12 22:06 - 00403671 _____ C:\windows\system32\ImageStabilization.wmv
2016-05-12 22:06 - 2016-05-12 22:06 - 00375173 _____ C:\windows\system32\ColorImageEnhancement.wmv
2016-05-12 22:06 - 2016-05-12 22:06 - 00190464 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4414.dll
2016-05-12 22:06 - 2016-05-12 22:06 - 00086528 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
2016-05-12 22:06 - 2016-05-12 22:06 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
2016-05-12 22:06 - 2016-05-12 22:06 - 00000935 _____ C:\windows\system32\Gfxv4_0.exe.config
2016-05-12 22:06 - 2016-05-12 22:06 - 00000895 _____ C:\windows\system32\Gfxv2_0.exe.config
2016-05-12 22:06 - 2016-05-12 22:06 - 00000895 _____ C:\windows\system32\DPTopologyAppv2_0.exe.config
2016-05-12 22:06 - 2015-11-20 13:07 - 02039808 _____ (Intel Corporation) C:\windows\system32\igfxLHM.dll
2016-05-12 22:06 - 2015-11-20 13:07 - 00699392 _____ (Intel Corporation) C:\windows\system32\igfxDH.dll
2016-05-12 22:06 - 2015-11-20 13:07 - 00288256 _____ (Intel Corporation) C:\windows\system32\igfxDI.dll
2016-05-12 22:06 - 2015-11-20 13:07 - 00219648 _____ (Intel Corporation) C:\windows\system32\igfxDTCM.dll
2016-05-10 18:58 - 2016-05-10 18:58 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-05-10 18:58 - 2016-05-10 18:58 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-05-10 18:57 - 2016-05-10 18:57 - 00028312 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2016-05-07 21:12 - 2016-05-07 21:12 - 00097810 _____ C:\Users\John\Desktop\Pay vehicle tax - GOV.pdf
2016-05-05 13:33 - 2016-05-05 15:21 - 00001750 _____ C:\Users\John\Desktop\stg.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-27 16:49 - 2009-07-14 05:45 - 00027344 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 16:49 - 2009-07-14 05:45 - 00027344 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 16:48 - 2015-09-21 01:20 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2016-05-27 16:46 - 2011-02-14 11:51 - 00613512 _____ C:\windows\system32\perfh008.dat
2016-05-27 16:46 - 2011-02-14 11:51 - 00116014 _____ C:\windows\system32\perfc008.dat
2016-05-27 16:46 - 2011-02-14 11:41 - 00746882 _____ C:\windows\system32\perfh015.dat
2016-05-27 16:46 - 2011-02-14 11:41 - 00160758 _____ C:\windows\system32\perfc015.dat
2016-05-27 16:46 - 2011-02-14 11:32 - 00690278 _____ C:\windows\system32\perfh00E.dat
2016-05-27 16:46 - 2011-02-14 11:32 - 00176160 _____ C:\windows\system32\perfc00E.dat
2016-05-27 16:46 - 2011-02-14 11:17 - 00675364 _____ C:\windows\system32\perfh005.dat
2016-05-27 16:46 - 2011-02-14 11:17 - 00146312 _____ C:\windows\system32\perfc005.dat
2016-05-27 16:46 - 2009-07-14 06:13 - 04041562 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-27 16:46 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2016-05-27 16:42 - 2015-07-09 06:27 - 00000000 ____D C:\ProgramData\VMware
2016-05-27 16:42 - 2014-05-12 03:59 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 16:42 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-27 16:40 - 2016-01-17 01:11 - 00003130 _____ C:\windows\System32\Tasks\{C8CCD145-8E98-4895-9971-3A7F23329FB0}
2016-05-27 16:40 - 2015-09-27 23:06 - 00003214 _____ C:\windows\System32\Tasks\{91F96AB0-A9A9-4871-8914-14921DD787F9}
2016-05-27 16:40 - 2015-02-23 08:44 - 00003688 _____ C:\windows\System32\Tasks\{DC822D72-1804-4E91-8CE8-6D67FEFEF2B7}
2016-05-27 16:39 - 2015-10-08 02:11 - 00003150 _____ C:\windows\System32\Tasks\{31A63D93-0CDF-4A3D-8381-BEC1F4A62639}
2016-05-27 16:39 - 2015-09-27 22:47 - 00003224 _____ C:\windows\System32\Tasks\{6C5232F5-4DB3-45B4-9E7A-D8BEB4E50DDE}
2016-05-27 16:39 - 2015-03-03 05:29 - 00003156 _____ C:\windows\System32\Tasks\{470D79E5-8D88-469D-A46D-DF87A6569211}
2016-05-27 16:39 - 2015-02-23 08:41 - 00003120 _____ C:\windows\System32\Tasks\{40FDAF3B-2A55-4757-9C5B-7B38B27E103F}
2016-05-27 16:32 - 2015-03-30 14:06 - 00000000 ____D C:\l
2016-05-27 16:04 - 2014-05-12 03:59 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 16:03 - 2015-09-19 22:04 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 15:57 - 2015-09-19 20:48 - 00004156 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-05-27 15:50 - 2015-03-03 03:23 - 00000000 ____D C:\Qoobox
2016-05-27 15:48 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2016-05-27 15:01 - 2015-06-11 19:32 - 00049240 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klim6.sys
