Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect/Hijack but possibly on router?


  • Please log in to reply
18 replies to this topic

#1 Accordia

Accordia

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 31 May 2016 - 10:48 PM

Hi I had a customers laptop last week, she is an old lady and was saying things kept popping up. I took it back to shop to scan and clean but malwarebytes picked nothing up. I went into IE and surfed around some of her favourites, no issues. I assumed she must be clicking into dodgy sites and gently warned her about this.

 

So today she calls up and says its still happening, I decide to visit her house and try to recreate the problem. She had paid for premium malwarbytes but wanted me to activate it (too confusing for her). I asked her to show me some of the things that trigger this. She goes into facebook, starts clicking on some links to news stories in Sydney Morning Herald and such other Australian news sites and handcraft type links and bam, redirects start happening. One is some "microsoft" popup with audio telling her she is infected blah blah blah.

So now I shut all that off, activate malwarebytes, reboot and run it in safe mode, still no detects. So I rebooted to normal mode

 with the activated malwarebytes and revisit some of these sites and links. Malwarebytes then started popping up with "Malicious Website Protection" repeatedly blocking these few sites:

104.197.47.161, www. tradeadexchange .com  (spaces to avoid links)

52.22.103.37, zr1. november-lax .com

52.204.54.103, zl1. november-lax .com

54.84.0.18, za1. november-lax .com

 

So I bring it back to shop, revisit these sites and links again, no problems, run malwarebytes again, no problems.

 

Is it possible her router/modem is infected? Will a simple factory reset fix that?

If not could I please get this thread moved to "Virus, Trojan, Spyware, and Malware.." forum to begin cleaning up the laptop?

 

EDIT: apologies, the laptop is running Windows 7 Home Premium 64bit


Edited by Accordia, 01 June 2016 - 03:49 AM.


BC AdBot (Login to Remove)

 


#2 Accordia

Accordia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 05 June 2016 - 06:17 PM

Bump, I've posted in the 3 day thread a couple days ago too.



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 05 June 2016 - 06:30 PM

Is it possible her router/modem is infected? Will a simple factory reset fix that?

 

 

If that is the case then yes.

 

Lets check the machine anyhow...

 

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#4 Accordia

Accordia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 06 June 2016 - 04:36 AM

Thanks for the help, I'll go through this process then in case it is computer. When I return to customer though I think I'll just reset and set up her router again as well just to be sure. Here are the requested logs.

 

Adware Cleaner:

# AdwCleaner v5.119 - Logfile created 06/06/2016 at 18:24:57
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Robyn - ROBYN-PC
# Running from : C:\Users\Robyn\Downloads\adwcleaner_5.119.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3544 bytes] - [01/06/2016 18:20:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [3459 bytes] - [01/06/2016 18:16:43]
C:\AdwCleaner\AdwCleaner[S2].txt - [901 bytes] - [06/06/2016 18:24:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [973 bytes] ##########

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Robyn (Administrator) on Mon 06/06/2016 at 18:37:51.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 9

Successfully deleted: C:\Users\Robyn\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMQDYD20 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KEHR2Q8A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZHNO5IB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLUS46OW (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMQDYD20 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KEHR2Q8A (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZHNO5IB (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLUS46OW (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/06/2016 at 18:39:20.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Adware Removal Tool:

[-] Deleted ->> File ->> C:\Users\Robyn\Appdata\LocalLow\Microsoft\Internet Explorer\DOMStore\FNH814BU\download.televisionfanatic[1].xml
[-] Deleted ->> File ->> C:\Users\Robyn\Appdata\LocalLow\Microsoft\Internet Explorer\DOMStore\IUO0W7K1\televisionfanatic.dl.tb.ask[1].xml
[-] Deleted ->> File ->> C:\windows\Prefetch\APNMCP.EXE-BAF5F8F8.pf
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\download.televisionfanatic.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\televisionfanatic.com

 

ZHP:

~ ZHPCleaner v2016.6.2.71 by Nicolas Coolman (2016/06/02)
~ Run by Robyn (Administrator)  (06/06/2016 19:04:27)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Robyn\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Robyn\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (23)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.

---\\  Registry ( Key, Value, Data) (7)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net [2253]  =>.Superfluous.CloudfrontNet
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net [3688]  =>.Superfluous.CloudfrontNet
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d22j4fzzszoii2.cloudfront.net [3177]  =>.Superfluous.CloudfrontNet
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3mwhxgzltpnyp.cloudfront.net [487]  =>.Superfluous.CloudfrontNet
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\soundcloud.com [600]  =>PUP.Optional.SoundCloud
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.olark.com [15657]  =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect

---\\  Summary of the elements found (4)
http://www.nicolascoolman.fr/?p=5145  =>.Superfluous.CloudfrontNet
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.SoundCloud
https://www.nicolascoolman.info/2016/05/01/definition-dun-logiciel-pup-lpi/  =>PUP.Optional.Generic
https://www.nicolascoolman.info/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect

---\\  Other deletions. (27)
~ Registry Keys Tracing deleted (27)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 269
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 7

~ End of clean in 00h00mn09s
~====================
ZHPCleaner-[R]-06062016-19_04_36.txt
ZHPCleaner-[S]-06062016-19_03_02.txt

 

Zemana:

Zemana AntiMalware 2.20.2.911 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/6
Operating System       : Windows 7 64-bit
Processor              : 2X Intel® Pentium® CPU B940 @ 2.00GHz
BIOS Mode              : Legacy
CUID                   : 1218353313AD3516752C37
Scan Type              : Scheduled Scan
Duration               : 2m 24s
Scanned Objects        : 9414
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Fake Internet Explorer Shortcut
Status             : Scanned
Object             : %programdata%\microsoft\windows\start menu\programs\recovery media creator help.lnk
MD5                : 4CFE73932E487D68BCAABE5449165A77
Publisher          : -
Size               : 2084
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Internet Explorer Shortcut
                File - %programdata%\microsoft\windows\start menu\programs\recovery media creator help.lnk

Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0

 



#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 06 June 2016 - 08:09 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#6 Accordia

Accordia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 08 June 2016 - 05:40 AM

Sorry for the delay, 2 of those scans took a long time. Ads Fix was blocked a couple times by Zemana so I disabled that when I needed to. It ran for a couple hrs before I had to leave it and go to bed. The next morning it hadn't moved much (I think due to PC going to sleep) and took most of that day to finish. The Pre-scan one also took about an afternoon +. Looks like some of the earlier scanners were removed from desktop by one or other of these. Anyway heres the logs in order- thankyou again for your help

 