2016-05-27 15:01 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2016-05-27 15:00 - 2015-12-06 01:12 - 00237480 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-05-27 14:16 - 2015-07-06 02:02 - 00000000 ____D C:\windows\Minidump
2016-05-27 11:03 - 2015-12-25 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-27 02:00 - 2015-02-24 05:19 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2016-05-26 20:49 - 2016-01-17 00:09 - 00000000 ____D C:\Users\John\Documents\My Games
2016-05-25 18:58 - 2015-02-18 06:35 - 00015422 _____ C:\windows\system32\results.xml
2016-05-25 18:43 - 2015-02-18 06:32 - 00000000 ____D C:\Program Files\Intel
2016-05-25 18:41 - 2016-01-17 12:18 - 00000000 ____D C:\Users\John\AppData\Roaming\ProcessLasso
2016-05-25 18:41 - 2015-02-17 12:11 - 00114112 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-25 18:40 - 2009-07-14 05:45 - 05063888 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-25 18:14 - 2015-12-25 20:52 - 00000000 ____D C:\Users\John\AppData\Roaming\Zeon
2016-05-25 18:14 - 2015-12-25 20:51 - 00000000 ____D C:\ProgramData\Nuance
2016-05-25 13:30 - 2015-02-18 06:33 - 00000000 ____D C:\Intel
2016-05-25 13:30 - 2015-02-17 12:08 - 00000000 ____D C:\Users\John
2016-05-25 11:53 - 2014-05-12 03:56 - 03945810 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-05-25 11:52 - 2015-02-18 06:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-25 11:48 - 2015-10-02 23:54 - 00000000 ____D C:\Users\John\AppData\Local\Downloaded Installations
2016-05-25 11:47 - 2015-09-20 23:38 - 00000000 ____D C:\windows\SysWOW64\directx
2016-05-24 21:33 - 2015-02-17 13:23 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2016-05-24 13:26 - 2015-02-17 13:31 - 00000000 ____D C:\windows\system32\appmgmt
2016-05-24 13:26 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-05-24 13:25 - 2015-12-25 20:50 - 00000000 ____D C:\ProgramData\ScanSoft
2016-05-24 13:24 - 2015-12-25 20:50 - 00000000 ____D C:\ProgramData\TEMP
2016-05-24 13:24 - 2014-05-12 04:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-24 13:12 - 2015-02-23 00:14 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2016-05-21 11:56 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-19 00:30 - 2015-07-09 06:37 - 00000000 ____D C:\Users\John\AppData\Roaming\VMware
2016-05-19 00:30 - 2015-07-09 06:37 - 00000000 ____D C:\Users\John\AppData\Local\VMware
2016-05-18 20:59 - 2016-02-13 15:50 - 00000000 ____D C:\Users\John\Desktop\CS 1.6
2016-05-15 20:05 - 2014-05-12 03:58 - 00000000 ____D C:\ProgramData\Skype
2016-05-13 09:40 - 2015-02-17 12:19 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 09:40 - 2015-02-17 12:19 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 09:40 - 2015-02-17 12:19 - 00002194 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-05-12 22:56 - 2015-02-24 05:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-12 22:36 - 2015-11-28 18:59 - 00003898 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1448733544
2016-05-12 22:06 - 2015-02-18 06:34 - 00086528 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.DLL
2016-05-12 22:06 - 2015-02-18 06:34 - 00082432 _____ (Khronos Group) C:\windows\system32\OpenCL.DLL
2016-05-11 22:14 - 2015-07-09 06:36 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 23:58 - 2014-05-12 03:59 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:58 - 2014-05-12 03:59 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 18:58 - 2015-09-19 20:48 - 00465792 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-05-10 18:58 - 2015-09-19 20:48 - 00287528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2016-05-10 18:58 - 2015-09-19 20:48 - 00166432 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-05-10 18:58 - 2015-09-19 20:48 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-05-10 18:58 - 2015-09-19 20:48 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-05-10 18:58 - 2015-09-19 20:48 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-05-10 18:58 - 2015-09-19 20:48 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-05-10 18:57 - 2016-02-14 22:05 - 00536312 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetSec.sys
2016-05-10 18:57 - 2015-09-19 20:48 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-05-10 18:57 - 2015-09-19 20:48 - 00161760 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
2016-05-10 18:57 - 2015-09-19 20:48 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
 
==================== Files in the root of some directories =======
 
2015-09-29 22:39 - 2015-09-29 22:39 - 0000112 _____ () C:\Users\John\AppData\Roaming\JP2K CS6 Prefs
2015-09-20 00:04 - 2015-09-20 00:44 - 0000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2015-04-02 23:22 - 2015-07-25 13:08 - 0007614 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-07-06 02:00 - 2015-07-06 02:00 - 0000000 _____ () C:\Users\John\AppData\Local\{90515A39-2AC0-4CDB-95DC-1070BBD305EA}
2015-02-18 06:38 - 2015-02-18 06:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-12 12:02
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
FRST log 2:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
Ran by John (2016-05-27 16:50:55)
Running from H:\Downloads\Chrome
Windows 7 Professional Service Pack 1 (X64) (2015-02-17 11:08:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2008919785-3521510025-3119924549-500 - Administrator - Disabled)
Guest (S-1-5-21-2008919785-3521510025-3119924549-501 - Limited - Disabled)
John (S-1-5-21-2008919785-3521510025-3119924549-1000 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.303.446 - ALPS ELECTRIC CO., LTD.)
Amazon Kindle (HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\...\Amazon Kindle) (Version: 1.14.1.43029 - Amazon)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Premier (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.15(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{2E0DEF55-D1D3-493C-8673-D4B30F12B9CE}) (Version: 2.51.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DTS Studio Sound (HKLM-x32\...\{568C9428-B9B4-418C-879D-0A8281B4257A}) (Version: 1.01.3400 - DTS, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ExpressVPN (HKLM-x32\...\{7e56c1dd-07c1-48cc-a445-8f959eec20b6}) (Version: 4.0.6.284 - ExpressVPN)
ExpressVPN (x32 Version: 4.0.6.284 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gpg4win (2.3.1) (HKLM-x32\...\GPG4Win) (Version: 2.3.1 - The Gpg4win Project)
Hero Lab 7.3 (HKLM-x32\...\{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1) (Version: 7.3 - LWD Technology, Inc.)
Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel)
Intel® Driver Update Utility 2.2.0.6 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4332 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{187FCD5D-F8F2-49CD-B6B4-175989C178DC}) (Version: 3.0.1328.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{FE4901DA-814B-4E08-8905-D88444414EF7}) (Version: 2.1.4.222GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.222GS - O2Micro) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.0.6 (HKLM\...\{D09FC154-2747-4BC8-838E-B2EC414C4F6A}) (Version: 5.0.6 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Plug-In 1.6 (HKLM-x32\...\{75569847-6E3F-4D03-A4E8-8EC528E155A9}_is1) (Version: 1.6 - Lone Wolf Development, Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.4.0.2 - Bitsum)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21232 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7041 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Sierra Wireless AirCard Watcher (HKLM-x32\...\{A05C84FD-989E-4C30-B16A-730233E8237B}) (Version: 6.0.3928.8402 - Sierra Wireless Inc.)
Sierra Wireless Toshiba Mobile Broadband Driver Package (HKLM-x32\...\SWIToshibaDrvInstaller) (Version: 6.9.4237.0601 - Sierra Wireless, Inc.)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.4.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
TOSHIBA Battery Manager (HKLM\...\{5D1FDAAD-7037-4D83-8CA8-39D92F91E73E}) (Version: 9.0.5.64 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.2.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.3.03.64402 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.5.6401 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.0.4.3201 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.18 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.3.3201 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.1.6400 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.2.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{472175F3-ACB2-4977-8CC8-EB971C24F245}) (Version: 2.0.0.3202 - Toshiba Corporation)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Validity WBF DDK 5111 (HKLM\...\{553FA82D-40F9-4FF4-B0F3-70E9DF68EE0D}) (Version: 4.5.232.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.2 - VMware, Inc)
VMware Player (Version: 7.1.2 - VMware, Inc.) Hidden
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XCOM - Enemy Unknown (HKLM-x32\...\XCOM - Enemy Unknown_is1) (Version:  - )
XCOM 2 (HKLM-x32\...\XCOM 2_is1) (Version:  - )
Zork - The Great Underground Empire (HKLM-x32\...\1207661493_is1) (Version: 2.1.0.17 - GOG.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2008919785-3521510025-3119924549-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {057D9B03-04C4-4252-8007-6CF33EB9B904} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {0B27D074-9946-4F09-84D0-A8E6EA435592} - System32\Tasks\Process Lasso Core Engine Only => H:\Programs\Process Lasso\processgovernor.exe [2015-07-07] (Bitsum LLC)