Adsfix

---------- | AdsFix | g3n-h@ckm@n | 3_07.06.2016.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 00:13:32 - 08/06/2016

update on : 07/06/2016 | 09.50 by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Robyn\Desktop\adsfix_3_07.06.2016.1.exe
Boot: Normal boot
[Robyn (Administrator)] - [ROBYN-PC] -  (Australia [0409])
SID = S-1-5-21-2390569644-3178636408-995207599-1000 || [526f62796e205e5e]
PC : TOSHIBA - Portable PC - PSC2EA-01H00E
Processor : X64 - 1995 - Intel® Pentium® CPU B940 @ 2.00GHz
Bios : INSYDE - 04/01/2011 - V.1.00
CoreTemp : 39� C - Max : 110� C

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 4141 | Free (MB) : 2152
Pagefile = Total (MB) : 8280 | Free (MB) : 6077
Virtual = Total (MB) : 4194 | Free (MB) : 4007

C:\ -> [Fixed] | [S3A8973D004] | Total : 287.36 Go | Free : 215.6 Go -> NTFS [ATA]

Registry saved, to restore :  Click on Options & Restore the register (C:\AdsFix\Save\Registry [08.06.2016 @ 00_13_27]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-06-06 08:11:57
Last downloaded : 2016-05-25 21:09:36
Last installation : 2016-05-27 00:15:46
Next search : 2016-06-07 05:35:50

Microsoft : +

---------- | Browsers

IE : 11.0.9600.18315     (© Microsoft Corporation. All rights reserved.)

---------- | Security (atcav : 0)

AM : Malwarebytes' Anti-Malware   (2.3.173.0)     [Update : 19/05/2016 22:40:58]
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 21.0.0.242
Plugin : 21.0.0.242

---------- | Killed processes

1648 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1912 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.18.4103) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1968 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.AVG Technologies, Inc. - AVG API Wrapper Service.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\AvgApiWrapper.exe
1696 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.AVG Technologies, Inc. - Avg Remote Service.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\AvgRemote\AvgRemote.exe
2088 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.AVG Technologies, Inc. - AVG CloudCare Client.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\AvgUpgrade.exe
2116 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (15.0.0.6201) = C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
2208 | [Owner : Robyn |Parent : 2004(explorer.exe)] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2353) = C:\Windows\System32\hkcmd.exe
2280 | [Owner : Robyn |Parent : 2004(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.9.7) = C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2156 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Malwarebytes - Malwarebytes Anti-Malware.) - (3.1.7.0) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
3660 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
3876 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.8) = C:\Windows\System32\TODDSrv.exe
3920 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.4) = C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
4024 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
4068 | [Owner : NETWORK SERVICE |Parent : 920(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
4128 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.AVG Technologies, Inc. - AVG CloudCare Client.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\XmppAuth.exe
4180 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
4372 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service.) - (14.0.7147.5000) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
2612 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.TOSHIBA Corporation - TosSmartSrv.exe.) - (1.1.0.8) = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4212 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) - (8.0.0.19) = C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
3736 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) - (7.0.1.8) = C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
4628 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Intel Corporation - Local Manageability Service.) - (7.0.4.1197) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
3740 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.Intel Corporation - User Notification Service.) - (7.0.4.1197) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
4840 | [Owner : SYSTEM |Parent : 920(services.exe)] - (.AVG Technologies, Inc. - AVG Remote IT Agent.) - (2.5.1.0) = C:\Program Files (x86)\AVG\CloudCare\AvgRemote\raserver.exe
4920 | [Owner : Robyn |Parent : 2156()] - (.Malwarebytes - Malwarebytes Anti-Malware.) - (2.3.173.0) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
6088 | [Owner : Robyn |Parent : 2004(explorer.exe)] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18315) = C:\Program Files\Internet Explorer\iexplore.exe
5920 | [Owner : Robyn |Parent : 6088(iexplore.exe)] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18315) = C:\Program Files (x86)\Internet Explorer\iexplore.exe
2136 | [Owner : Robyn |Parent : 6088(iexplore.exe)] - (.Eyeo GmbH - Adblock Plus Engine for Internet Explorer.) - (1.5.0.0) = C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
2700 | [Owner : LOCAL SERVICE |Parent : 920(services.exe)] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6376 | [Owner : Robyn |Parent : 6484()] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) - (15.0.0.6201) = C:\Program Files (x86)\AVG\AVG2015\avgui.exe

---------- | Tasks

Deleted successfully : ConfigFree Startup Programs

Deleted successfully : C:\windows\Tasks\ImCleanDisabled

---------- | Services

---------- | AppCertDlls | AppInit_DLLs

---------- | DNSapi.dll

C:\windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts

---------- | SafeBoot

---------- | Winsock

---------- | DNS

---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\Download.SwInstaller : SwInstaller Class    
Deleted successfully : HKLM\SOFTWARE\Classes\Download.SwInstaller.1 : SwInstaller Class    
Deleted successfully : HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl : SwInstallerCtl Class    
Deleted successfully : HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1 : SwInstallerCtl Class    
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.pckeeper.com
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.com
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\saveoursubs.com.au
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\topshape.me
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\w.soundcloud.com
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.saveoursubs.com.au
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.topshape.me
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D21ED08F-6B88-45EC-A71C-6BD453B561D0}
Deleted successfully : HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} : 1
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

---------- | Folders | Files

Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Jewel Quest - Heritage.lnk     (.-.)    
Deleted successfully : C:\Users\Robyn\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico     (.-.)    
Deleted successfully : C:\Users\Robyn\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{6A1806CD-94D4-4689-BA73-E35EA1EA9990}.ico     (.-.)    
Deleted successfully : C:\Program Files (x86)\IObit
Deleted successfully : C:\Program Files (x86)\Common Files\IObit

---------- | .LNK

---------- | opening unknown extension

---------- | Proxy

---------- | Internet Explorer

Repaired : [HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : Preserve -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\windows\System32\blank.htm
Repaired : [HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Repaired : [HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Repaired : [HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Repaired : [HKU\S-1-5-21-2390569644-3178636408-995207599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1

---------- | Yandex

 

---------- | Google Chrome

 

---------- | Chromium

 

---------- | Comodo Dragon

 

---------- | Firefox

 

---------- | SeaMonkey

 

---------- | Pale moon

 

---------- | Opera

 

---------- | Spark

 

---------- | StartMenuInternet

---------- | Javascript

---------- | Firewall

---------- | ADS

---------- | Temporary files

[All Users] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[Public] Temporary files deleted : 0 Ko
[Robyn] Temporary files deleted : 7253 Ko
[C:\windows\Temp] Temporary files deleted : 13711 Ko
[C:\Temp] Temporary files deleted : 0 Ko

Other(s) report(s)

---------- | Listing

---------- | C:\Program Files (x86)