Task: {0EC53F13-658E-4216-9657-BB4FC85FB429} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {202D4A8A-D812-4311-BBED-9D99CCAD6AEA} - System32\Tasks\AirVPN => H:\Programs\System\VPN\AirVPN\AirVPN.exe
Task: {22FC12B8-4963-4817-9D12-F4C1EEBDF1CE} - System32\Tasks\{40FDAF3B-2A55-4757-9C5B-7B38B27E103F} => pcalua.exe -a H:\Downloads\Chrome\vcredist_x86.exe -d H:\Downloads\Chrome
Task: {27E72922-6A62-42EB-BF8D-AC7B6DF48610} - System32\Tasks\{DC822D72-1804-4E91-8CE8-6D67FEFEF2B7} => pcalua.exe -a "C:\Users\John\AppData\Local\Temp\{EC78D8E5-1C4E-4E8E-B1AC-7657FA3E7327}\Dreamweaver_15_LS20\Adobe Dreamweaver CC 2014.1\payloads\Microsoft VC 2010 Redist (x64)\vcredist_x64.exe" -d "C:\Users\John\AppData\Local\Temp\{EC78D8E5-1C4E-4E8E-B1AC-7657FA3E7327}\Dreamweaver_15_LS20\Adobe Dreamweaver CC 2 (the data entry has 46 more characters).
Task: {2AC53A5B-8150-4C36-8D76-C89439F35F14} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => H:\Programs\System\MS Office 2013\Office15\msoia.exe
Task: {2B86B937-0BF5-4DE2-ABF8-D194C5DE7C01} - System32\Tasks\{DF9AD636-BBB0-4F8B-9A9E-714E69F70975} => pcalua.exe -a H:\Downloads\Chrome\win64_153631.4414.exe -d H:\Downloads\Chrome
Task: {30239E61-28CC-45BB-95DB-324B4742EBE5} - System32\Tasks\{6C5232F5-4DB3-45B4-9E7A-D8BEB4E50DDE} => pcalua.exe -a "H:\Games\Baldur's Gate - Enhanced Edition\setup-widescreen.exe" -d "H:\Games\Baldur's Gate - Enhanced Edition"
Task: {32AABB52-98B1-4A35-8772-627C709B9676} - System32\Tasks\{31A63D93-0CDF-4A3D-8381-BEC1F4A62639} => pcalua.exe -a H:\Downloads\Chrome\VirtualBox-5.0.6-103037-Win.exe -d H:\Downloads\Chrome
Task: {345F643A-2556-4B13-977D-8F9C315C731A} - System32\Tasks\SafeZone scheduled Autoupdate 1448733544 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {5321A9D0-2286-4CB0-AB80-B51D64721189} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {59A6093A-270C-4A9F-B444-66CF5DA4DA8E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-19] (Adobe Systems Incorporated)
Task: {69861003-C915-4B0C-816B-4A42D29C12E5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {6C3B4343-E40B-4CDF-89D2-D99DE542C36A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {79F0DC25-83CB-4FFB-B764-F4445599869A} - System32\Tasks\AdobeAAMUpdater-1.0-Johns_Laptop-John => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {7F528456-6CB4-406A-B9D9-A6815FD6B01D} - System32\Tasks\avast! Emergency Update => H:\Programs\System\avast\AvastEmUpdate.exe [2016-05-10] (AVAST Software)
Task: {80FE74E3-CF81-41CC-A94B-EC3AABA0CCF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {876869B4-583D-4E6C-97B5-EFBC62F7386B} - System32\Tasks\{91F96AB0-A9A9-4871-8914-14921DD787F9} => pcalua.exe -a "H:\Games\Baldur's Gate - Enhanced Edition\setup-bg1ub.exe" -d "H:\Games\Baldur's Gate - Enhanced Edition"
Task: {8E8CC038-492D-49FC-B784-70BE94D18E8B} - System32\Tasks\{C8CCD145-8E98-4895-9971-3A7F23329FB0} => pcalua.exe -a H:\Downloads\Chrome\win64_154010.4300.exe -d H:\Downloads\Chrome
Task: {9219F583-133B-44FB-8A22-828448E954F5} - System32\Tasks\{C88890B5-F822-4773-A235-FE4AF699B442} => C:\Users\John\Desktop\win64_153631.4414.exe [2016-05-25] (Intel Corporation)
Task: {A7329828-3CF9-4044-94B2-F8226781B579} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {AC5D7727-62FD-43F6-8254-BE12ED166D2A} - System32\Tasks\{470D79E5-8D88-469D-A46D-DF87A6569211} => pcalua.exe -a H:\Downloads\Chrome\ALPS_TPad-7.x2.303.107-Vis3264.exe -d H:\Downloads\Chrome
Task: {CE21964B-5299-4B3E-8B54-06BE4DC08445} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => H:\Programs\System\MS Office 2013\Office15\msoia.exe
Task: {D7C80C8D-7409-484A-87CF-0A8602BC5D30} - System32\Tasks\Process Lasso Management Console (GUI) => H:\Programs\Process Lasso\processlasso.exe [2015-07-07] (Bitsum LLC)
Task: {F26E0783-2799-43A8-9E94-2C1D52F38E14} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-05 12:25 - 2016-04-05 12:25 - 00216576 _____ () H:\Programs\GnuPG\dirmngr.exe
2013-10-05 00:31 - 2013-10-05 00:31 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-04-28 19:18 - 2015-04-28 19:18 - 00331264 _____ () H:\Programs\System\ExpressVPN\bootstrap\AMD64\nssm.exe
2015-07-11 08:38 - 2015-07-11 08:38 - 06268840 _____ () H:\Programs\System\ExpressVPN\xvpnd\xvpnd.exe
2013-08-13 04:06 - 2013-08-13 04:06 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-08-13 04:06 - 2013-08-13 04:06 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-13 04:06 - 2013-08-13 04:06 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-12-11 14:04 - 2015-12-11 14:04 - 00382056 _____ () C:\windows\system32\igfxTray.exe
2013-10-14 18:31 - 2013-10-14 18:31 - 00331104 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll
2012-03-03 00:08 - 2012-03-03 00:08 - 00595840 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2013-08-21 08:49 - 2013-08-21 08:49 - 00080264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-07-10 09:31 - 2013-07-10 09:31 - 08865448 _____ () H:\Programs\System\MS Office 2013\Office15\1033\GrooveIntlResource.dll
2016-05-10 18:58 - 2016-05-10 18:58 - 00123344 _____ () H:\Programs\System\avast\log.dll
2016-05-10 18:58 - 2016-05-10 18:58 - 00135816 _____ () H:\Programs\System\avast\JsonRpcServer.dll
2016-05-27 14:20 - 2016-05-27 14:20 - 02982040 _____ () H:\Programs\System\avast\defs\16052700\algo.dll