[21/03/2016 12:53:05] - |D| - [206177.18 Ko] - C:\Program Files (x86)\Adobe
[06/06/2016 18:44:03] - |D| - [1.95 Ko] - C:\Program Files (x86)\Adware Removal Tool by TSA
[20/09/2011 11:18:29] - |D| - [16143.65 Ko] - C:\Program Files (x86)\Amazon
[21/09/2011 11:14:30] - |D| - [176372.61 Ko] - C:\Program Files (x86)\AVG
[14/07/2009 13:20:08] - |D| - [343494.98 Ko] - C:\Program Files (x86)\Common Files
[14/07/2009 14:54:24] - |ASH| - [0.17 Ko] - C:\Program Files (x86)\desktop.ini
[04/07/2014 14:57:58] - |D| - [24823.46 Ko] - C:\Program Files (x86)\Google
[11/03/2011 14:07:32] - |D| - [99345.19 Ko] - C:\Program Files (x86)\InstallShield Installation Information
[20/09/2011 10:36:39] - |D| - [17557.18 Ko] - C:\Program Files (x86)\Intel
[14/07/2009 13:20:08] - |D| - [10057.59 Ko] - C:\Program Files (x86)\Internet Explorer
[11/03/2011 14:07:18] - |D| - [172736.22 Ko] - C:\Program Files (x86)\Java
[19/05/2016 22:40:56] - |D| - [58005.1 Ko] - C:\Program Files (x86)\Malwarebytes Anti-Malware
[20/09/2011 11:16:11] - |D| - [0 Ko] - C:\Program Files (x86)\Microsoft
[22/09/2011 20:47:52] - |D| - [12832.67 Ko] - C:\Program Files (x86)\Microsoft Application Virtualization Client
[20/09/2011 11:17:56] - |D| - [6548.46 Ko] - C:\Program Files (x86)\Microsoft Office
[15/03/2013 19:38:05] - |D| - [41879.39 Ko] - C:\Program Files (x86)\Microsoft Silverlight
[20/09/2011 11:08:11] - |D| - [1786.99 Ko] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[11/03/2011 14:10:23] - |D| - [8011.39 Ko] - C:\Program Files (x86)\Microsoft.NET
[14/07/2009 15:32:38] - |D| - [25.15 Ko] - C:\Program Files (x86)\MSBuild
[20/09/2011 10:58:17] - |D| - [10054.4 Ko] - C:\Program Files (x86)\Realtek
[20/09/2011 10:53:28] - |D| - [6073.5 Ko] - C:\Program Files (x86)\Realtek WLAN Driver
[14/07/2009 15:32:38] - |D| - [36079.24 Ko] - C:\Program Files (x86)\Reference Assemblies
[18/04/2015 06:36:33] - |RD| - [45132.78 Ko] - C:\Program Files (x86)\Skype
[20/09/2011 10:43:10] - |D| - [210377.69 Ko] - C:\Program Files (x86)\TOSHIBA
[20/09/2011 11:04:24] - |D| - [0 Ko] - C:\Program Files (x86)\TOSHIBA Corporation
[20/09/2011 11:09:52] - |D| - [187514.07 Ko] - C:\Program Files (x86)\TOSHIBA Games
[14/07/2009 14:57:06] - |D| - [0 Ko] - C:\Program Files (x86)\Uninstall Information
[27/09/2011 15:25:44] - |D| - [11.79 Ko] - C:\Program Files (x86)\Weatherzone Tracker
[11/07/2012 09:03:38] - |D| - [11814.11 Ko] - C:\Program Files (x86)\WildTangent Games
[14/07/2009 15:32:38] - |D| - [500 Ko] - C:\Program Files (x86)\Windows Defender
[20/09/2011 11:07:49] - |D| - [176451.5 Ko] - C:\Program Files (x86)\Windows Live
[14/07/2009 13:20:08] - |D| - [5972.5 Ko] - C:\Program Files (x86)\Windows Mail
[14/07/2009 15:32:38] - |D| - [4891.27 Ko] - C:\Program Files (x86)\Windows Media Player
[14/07/2009 13:20:08] - |D| - [11779.68 Ko] - C:\Program Files (x86)\Windows NT
[14/07/2009 15:32:38] - |D| - [4291.26 Ko] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 15:32:38] - |D| - [185.5 Ko] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 15:32:38] - |D| - [6379.72 Ko] - C:\Program Files (x86)\Windows Sidebar
[06/06/2016 19:08:34] - |D| - [15567.72 Ko] - C:\Program Files (x86)\Zemana AntiMalware

---------- | C:\Program Files

[25/02/2015 11:10:39] - |D| - [7161.56 Ko] - C:\Program Files\Adblock Plus for IE
[21/03/2016 12:53:25] - |D| - [393.77 Ko] - C:\Program Files\AVG
[14/07/2009 13:20:08] - |D| - [88610.1 Ko] - C:\Program Files\Common Files
[20/09/2011 10:47:53] - |D| - [54245.73 Ko] - C:\Program Files\CONEXANT
[14/07/2009 14:54:24] - |ASH| - [0.17 Ko] - C:\Program Files\desktop.ini
[14/07/2009 15:32:38] - |D| - [88131.02 Ko] - C:\Program Files\DVD Maker
[04/07/2014 14:59:03] - |D| - [875.09 Ko] - C:\Program Files\Google
[14/07/2009 13:20:08] - |D| - [29547.74 Ko] - C:\Program Files\Internet Explorer
[14/07/2009 15:32:38] - |D| - [145386.55 Ko] - C:\Program Files\Microsoft Games
[22/09/2011 20:47:52] - |D| - [1547.67 Ko] - C:\Program Files\Microsoft Office
[15/03/2013 19:38:06] - |D| - [54408.89 Ko] - C:\Program Files\Microsoft Silverlight
[14/07/2009 15:32:38] - |D| - [25.15 Ko] - C:\Program Files\MSBuild
[11/03/2011 14:07:10] - |D| - [2127.38 Ko] - C:\Program Files\PlayReady
[14/07/2009 15:32:38] - |D| - [33789.67 Ko] - C:\Program Files\Reference Assemblies
[20/09/2011 11:19:27] - |D| - [2537.43 Ko] - C:\Program Files\Symantec
[20/09/2011 10:57:09] - |D| - [30589.72 Ko] - C:\Program Files\Synaptics
[11/03/2011 14:07:32] - |D| - [1297164.53 Ko] - C:\Program Files\TOSHIBA
[14/07/2009 15:09:26] - |D| - [0 Ko] - C:\Program Files\Uninstall Information
[14/07/2009 15:32:38] - |D| - [3922.5 Ko] - C:\Program Files\Windows Defender
[21/11/2010 17:17:02] - |D| - [9012.12 Ko] - C:\Program Files\Windows Journal
[20/09/2011 11:07:43] - |D| - [7798.18 Ko] - C:\Program Files\Windows Live
[14/07/2009 13:20:08] - |D| - [6447.5 Ko] - C:\Program Files\Windows Mail
[14/07/2009 15:32:38] - |D| - [7485.42 Ko] - C:\Program Files\Windows Media Player
[14/07/2009 13:20:08] - |D| - [12199.68 Ko] - C:\Program Files\Windows NT
[14/07/2009 15:32:38] - |D| - [5363.77 Ko] - C:\Program Files\Windows Photo Viewer
[14/07/2009 15:32:38] - |D| - [239 Ko] - C:\Program Files\Windows Portable Devices
[14/07/2009 15:32:38] - |D| - [7205.83 Ko] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files (x86)\Common Files