2016-05-10 18:58 - 2016-05-10 18:58 - 00309912 _____ () H:\Programs\System\avast\browser_pass.dll
2016-05-10 18:58 - 2016-05-10 18:58 - 00479680 _____ () H:\Programs\System\avast\ffl2.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2016-04-05 12:12 - 2016-04-05 12:12 - 00221696 _____ () H:\Programs\GnuPG\libksba-8.dll
2016-04-05 12:06 - 2016-04-05 12:06 - 00087552 _____ () H:\Programs\GnuPG\libgpg-error-0.dll
2016-04-05 12:01 - 2016-04-05 12:01 - 00050176 _____ () H:\Programs\GnuPG\libw32pth-0.dll
2016-04-05 12:12 - 2016-04-05 12:12 - 00073728 _____ () H:\Programs\GnuPG\libassuan-0.dll
2016-04-05 12:15 - 2016-04-05 12:15 - 00750592 _____ () H:\Programs\GnuPG\libgcrypt-20.dll
2015-05-30 22:59 - 2015-05-30 22:59 - 01301696 _____ () H:\Programs\System\VMW\libxml2.dll
2015-12-22 19:26 - 2015-12-22 19:26 - 40539648 _____ () H:\Programs\System\avast\libcef.dll
2015-02-18 06:32 - 2013-12-10 00:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-07-10 09:31 - 2013-07-10 09:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-13 09:40 - 2016-05-11 12:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 09:40 - 2016-05-11 12:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [121]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D9497565.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D94975656.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\D9497565.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\D94975656.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-05-27 15:48 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.56.132.20 - 212.56.129.228
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DTS Studio Sound => "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
MSCONFIG\startupreg: GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IgfxTray => "C:\windows\system32\igfxtray.exe"
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
MSCONFIG\startupreg: ITSecMng => %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nuance OmniPage 18-reminder => "H:\Programs\Omni\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
MSCONFIG\startupreg: OmniPage Preload => H:\Programs\Omni\OmniPage18.exe /preload
MSCONFIG\startupreg: OpAgent => "OpAgent.exe" /agent
MSCONFIG\startupreg: PDF7 Registry Controller => H:\Programs\PDF Create 7\RegistryController.exe
MSCONFIG\startupreg: PDFCreHook => H:\Programs\PDF Create 7\pdfcreate7hook.exe
MSCONFIG\startupreg: Persistence => "C:\windows\system32\igfxpers.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: TOSDCR => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
MSCONFIG\startupreg: TOSHIBA_3G_UTY => C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TRUUpdater => "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
MSCONFIG\startupreg: TSleepSrv => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WatcherHelper => "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{178D17E1-6BEC-4CBF-AB1B-71FE0032770A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{39F473EA-CF52-4736-92D1-5B37A534F986}] => (Allow) H:\Programs\System\Skype\Phone\Skype.exe
FirewallRules: [{AA21D9C7-157B-4E72-8267-0F91DD257272}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3221429A-1C3F-485A-897F-913446E8BF45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42CF5061-C56D-4D94-A854-56E42AF7996B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7182204F-49E8-48B1-A4C6-69C900F71E21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B3B3B76-081F-4C3B-B1D9-227ACB8A4F38}] => (Allow) H:\Programs\System\iTunes\iTunes.exe
FirewallRules: [{4446ED0B-F23B-4FF4-9F9D-2B1884E4F36E}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{14760F6B-9E5E-49F0-87A3-C4E29A308D64}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{2A20F4E3-80B8-48BF-8590-E51BF0253013}] => (Allow) H:\Programs\System\MS Office 2013\Office15\lync.exe
FirewallRules: [{32B57E66-5370-42D6-953E-0770F73D0000}] => (Allow) H:\Programs\System\MS Office 2013\Office15\lync.exe
FirewallRules: [{05541511-E33E-490A-A2E2-BF4487EAEC9C}] => (Allow) H:\Programs\System\MS Office 2013\Office15\UcMapi.exe
FirewallRules: [{208387F6-F0D8-4259-A9C9-92E0D5AA6BED}] => (Allow) H:\Programs\System\MS Office 2013\Office15\UcMapi.exe
FirewallRules: [{0584C504-AC67-443F-A7E4-4B1392258F3F}] => (Allow) H:\Programs\System\MS Office 2013\Office15\outlook.exe
FirewallRules: [{7C679857-17AD-495C-8430-2C34A9CC7CA8}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{33789DDB-6992-4158-81D5-2A1F7A69937B}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\AAMLauncherUtil.exe
FirewallRules: [{F9F0257A-789D-4AED-B774-33BF7B846F9B}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\DreamweaverHelper.exe
FirewallRules: [{92C56517-9D28-45EE-87F7-49AD42D28345}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\LogTransport2.exe
FirewallRules: [{881C1D67-2F96-4E3F-85BC-F721E292A2A1}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{DBC7D3A6-34FC-468F-A1F4-ECC62793837C}] => (Block) H:\Programs\Adobe\Dreamweaver\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{041D55FA-B805-4058-AD3B-34D8348AB287}] => (Allow) H:\Programs\System\VMW\vmware-authd.exe
FirewallRules: [{101EF693-78BB-4B3C-BBDF-514C0268FDBC}] => (Allow) H:\Programs\System\VMW\vmware-authd.exe
FirewallRules: [{79CD5FCF-697C-4188-927C-0473F76F78C8}] => (Allow) H:\Programs\System\Firefox\firefox.exe
FirewallRules: [{B66B9152-E3E3-4746-B087-B124DC2EB76F}] => (Allow) H:\Games\Hero Lab\HeroLab.exe
FirewallRules: [{B71F1DC7-56E3-4FD7-AF47-44FD09819156}] => (Allow) H:\Games\Hero Lab\HeroLab.exe
FirewallRules: [{AD5A52E0-818B-40B6-B9AD-A291DDBA0426}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{2F8F7A37-5D89-4890-823B-011CFBABC56B}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{B2454CFD-8A8D-4FBC-A187-884F08A23663}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{0EF077A0-BBBD-4CF8-B63D-CB7EFDC46BFB}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{9C5B23F7-F960-4153-B645-56B781C878B5}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{85E6A59A-8C63-45F0-92CE-2292D97C0ABD}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [TCP Query User{AAFF5B19-B105-438C-97F3-EA59757F3DFA}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Block) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [UDP Query User{3C86977D-040D-42B1-A6AB-7FAC70317E62}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Block) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [TCP Query User{8BE5C7FC-4A44-4290-AC83-3A712D388596}H:\games\diablo iii\diablo iii.exe] => (Allow) H:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{C03C034A-985A-4166-9D6F-F874D967DADF}H:\games\diablo iii\diablo iii.exe] => (Allow) H:\games\diablo iii\diablo iii.exe
FirewallRules: [{E7B81E65-6FE8-4906-91B3-90E430230AA1}] => (Allow) H:\Games\Steam\Steam.exe
FirewallRules: [{ACFD1EF6-5FB6-40E9-9847-7DD34E38B925}] => (Allow) H:\Games\Steam\Steam.exe
FirewallRules: [{3DF3FC3D-A14B-4E4C-A69F-C41F8701E0CE}] => (Allow) H:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{AC485D34-10BC-44B6-99DC-3AA78BD540A0}] => (Allow) H:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{9F681BFD-1677-48B9-AA0A-9895F7496206}C:\users\john\desktop\cs 1.6\hl.exe] => (Allow) C:\users\john\desktop\cs 1.6\hl.exe
FirewallRules: [UDP Query User{5317C945-1E94-421A-BE55-A7E13BB7CC37}C:\users\john\desktop\cs 1.6\hl.exe] => (Allow) C:\users\john\desktop\cs 1.6\hl.exe
FirewallRules: [TCP Query User{91B1D8CE-7AA8-4C98-B6AF-2D6C3B226363}H:\games\wolfenstein - enemy territory\etded.exe] => (Allow) H:\games\wolfenstein - enemy territory\etded.exe
FirewallRules: [UDP Query User{D8DFEA31-71CD-4287-ABDD-99041C2F77AD}H:\games\wolfenstein - enemy territory\etded.exe] => (Allow) H:\games\wolfenstein - enemy territory\etded.exe
FirewallRules: [TCP Query User{E63CD059-D1AF-4CB6-BBFA-0CFB739EF506}H:\games\wolfenstein - enemy territory\et.exe] => (Allow) H:\games\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{3F11EC67-F0E8-4EAF-AC53-42F0B8770227}H:\games\wolfenstein - enemy territory\et.exe] => (Allow) H:\games\wolfenstein - enemy territory\et.exe
FirewallRules: [TCP Query User{678FF642-C847-4C37-893D-BA38A8301A21}H:\games\cs 1.6\hl.exe] => (Allow) H:\games\cs 1.6\hl.exe
FirewallRules: [UDP Query User{23EB88BE-CAB8-42EA-814C-4700FE145C24}H:\games\cs 1.6\hl.exe] => (Allow) H:\games\cs 1.6\hl.exe
FirewallRules: [{962D7C3C-D8E5-44D3-8A04-2A9E6E4940FC}] => (Allow) H:\Programs\RaidCall.RU\rcplugin.exe
FirewallRules: [{2FCEA85C-11D1-4350-9F4C-8A9AB3502EDC}] => (Allow) H:\Programs\RaidCall.RU\rcplugin.exe
FirewallRules: [{BB2E0E9F-CFCC-409B-854C-C5173B7F5868}] => (Allow) H:\Programs\RaidCall.RU\rcplugin.exe
FirewallRules: [{D362DBA2-3CBD-48B9-883A-2FE5CB0BEF6E}] => (Allow) H:\Programs\RaidCall.RU\rcplugin.exe
FirewallRules: [TCP Query User{3B93BFBF-2317-4981-AF39-BF2A96FE144C}H:\programs\raidcall.ru\raidcall.exe] => (Allow) H:\programs\raidcall.ru\raidcall.exe
FirewallRules: [UDP Query User{3F81BC28-A0C3-452F-B80B-4B4CD0255F79}H:\programs\raidcall.ru\raidcall.exe] => (Allow) H:\programs\raidcall.ru\raidcall.exe
FirewallRules: [TCP Query User{3A4E8539-EE95-40A0-93F6-5AD748778AB5}H:\games\cs 1.6\hl.exe] => (Allow) H:\games\cs 1.6\hl.exe
FirewallRules: [UDP Query User{89B5CEA9-29FF-465B-92BE-42D82B7DE1BF}H:\games\cs 1.6\hl.exe] => (Allow) H:\games\cs 1.6\hl.exe
FirewallRules: [{E98F1457-A054-43EE-8BC6-1AEF91388BD0}] => (Allow) H:\Programs\System\avast\ng\vbox\aswFe.exe
FirewallRules: [{8D553C58-0AEC-4132-9957-525DA9628648}] => (Allow) H:\Programs\System\avast\ng\vbox\aswFe.exe
FirewallRules: [{53BA9569-9A9C-46D0-B78A-CB1976B5E6E8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1F519624-0124-4FA1-A7D0-ADF292E69A1B}] => (Allow) H:\Programs\Steam.exe
FirewallRules: [{B1136EE4-CEBA-4222-9EC6-CB6541B8B277}] => (Allow) H:\Programs\Steam.exe
FirewallRules: [{7C5B8B12-9F2E-431B-B83D-425981C5B821}] => (Allow) H:\Programs\bin\steamwebhelper.exe
FirewallRules: [{BC1AB87A-792B-45E0-A8C9-AC1D90F413DC}] => (Allow) H:\Programs\bin\steamwebhelper.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Wireless Bluetooth® 4.0 Firmware Update Driver
Description: Intel® Wireless Bluetooth® 4.0 Firmware Update Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: config
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
 