[30/09/2011 19:33:40] - |D| - [10166.6 Ko] - C:\Program Files (x86)\Common Files\Adobe
[20/05/2014 07:24:39] - |D| - [97.65 Ko] - C:\Program Files (x86)\Common Files\DESIGNER
[11/03/2011 14:09:05] - |D| - [6326.97 Ko] - C:\Program Files (x86)\Common Files\InstallShield
[20/09/2011 10:39:24] - |D| - [13911.14 Ko] - C:\Program Files (x86)\Common Files\Intel
[29/04/2016 21:32:32] - |D| - [1920.57 Ko] - C:\Program Files (x86)\Common Files\Java
[14/07/2009 13:20:08] - |D| - [36792.04 Ko] - C:\Program Files (x86)\Common Files\microsoft shared
[20/09/2011 10:38:27] - |D| - [158.43 Ko] - C:\Program Files (x86)\Common Files\postureAgent
[14/07/2009 13:20:08] - |D| - [2.64 Ko] - C:\Program Files (x86)\Common Files\Services
[18/04/2015 06:36:33] - |D| - [2343.63 Ko] - C:\Program Files (x86)\Common Files\Skype
[14/07/2009 13:20:08] - |D| - [40140.41 Ko] - C:\Program Files (x86)\Common Files\SpeechEngines
[14/07/2009 13:20:08] - |D| - [9956.99 Ko] - C:\Program Files (x86)\Common Files\System
[20/09/2011 11:04:24] - |D| - [2489.12 Ko] - C:\Program Files (x86)\Common Files\Toshiba Shared
[20/09/2011 11:07:07] - |D| - [216820.8 Ko] - C:\Program Files (x86)\Common Files\Windows Live
[21/03/2016 12:53:25] - |D| - [2368 Ko] - C:\Program Files (x86)\Common Files\Windows Microsoft Shared

---------- | C:\Program Files\Common Files

[14/06/2015 18:12:04] - |D| - [0 Ko] - C:\Program Files\Common Files\AV
[20/09/2011 10:39:25] - |D| - [15348.84 Ko] - C:\Program Files\Common Files\Intel
[14/07/2009 13:20:08] - |D| - [60803.13 Ko] - C:\Program Files\Common Files\Microsoft Shared
[14/07/2009 13:20:08] - |D| - [2.64 Ko] - C:\Program Files\Common Files\Services
[14/07/2009 13:20:08] - |D| - [594.5 Ko] - C:\Program Files\Common Files\SpeechEngines
[14/07/2009 13:20:08] - |D| - [11860.99 Ko] - C:\Program Files\Common Files\System

---------- | C:\Users\Robyn

[31/08/2015 05:51:57] - |D| - [0.22 Ko] - C:\Users\Robyn\.oracle_jre_usage
[20/09/2011 09:49:15] - |D| - [6507899.49 Ko] - C:\Users\Robyn\AppData
[20/09/2011 09:49:16] - |SHD| - [24740.79 Ko] - C:\Users\Robyn\Application Data
[20/09/2011 09:56:05] - |RD| - [67.17 Ko] - C:\Users\Robyn\Contacts
[20/09/2011 09:49:16] - |SHD| - [1592.88 Ko] - C:\Users\Robyn\Cookies
[20/09/2011 09:49:15] - |RD| - [19472.77 Ko] - C:\Users\Robyn\Desktop
[20/09/2011 09:49:15] - |RD| - [601466.75 Ko] - C:\Users\Robyn\Documents
[20/09/2011 09:49:15] - |RD| - [182891 Ko] - C:\Users\Robyn\Downloads
[20/09/2011 09:49:15] - |RD| - [47.86 Ko] - C:\Users\Robyn\Favorites
[20/09/2011 09:49:15] - |RD| - [2.2 Ko] - C:\Users\Robyn\Links
[20/09/2011 09:49:16] - |SHD| - [6285460.78 Ko] - C:\Users\Robyn\Local Settings
[20/09/2011 09:49:15] - |RD| - [1.12 Ko] - C:\Users\Robyn\Music
[20/09/2011 09:49:16] - |SHD| - [601466.75 Ko] - C:\Users\Robyn\My Documents
[20/09/2011 09:49:16] - |SHD| - [0 Ko] - C:\Users\Robyn\NetHood
[20/09/2011 09:49:15] - |ASH| - [1792 Ko] - C:\Users\Robyn\NTUSER.DAT
[20/09/2011 09:49:15] - |ASH| - [256 Ko] - C:\Users\Robyn\ntuser.dat.LOG1
[20/09/2011 09:49:15] - |ASH| - [0 Ko] - C:\Users\Robyn\ntuser.dat.LOG2
[20/09/2011 09:49:15] - |ASH| - [64 Ko] - C:\Users\Robyn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[20/09/2011 09:49:16] - |ASH| - [512 Ko] - C:\Users\Robyn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[20/09/2011 09:49:16] - |ASH| - [512 Ko] - C:\Users\Robyn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[20/09/2011 09:49:16] - |ASH| - [0.02 Ko] - C:\Users\Robyn\ntuser.ini
[20/09/2011 09:49:15] - |RD| - [522048.28 Ko] - C:\Users\Robyn\Pictures
[20/09/2011 09:49:16] - |SHD| - [0 Ko] - C:\Users\Robyn\PrintHood
[20/09/2011 09:49:16] - |SHD| - [268.19 Ko] - C:\Users\Robyn\Recent
[20/09/2011 09:49:15] - |RD| - [0.36 Ko] - C:\Users\Robyn\Saved Games
[20/09/2011 09:56:17] - |RD| - [1.9 Ko] - C:\Users\Robyn\Searches
[20/09/2011 09:49:16] - |SHD| - [11.08 Ko] - C:\Users\Robyn\SendTo
[20/09/2011 09:49:16] - |SHD| - [19.79 Ko] - C:\Users\Robyn\Start Menu
[20/09/2011 09:49:16] - |SHD| - [0 Ko] - C:\Users\Robyn\Templates
[20/09/2011 09:49:15] - |RD| - [0.49 Ko] - C:\Users\Robyn\Videos
[09/05/2013 09:15:26] - |A| - [41.43 Ko] - C:\Users\Robyn\Youcompare Energy.htm