A system error has occurred.
 
The system cannot find message text for message number 0x1069 in the message file for (null).
 
More help is available by typing NET HELPMSG 4201.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 52%
Total physical RAM: 8117.34 MB
Available physical RAM: 3852.93 MB
Total Virtual: 16232.85 MB
Available Virtual: 11020.85 MB
 
==================== Drives ================================
 
Drive c: (TI31336500A) (Fixed) (Total:66.11 GB) (Free:13.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Data) (Fixed) (Total:143.9 GB) (Free:51.19 GB) NTFS
Drive v: (V) (Fixed) (Total:27 GB) (Free:16.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: EAC0C3B8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=66.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=143.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=27 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 
 
Thanks!
 


BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,280 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:31 PM

Posted 31 May 2016 - 03:24 AM

Hello Apollo767,

My name is Ray and I'll be assisting you with your issue. Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 Apollo767

Apollo767
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 02 June 2016 - 11:26 AM

Great, thanks



#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,280 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:31 PM

Posted 03 June 2016 - 01:24 AM

Hello again Apollo767, and welcome to Bleeping Computer.

I will be helping you with your computer problem. My friends call me Ray. What name may I call you?

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything without being asked.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

uTorrent Warning

Going over your logs, I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however, that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned. Please let me know whether you will refrain from using uTorrent or will delete it.
 
 
Describe "software and icons disapeared"

What do you mean when you say, "software and icons (most of them) disapeared"? Please answer the following questions when operating in Normal mode, in Safe Mode, and again after a Clean Boot. Use the following link if necessary: Perform Clean Boot in Windows 10 / 8 / 7

  1. Are you not able to see icons at the left of folders and files in Windows Explorer?
  2. Are you not able to navigate to executables in Windows Explorer?
  3. When you press the Windows key Windows_Logo_key.gif can you see your icons and programs in the Start menu?
  4. What actions are you taking that result in being unable to see icons and software?
  5. What error messages or unexpected symptoms do you see? Please include complete error messages verbatim.

Note: Copy these questions into your reply and intersperse your answers under each question.

 

 

Multiple AV products
It's possible that Avast, Kaspersky Internet Security, and Windows Defender will conflict with each other. Please allow only one of these products to be enabled at a time. I suggest you keep only Windows Defender enabled, but you must regularly run its update function in order to maintain adequate security.
 
 
Farbar Service Scanner (FSS)

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • Click Yes to continue when you see the restriction against commercial use of the tool.
  • When the progress bar runs to completion, it will create a log (FSS.txt) in the same directory in which the tool is run.
  • Please copy and paste the contents of FSS.txt into your reply.

 

TDSSKiller

 

Please read through all these steps before beginning.

Download the TDSS Rootkit Removing Tool (tdsskiller.exe) and save it to your Desktop. <-Important!!!
Note: If you are unable to download the file for some reason, then the TDSS rootkit may be blocking the download. Please skip this step. Do not try to download tdsskiller.exe from another computer. Instead, just tell me what error messages or other unexpected symptoms you saw when you tried to download tdsskiller.exe.

  • Double-click on tdsskiller.exe to run the tool for known TDSS variants. Vista or Windows 7 users right-click tdsskiller.exe and select Run As Administrator.
  • If you see a User Account Control window, click Yes.
  • Read the End User License Agreement then click Accept.
  • Read the KSN Statement then click Accept.
  • If TDSSKiller does not run, try renaming it as shown in the next step.
  • If renaming is necessary, right-click on tdsskiller.exe, select Rename and give it a random name with the .com file extension (e.g. abc123.com). If you do not see the file extension, please refer to How to change the file extension.
  • If a random name does not work, please try renaming tdsskiller.exe as iexplore.com and attempt to run it again.
  • Click the Start Scan button.
  • Do not use the computer during the scan.
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results window under the Select action for found objects: heading, and you will be offered three possible options.
  • Ensure Cure (default) is selected, then click Continue.
    Note: If Cure is not an option, click Skip instead. DO NOT choose Delete or Quarantine unless instructed.
  • You will see the Scan completed window. Click Reboot now in lower right corner to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (e.g. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C).
  • If threats were detected, copy and paste the contents of that file into your next reply.

 

 

In your next reply...

  • Please confirm that you have backed up all your important files.
  • If you have not uninstalled uTorrent, please assure me that you will not use it until your "software and icons" problem has been resolved.
  • Fully describe the "software and icons" problem by answering my five listed questions and supplying any other related info. Tell me which operating mode (Normal, Safe, or Clean Boot mode) was running when you answer each question.
  • Tell me which AV product is enabled and up-to-date. Confirm that the other AV products are either disabled or deleted.
  • Copy and paste the entire content of FSS.txt into the body of your message.
  • Confirm that you were able to run TDSSKiller to completion.
  • If TDSSKiller detected any threats, copy and paste the entire contents of the TDSSKiller report into the body of your message. I don't need the report if no threats were found.

 

 

Is there anything else about your PC that might be relevant to your problem?

Thank you.

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 Apollo767

Apollo767
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 03 June 2016 - 03:46 AM

Hi mate, thanks for response. 
 
- Backed up 
- uninstalled uTorrent for the time being.
 
Answers are identical for all three modes:
Are you not able to see icons at the left of folders and files in Windows Explorer? - Yes
Are you not able to navigate to executables in Windows Explorer? - Yes
When you press the Windows key Windows_Logo_key.gif can you see your icons and programs in the Start menu? - Yes
What actions are you taking that result in being unable to see icons and software? - no clue
 
- The "icon" problem is not just icons, its complete software files and directories. I've booted up computer and first thing I noticed was that half my icons on the bar were either missing or "blank", upon clicking on the blank one - shortcut not associated. Various software was affected - ie.: Skype, Complete Adobe package (Photoshop, Illustrator etc.) File directory disappeared  etc., some stuff remained unaffected
 
AV: Avast is up to date as I use their premium for both AV and VPN, it's only real-time protection I'm using. Kaspersky is single use tool and I don't use windows defender, it's been disabled 
 
FSS Log:
Farbar Service Scanner Version: 27-01-2016
Ran by John (administrator) on 03-06-2016 at 09:42:21
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
TDSSKiller
- no results 
 
 
Also - I've previously tried to run Malwarebytes, interestingly that was the only piece of software that did not run, not even under any of it's "chameleon" options, it got shut down every time
 


#6 RayS

RayS

  • Malware Study Hall Senior
  • 2,280 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:31 PM

Posted 05 June 2016 - 04:37 PM

Hi Apollo767,

Thank you for the info and the scan results.
 