---------- | C:\Users\Robyn\AppData\Roaming

[21/09/2011 14:27:17] - |D| - [5568.54 Ko] - C:\Users\Robyn\AppData\Roaming\Adobe
[28/09/2011 16:13:52] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\Amazon
[25/04/2013 15:19:57] - |D| - [12.95 Ko] - C:\Users\Robyn\AppData\Roaming\AVG
[24/10/2014 06:03:42] - |D| - [5.41 Ko] - C:\Users\Robyn\AppData\Roaming\AVG2015
[04/07/2014 15:02:16] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\Google
[20/09/2011 09:56:08] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\Identities
[20/05/2016 09:20:18] - |D| - [1540.64 Ko] - C:\Users\Robyn\AppData\Roaming\IObit
[21/09/2011 14:27:18] - |D| - [21.39 Ko] - C:\Users\Robyn\AppData\Roaming\Macromedia
[20/09/2011 09:49:15] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\Media Center Programs
[20/09/2011 09:49:15] - |SD| - [6741.26 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft
[20/09/2011 16:07:41] - |D| - [0.01 Ko] - C:\Users\Robyn\AppData\Roaming\Mozilla
[17/09/2014 08:35:34] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\Oracle
[10/11/2011 17:35:48] - |D| - [822.98 Ko] - C:\Users\Robyn\AppData\Roaming\Skype
[22/09/2011 20:48:36] - |D| - [1457.31 Ko] - C:\Users\Robyn\AppData\Roaming\SoftGrid Client
[31/08/2015 05:51:57] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\Sun
[20/09/2011 15:39:54] - |D| - [6.15 Ko] - C:\Users\Robyn\AppData\Roaming\Tific
[20/09/2011 09:58:31] - |D| - [2967.57 Ko] - C:\Users\Robyn\AppData\Roaming\Toshiba
[22/09/2011 20:47:30] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\TP
[17/10/2012 06:38:08] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\TuneUp Software
[01/07/2012 19:51:46] - |D| - [3291.79 Ko] - C:\Users\Robyn\AppData\Roaming\WildTangent
[21/09/2011 14:24:43] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Roaming\Windows Live Writer
[06/06/2016 18:57:34] - |D| - [2304.78 Ko] - C:\Users\Robyn\AppData\Roaming\ZHP

---------- | C:\Users\Robyn\AppData\Local

[08/05/2015 19:48:31] - |D| - [23669.23 Ko] - C:\Users\Robyn\AppData\Local\Adobe
[28/09/2011 16:13:51] - |D| - [99.67 Ko] - C:\Users\Robyn\AppData\Local\Amazon
[20/09/2011 09:49:16] - |SHD| - [5780136.96 Ko] - C:\Users\Robyn\AppData\Local\Application Data
[28/03/2015 08:11:08] - |D| - [996.28 Ko] - C:\Users\Robyn\AppData\Local\Avg
[24/10/2014 05:47:29] - |D| - [4942.52 Ko] - C:\Users\Robyn\AppData\Local\Avg2015
[06/01/2016 09:29:11] - |D| - [1555.91 Ko] - C:\Users\Robyn\AppData\Local\AvgSetupLog
[31/03/2016 13:56:12] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Local\CEF
[31/07/2012 11:02:39] - |D| - [58233.74 Ko] - C:\Users\Robyn\AppData\Local\CrashDumps
[02/10/2011 13:49:51] - |D| - [34396.73 Ko] - C:\Users\Robyn\AppData\Local\Diagnostics
[03/07/2014 18:54:54] - |D| - [163.93 Ko] - C:\Users\Robyn\AppData\Local\ElevatedDiagnostics
[14/11/2014 06:23:05] - |SHD| - [0 Ko] - C:\Users\Robyn\AppData\Local\EmieBrowserModeList
[14/04/2014 06:32:09] - |SHD| - [0 Ko] - C:\Users\Robyn\AppData\Local\EmieSiteList
[14/04/2014 06:32:09] - |SHD| - [0 Ko] - C:\Users\Robyn\AppData\Local\EmieUserList
[20/09/2011 09:49:30] - |A| - [56.66 Ko] - C:\Users\Robyn\AppData\Local\GDIPFONTCACHEV1.DAT
[04/07/2014 14:57:58] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Local\Google
[12/06/2015 07:48:48] - |D| - [0.07 Ko] - C:\Users\Robyn\AppData\Local\GWX
[20/09/2011 09:49:16] - |SHD| - [0.35 Ko] - C:\Users\Robyn\AppData\Local\History
[01/06/2016 18:21:08] - |AH| - [2784.42 Ko] - C:\Users\Robyn\AppData\Local\IconCache.db
[22/03/2015 07:01:16] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Local\LogMeIn Rescue Applet
[17/10/2012 05:02:26] - |D| - [13094.49 Ko] - C:\Users\Robyn\AppData\Local\MFAData
[20/09/2011 09:49:15] - |D| - [333925.17 Ko] - C:\Users\Robyn\AppData\Local\Microsoft
[26/10/2011 13:22:13] - |D| - [83.85 Ko] - C:\Users\Robyn\AppData\Local\Microsoft Games
[22/09/2011 20:53:09] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Local\Microsoft Help
[25/02/2015 11:08:28] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Local\Programs
[22/09/2011 20:48:37] - |D| - [764 Ko] - C:\Users\Robyn\AppData\Local\SoftGrid Client
[20/09/2011 09:49:15] - |D| - [0 Ko] - C:\Users\Robyn\AppData\Local\Temp
[20/09/2011 09:49:16] - |SHD| - [15810.73 Ko] - C:\Users\Robyn\AppData\Local\Temporary Internet Files
[20/09/2011 15:41:25] - |D| - [0.13 Ko] - C:\Users\Robyn\AppData\Local\Tific
[20/09/2011 09:54:53] - |D| - [0.47 Ko] - C:\Users\Robyn\AppData\Local\Toshiba
[20/09/2011 09:56:04] - |D| - [55.37 Ko] - C:\Users\Robyn\AppData\Local\VirtualStore
[19/10/2011 14:00:40] - |D| - [36 Ko] - C:\Users\Robyn\AppData\Local\Windows Live
[21/09/2011 14:24:43] - |D| - [634.73 Ko] - C:\Users\Robyn\AppData\Local\Windows Live Writer
[06/06/2016 19:08:23] - |D| - [40556.9 Ko] - C:\Users\Robyn\AppData\Local\Zemana

---------- | C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu

[20/09/2011 09:56:17] - |ASH| - [0.17 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[20/09/2011 09:49:15] - |RD| - [17.04 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[05/10/2013 06:54:40] - |A| - [0.59 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Violet Sky Fashion items - Get great deals on items on eBay Stores!.website
[29/01/2012 11:30:58] - |A| - [0.52 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherMap-NSW-Snowy-Mountains-NARRABRI-WEST-threehour.website
[01/10/2013 09:11:57] - |A| - [0.4 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Westnet MyEmail.website
[19/12/2011 11:18:03] - |A| - [0.58 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Westnet Webmail Lite Forgotten Password.website
[13/02/2015 15:03:27] - |A| - [0.49 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Westnet Webmail.website

---------- | C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

[20/09/2011 09:49:15] - |RD| - [14.28 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[20/09/2011 09:56:17] - |RD| - [0.17 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[20/09/2011 09:56:17] - |ASH| - [0.46 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[20/09/2011 09:56:18] - |A| - [1.39 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[20/09/2011 09:49:15] - |RD| - [0.57 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[20/09/2011 09:56:17] - |RD| - [0.17 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