 
Please read through this entire post before you begin.


Clarify missing icon and software scenario

I'm interested in the scenario that leads to your observation that icons and software are missing. You said, "I've booted up computer and first thing I noticed was that half my icons on the bar were either missing or "blank", upon clicking on the blank one - shortcut not associated." I'd like you to capture the entire screen image (not just an active window) at that point. I want to see what you're seeing when icons and software are missing. Save that image and attach it to your reply.
 
For info on screen capture, see here.
 
Also tell me what "bar" you are using at that point. What key do you press or what object do you click on to open that bar? If it's a mouse click, what is the name of (label on) the object before you click it?

You also said you don't see icons and that you cannot navigate to executables within Windows Explorer. Please press Ctrl+E then take another screen shot. Save that image and attach it to your reply.

If Windows Explorer did not open, tell me exactly what you saw when you pressed Ctrl+E.

Assuming Windows Explorer did open, expand Local Disk (C:) (click on the + sign at the left) then expand Program Files (x86). Expand some of the folders within C:\Program Files (x86) and click on the folder names to drill down to the deepest subfolders. Here are some of the executables you should be able to find in the subfolders:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

For info on how to show extensions for known file types, see: http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

While Windows Explorer is still open, expand some of the folders within C:\Program Files\. Again drill down some of the subfolder hierarchy. Here are some of the executables you should be able to find in the subfolders:

C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\3GUty\tw3gsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

While Windows Explorer is still open, expand some of the folders within H:\Programs\. Again drill down some of the subfolder hierarchy. Here are some of the executables you should be able to find in the subfolders:

H:\Programs\GnuPG\dirmngr.exe
H:\Programs\System\ExpressVPN\bootstrap\AMD64\nssm.exe
H:\Programs\System\ExpressVPN\xvpnd\xvpnd.exe
H:\Programs\System\VMW\vmware-authd.exe
H:\Programs\System\avast\ng\vbox\AvastVBoxSVC.exe

It isn't necessary to launch any of these executables. Just confirm that you are, in fact, able to see them within Windows Explorer and navigate to them.



Let's run FRST in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2008919785-3521510025-3119924549-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> H:\Programs\System\MS Office 2013\Office15\OCHelper.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> H:\Programs\System\MSOFFI~1\Office15\URLREDIR.DLL => No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> H:\Programs\System\MSOFFI~1\Office15\NPSPWRAP.DLL [No File]
S3 SWUMX20; no ImagePath

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution. This could take over 10 minutes.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Boot into Safe Mode with Networking before installing or running this tool.

- Disable all your antivirus and antimalware software - see how to do that here.

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait until you see Scan Complete. If problems were found, copy results to clipboard then paste into Notepad and save the file as WinRepairPreScan.txt for your reply.


- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the Close button to return to Windows Repair.

- Click Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot.
Be sure to reboot into Safe Mode with Networking to let Windows check the disk.
Ymy7crZ.png

- Click Step 4, then click Do It.
zDtdN75.png

- Click Step 5. Under System Restore click Create.
f7lEe1N.png

- When System Restore is complete, click Repairs and click Open Repairs.
Leave all checkmarks in their default cofiguration when the Repairs window opens.
Click Start Repairs. These repairs could take 45 minutes or more.
PGv2vtD.png

Post the contents of _Windows_Repair_Log.txt which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs



Problem running MBAM
 
Let's run RKill which is a tool that terminates malicious processes that may interfere with running anti-malware tools. Do not reboot after running RKill. Instead, uninstall MBAM then reinstall MBAM and try to run it again.


Please download RKill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the RKill desktop icon to run the tool.
    • If using Vista/Windows7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If RKill doesn't run, delete the file, then download and use the one provided in Link 2.
    • If RKill still doesn't run, delete that file and download again from Link 1. Repeat this process using alternate links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know how many times you downloaded RKill.
  • Do not reboot the computer unless told to do so in a subsequent step.

 

Uninstall MBAM

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time.
  • Type appwiz.cpl and press Enter.
  • A list of installed programs will be displayed.
  • Uninstall the following by clicking on the program below (and any other similar names).

Malwarebytes

  • Select Remove or Uninstall

 

Reinstall and run MBAM

Download the free version of Malwarebytes Anti-Malware from:
  https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Reinstall MBAM and allow MBAM to update its definitions. Then press Scan Now.
Before closing MBAM, copy and paste the contents of the log into your reply.


In your next reply...

  • Attach the two screen captures.
  • Describe the "bar" and tell me how you open it.
  • Tell me whether Windows Explorer opened when you pressed Ctrl+E and, if not, what was the reaction when you pressed the keys.
  • Were you able to see any of the executables in C:\Program Files (x86)\ and C:\Program Files\ and H:\Programs\?
  • Were any of the expected executables missing from your program folders? If so, which executables were missing?
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of _Windows_Repair_Log.txt into the body of your message.
  • If you had any problem running RKill, tell me about it.
  • Copy and paste the entire contents of the MBAM log into the body of your message.
  • If Windows Repair Pre Scan found any problems, copy and paste the entire contents of WinRepairPreScan.txt into the body of your message.

Is there anything else about your PC that might be relevant to your problem?

Thank you,

Ray

 

Edit: typo


Edited by RayS, 05 June 2016 - 09:17 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 RayS

RayS

  • Malware Study Hall Senior
  • 2,280 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:31 PM

Posted 09 June 2016 - 03:13 AM

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 17 June 2016 - 09:51 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users