---------- | C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[20/09/2011 09:56:17] - |ASH| - [0.17 Ko] - C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\ProgramData

[11/03/2011 14:13:56] - |D| - [506947.28 Ko] - C:\ProgramData\Adobe
[14/07/2009 15:08:56] - |SHD| - [58860174.58 Ko] - C:\ProgramData\Application Data
[25/04/2013 15:17:07] - |D| - [902.5 Ko] - C:\ProgramData\AVG
[21/09/2011 11:15:30] - |D| - [0 Ko] - C:\ProgramData\AVG10
[20/10/2011 13:56:10] - |D| - [17562.33 Ko] - C:\ProgramData\AVG2012
[25/10/2013 07:54:37] - |D| - [32 Ko] - C:\ProgramData\AVG2014
[24/10/2014 05:59:28] - |D| - [378227.37 Ko] - C:\ProgramData\AVG2015
[21/03/2016 12:53:56] - |D| - [1.42 Ko] - C:\ProgramData\AVGRemoteIT
[21/03/2016 12:49:22] - |D| - [198600.11 Ko] - C:\ProgramData\CloudCare
[21/09/2011 11:16:11] - |D| - [0.09 Ko] - C:\ProgramData\Common Files
[14/07/2009 15:08:56] - |SD| - [19.96 Ko] - C:\ProgramData\Desktop
[14/07/2009 15:08:56] - |SHD| - [48376.65 Ko] - C:\ProgramData\Documents
[14/07/2009 15:08:56] - |SHD| - [0 Ko] - C:\ProgramData\Favorites
[04/07/2014 14:58:23] - |D| - [531.39 Ko] - C:\ProgramData\Google
[03/10/2011 11:55:25] - |D| - [36.18 Ko] - C:\ProgramData\Hewlett-Packard
[20/05/2016 09:19:53] - |D| - [101.88 Ko] - C:\ProgramData\IObit
[19/05/2016 22:40:56] - |D| - [10084.65 Ko] - C:\ProgramData\Malwarebytes
[21/09/2011 11:13:41] - |D| - [112.25 Ko] - C:\ProgramData\MFAData
[14/07/2009 13:20:08] - |SD| - [2170282.71 Ko] - C:\ProgramData\Microsoft
[22/09/2011 20:53:09] - |D| - [48.97 Ko] - C:\ProgramData\Microsoft Help
[20/09/2011 11:19:01] - |D| - [11.49 Ko] - C:\ProgramData\Norton
[20/09/2011 11:18:41] - |D| - [31648.76 Ko] - C:\ProgramData\NortonInstaller
[17/09/2014 08:34:56] - |D| - [0 Ko] - C:\ProgramData\Oracle
[20/09/2011 11:18:05] - |D| - [104444.65 Ko] - C:\ProgramData\Skype
[14/07/2009 15:08:56] - |SHD| - [253.28 Ko] - C:\ProgramData\Start Menu
[11/03/2011 14:07:25] - |D| - [0.15 Ko] - C:\ProgramData\Sun
[14/07/2009 15:08:56] - |SHD| - [0 Ko] - C:\ProgramData\Templates
[20/09/2011 10:58:52] - |D| - [5142.09 Ko] - C:\ProgramData\TOSHIBA
[24/09/2011 07:19:31] - |D| - [0 Ko] - C:\ProgramData\VirtualizedApplications
[20/09/2011 11:09:52] - |D| - [1514685.44 Ko] - C:\ProgramData\WildTangent
[20/05/2016 09:20:50] - |D| - [0 Ko] - C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}

---------- | C:\windows\Tasks

[31/07/2012 09:30:08] - |A| - [0.81 Ko] - C:\windows\Tasks\Adobe Flash Player Updater.job
[29/10/2014 06:15:30] - |A| - [0.87 Ko] - C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[29/10/2014 06:15:31] - |A| - [0.88 Ko] - C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[14/07/2009 15:08:49] - |AH| - [0.01 Ko] - C:\windows\Tasks\SA.DAT
[14/07/2009 15:08:49] - |A| - [31.87 Ko] - C:\windows\Tasks\SCHEDLGU.TXT

---------- | C:\windows\System32\Tasks

[14/07/2009 13:20:14] - |D| - [0 Ko] - C:\windows\System32\Tasks\Microsoft

[X] : [3590 Ko]

Analyzed : 348892 | Modified : 6 | Deleted : 23

---------- |EOF| ---------- | 14:20:38 | [32 Ko]

 

RstHosts

-|x| RstHosts v2.0 - Rapport créé le 08/06/2016 à 15:40:45
-|x| Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
-|x| Nom d'utilisateur : Robyn - ROBYN-PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 14/07/2009 - 12:34:48
Date de modification : 08/06/2016 - 15:37:12
Date de dernier accès : 08/06/2016 - 15:37:12

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1       localhost
::1             localhost

-|x|- E.O.F - C:\RstHosts.txt - 624 bytes -|x|-

 

Pre_Scan

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_31.05.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 15:45:44

Updated 31/05/2016 | 11.30 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[Robyn (Administrator)] - [ROBYN-PC]
SID = S-1-5-21-2390569644-3178636408-995207599-1000

Boot: Normal boot
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
ProcessorNameString : Intel® Pentium® CPU B940 @ 2.00GHz
Identifier : Intel64 Family 6 Model 42 Stepping 7
CoreTemp : 44 Celsius - Max : 110 Celsius

Memory RAM = Total (MB) : 4141 | Free (MB) : 2782
Pagefile = Total (MB) : 8280 | Free (MB) : 6859
Virtual = Total (MB) : 4194 | Free (MB) : 4040

¤¤¤¤¤¤¤¤¤¤ # Components of starting up

C:\windows\Setup\Scripts\B2C.txt
C:\windows\Setup\Scripts\tsetup.log

¤¤¤¤¤¤¤¤¤¤¤ # Drives

C:\-> [Fixed] | [S3A8973D004] | Total : 287.36 Go | Free : 215.02 Go -> NTFS [ATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

Last detection : 2016-06-08 04:36:18
Downloaded last ones : 2016-05-25 21:09:36
Installed last ones : 2016-05-27 00:15:46
Next search : 2016-06-09 02:03:18

Microsoft : +

¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\Robyn

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [08.06.2016 @ 15_44_02])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.9600.18315     (© Microsoft Corporation.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 21.0.0.242
Plugin : 21.0.0.242

���������� # Security

AV : AVG CloudCare AntiVirus 2015 Enabled
AS : AVG CloudCare AntiVirus 2015 Enabled
AM : Malwarebytes Anti-Malware   (2.3.173.0)     []
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1612 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1800 | [Owner : SYSTEM |Parent : 924] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.18.4103) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1880 | [Owner : SYSTEM |Parent : 924] - (.AVG Technologies, Inc. - AVG API Wrapper Service.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\AvgApiWrapper.exe
2012 | [Owner : Robyn |Parent : 924] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
1844 | [Owner : SYSTEM |Parent : 924] - (.AVG Technologies, Inc. - Avg Remote Service.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\AvgRemote\AvgRemote.exe
2060 | [Owner : SYSTEM |Parent : 924] - (.AVG Technologies, Inc. - AVG CloudCare Client.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\AvgUpgrade.exe
2108 | [Owner : SYSTEM |Parent : 924] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (15.0.0.6201) = C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
2636 | [Owner : SYSTEM |Parent : 924] - (.AVG Technologies, Inc. - AVG Remote IT Agent.) - (2.5.1.0) = C:\Program Files (x86)\AVG\CloudCare\AvgRemote\raserver.exe
2908 | [Owner : SYSTEM |Parent : 924] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
3108 | [Owner : SYSTEM |Parent : 924] - (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.8) = C:\Windows\System32\TODDSrv.exe
3168 | [Owner : SYSTEM |Parent : 924] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.4) = C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
3336 | [Owner : SYSTEM |Parent : 924] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3484 | [Owner : Robyn |Parent : 1552] - (.Intel Corporation - igfxTray Module.) - (8.15.10.2353) = C:\Windows\System32\igfxtray.exe
3492 | [Owner : SYSTEM |Parent : 924] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3500 | [Owner : Robyn |Parent : 1552] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2353) = C:\Windows\System32\hkcmd.exe
3512 | [Owner : Robyn |Parent : 1552] - (.Intel Corporation - persistence Module.) - (8.15.10.2353) = C:\Windows\System32\igfxpers.exe
3564 | [Owner : SYSTEM |Parent : 3336] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4225.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3576 | [Owner : Robyn |Parent : 376] - (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2353) = C:\Windows\System32\igfxsrvc.exe
3636 | [Owner : Robyn |Parent : 1552] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.7) = C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3692 | [Owner : Robyn |Parent : 1552] - (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.9.7) = C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3732 | [Owner : SYSTEM |Parent : 924] - (.AVG Technologies, Inc. - AVG CloudCare Client.) - (1.0.0.1) = C:\Program Files (x86)\AVG\CloudCare\XmppAuth.exe
3776 | [Owner : Robyn |Parent : 1552] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) - (15.0.8.1) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1216 | [Owner : Robyn |Parent : 376] - (.Intel Corporation - igfxext Module.) - (8.15.10.2353) = C:\Windows\System32\igfxext.exe
4980 | [Owner : Robyn |Parent : 4584] - (.AVG Technologies, Inc. - AVG Remote IT Agent.) - (2.5.1.0) = C:\Program Files (x86)\AVG\CloudCare\AvgRemote\raserver.exe
5108 | [Owner : Robyn |Parent : 4584] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.91.14) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3224 | [Owner : Robyn |Parent : 5044] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) - (15.0.0.6201) = C:\Program Files (x86)\AVG\AVG2015\avgui.exe
5000 | [Owner : SYSTEM |Parent : 924] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
5116 | [Owner : SYSTEM |Parent : 924] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service .) - (14.0.7147.5000) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
5300 | [Owner : Robyn |Parent : 3224] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\SysWOW64\ctfmon.exe
5200 | [Owner : NETWORK SERVICE |Parent : 924] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
5768 | [Owner : Robyn |Parent : 3776] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (15.0.8.1) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5492 | [Owner : SYSTEM |Parent : 924] - (.TOSHIBA Corporation - TosSmartSrv.exe.) - (1.1.0.8) = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
5336 | [Owner : Robyn |Parent : 3808] - (.TOSHIBA Corporation - TosSENotify.exe.mui.) - (1.0.64.16) = C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
1096 | [Owner : SYSTEM |Parent : 924] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) - (8.0.0.19) = C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
108 | [Owner : SYSTEM |Parent : 924] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) - (7.0.1.8) = C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
4544 | [Owner : SYSTEM |Parent : 924] - (.Intel Corporation - Local Manageability Service.) - (7.0.4.1197) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
5332 | [Owner : SYSTEM |Parent : 924] - (.Intel Corporation - User Notification Service.) - (7.0.4.1197) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
5644 | [Owner : SYSTEM |Parent : 924] - (.Microsoft Corporation - Windows Modules Installer.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe
3468 | [Owner : Robyn |Parent : 4516] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.19135) = C:\Windows\explorer.exe
5712 | [Owner : Robyn |Parent : 3468] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18315) = C:\Program Files\Internet Explorer\iexplore.exe
976 | [Owner : Robyn |Parent : 5712] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18315) = C:\Program Files (x86)\Internet Explorer\iexplore.exe
1000 | [Owner : Robyn |Parent : 5712] - (.Eyeo GmbH - Adblock Plus Engine for Internet Explorer.) - (1.5.0.0) = C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user

¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\windows\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

Safeboot Minimal Subkeys : O.K !

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ # IFEO

¤¤¤¤¤¤¤¤¤¤ # Mountpoints2

 

¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center

 

¤¤¤¤¤¤¤¤¤¤ # Services

Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer

¤¤¤¤¤¤¤¤¤¤ # reparsepoint

 

¤¤¤¤¤¤¤¤¤¤ # Offsets

Possible Infected : C:\restore\Program Files\Oberon Media\Magic Match\MagicMatch.exe : 00000000400000C02E7465787400000000000300008011000000030000200000000000000000000000000000200000E02E616461746100000000010000801400

¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry

 

Moved to quarantine successfully : C:\bootsqm.dat

¤¤¤¤¤¤¤¤¤¤ # ADS

Prefetch -> cleaned

 

���������� | Hidden files

~ [Drive C:] : Hidden : 2 | Restored : 2
~ [Program Files] : Hidden : 14 | Restored : 14
~ [Users] : Hidden : 1 | Restored : 1
~ [Windows] : Hidden : 61 | Restored : 61
~ [AppData] : Hidden : 38 | Restored : 38

¤¤¤¤¤¤¤¤¤¤ # Drives

 Disk: 0   Size=305G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    27-UNKNWN  1.5G   Yes   No         2,048    3,072,000
  1    1    07-NTFS    294G   No    No     3,074,048  602,632,192
  2    2    17-NTFS    9.5G   No    Yes  605,706,240   19,435,520

¤¤¤¤¤¤¤¤¤¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] :  -> 1

End : 16:09:31

¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 218

 

9-Lab

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 128.39590

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.18314
Robyn :: ROBYN-PC

8/06/2016 6:03:33 PM
9lab-log-2016-06-08 (18-03-33).txt

Scan type: Full
Objects scanned: 65724
Time Elapsed: 1 h 48 m

Registry Values detected: 1
Risk.Path [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]

Files detected: 20
[4A31AA1B76C91F067D2E5D0D3B527C12] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\Quarantine\hosts]
[4A6BAB16F0764ACC1384255E7C256F63] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\Tempo.txt]
[C25A37F4599164CB8E892BD6FDDAFB57] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\Trace.txt]
[EA3DD26FB3C1737AFFD1E930F7188612] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\ZHPCleaner-[R]-06062016-19_04_36.txt]
[56749914E9AC13E800644468FCDB5C31] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\ZHPCleaner-[S]-06062016-19_03_02.txt]
[636AB8602B7B2836538DCEF0E39C23E9] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[B2D7D213666230277E8BBCCE35A7F4BD] Trojan.FPL.Rotbrow.vb [c:\users\robyn\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
[8FBB73617E58068EB213D6DD8814C15B] Malware.Win32.Gen.cs0 [C:\Pre_Scan\Pre_Scan.exe]
[C34980A6F0A2926F87F8386FFF5E8C45] Malware.Win32.Gen.cs0 [C:\Pre_Scan\Pre_Scan_Restore.exe]
[92A67777A503AF27359C1AC7B8754BF2] Malware.Win32.Pack.559!se [C:\restore\Program Files\Oberon Media\Bricks of Egypt\Bricks of Egypt.exe]
[1049D48BD75DBA0BB9456B06CDB6FAD4] Malware.Win32.Gen.sm!s4 [C:\restore\System Volume Information\_restore{D34137C1-F216-4803-BF12-FAFE117CE9FA}\RP915\A0122966.exe]
[7E5704D68D703B238C35D0F4DF147BD3] Malware.Win32.Gen.cc!s1 [C:\Users\Robyn\AppData\Roaming\ZHP\ZHPCleaner.exe]
[8FBB73617E58068EB213D6DD8814C15B] Malware.Win32.Gen.cs0 [C:\Users\Robyn\Desktop\Pre_Scan.exe]
[2B1E7F73FE2E7AFB19DA4E166AE8561F] Malware.Win32.Gen.cs0 [C:\Users\Robyn\Desktop\Pre_Scan_Restore.lnk]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\Robyn\Desktop\rsthosts_2.0.exe]
[7E5704D68D703B238C35D0F4DF147BD3] Malware.Win32.Gen.cc!s1 [C:\Users\Robyn\Desktop\ZHPCleaner.exe]
[D4E96D56798E2F8E391D42934A11933E] Malware.Win32.Gen.cc!s1 [C:\Users\Robyn\Desktop\ZHPCleaner.lnk]
[09877C4AAABFE75B519D8A98D583EF7E] Malware.Win32.Gen.cs0 [C:\Users\Robyn\Desktop\adsfix_3_07.06.2016.1.exe]

 

 

 

 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 08 June 2016 - 04:21 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox  and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.


Edited by InadequateInfirmity, 08 June 2016 - 04:25 PM.


#8 Accordia

Accordia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 09 June 2016 - 06:35 PM

Hi, Mbam reported 0 (log included though), Eset reported 0, following mbam are the last 2 logs

 

Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/06/2016
Scan Time: 11:48 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.08.07
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Robyn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297167
Time Elapsed: 21 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Minitoolbox

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Robyn (administrator) on 10-06-2016 at 09:28:37
Running from "C:\Users\Robyn\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite C665 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Robyn-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : E0-CA-94-0F-B3-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-CB-BC-7E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : E0-CA-94-0F-B3-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d864:7bfb:55c3:88e0%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.250(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, 8 June 2016 5:53:09 PM
   Lease Expires . . . . . . . . . . : Saturday, 11 June 2016 6:41:46 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 249612948
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-09-9C-73-E0-CA-94-0F-B3-65
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7002D997-38AB-422C-B9BB-82DBB7268839}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {81A4D24D-C49C-4140-B3E3-EDD2D3FC0D82}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8384F105-6105-4827-810E-A7578DC018FE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  my.router
Address:  192.168.1.1

Name:    google.com
Addresses:  2404:6800:4006:806::200e
   216.58.199.78

Pinging google.com [216.58.199.78] with 32 bytes of data:
Reply from 216.58.199.78: bytes=32 time=30ms TTL=52
Reply from 216.58.199.78: bytes=32 time=30ms TTL=52

Ping statistics for 216.58.199.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 30ms, Average = 30ms
Server:  my.router
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   2001:4998:44:204::a7
   98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=235ms TTL=42
Reply from 98.139.183.24: bytes=32 time=239ms TTL=42

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 235ms, Maximum = 239ms, Average = 237ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...e0 ca 94 0f b3 65 ......Microsoft Virtual WiFi Miniport Adapter
 12...00 26 6c cb bc 7e ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 11...e0 ca 94 0f b3 65 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.250     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.250    281
    192.168.1.250  255.255.255.255         On-link     192.168.1.250    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.250    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.250    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.250    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::d864:7bfb:55c3:88e0/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/10/2016 06:45:21 AM) (Source: Application Hang) (User: )
Description: The program esetonlinescanner_enu.exe version 2.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ac

Start Time: 01d1c20af02803b0

Termination Time: 47

Application Path: C:\Users\Robyn\Desktop\esetonlinescanner_enu.exe

Report Id:

Error: (06/01/2016 11:51:18 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/21/2016 09:13:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18315, time stamp: 0x571ae616
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xd8680c6a
Faulting process id: 0x1710
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/20/2016 09:58:14 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/20/2016 09:48:06 AM) (Source: ESENT) (User: )
Description: taskhost (1668) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Robyn\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (05/19/2016 11:23:46 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/19/2016 07:34:46 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/12/2016 09:29:58 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18283 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6c0

Start Time: 01d1abd86be16608

Termination Time: 90

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/11/2016 03:24:08 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/05/2016 09:35:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xd8680c6a
Faulting process id: 0xaa4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (06/10/2016 06:47:01 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 06:47:01 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Robyn\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/10/2016 06:47:00 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 06:47:00 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Robyn\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/10/2016 06:47:00 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 06:47:00 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Robyn\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/10/2016 06:47:00 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 06:47:00 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Robyn\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/10/2016 06:46:59 AM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/10/2016 06:46:59 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Robyn\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:
=========================
Error: (06/10/2016 06:45:21 AM) (Source: Application Hang)(User: )
Description: esetonlinescanner_enu.exe2.0.8.0ac01d1c20af02803b047C:\Users\Robyn\Desktop\esetonlinescanner_enu.exe

Error: (06/01/2016 11:51:18 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (05/21/2016 09:13:05 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.18315571ae616unknown0.0.0.000000000c0000005d8680c6a171001d1b2ed1f1a23b5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown67ce77fa-1ee0-11e6-ac46-00266ccbbc7e

Error: (05/20/2016 09:58:14 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/20/2016 09:48:06 AM) (Source: ESENT)(User: )
Description: taskhost1668WebCacheLocal: C:\Users\Robyn\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (05/19/2016 11:23:46 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (05/19/2016 07:34:46 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/12/2016 09:29:58 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.182836c001d1abd86be1660890C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (05/11/2016 03:24:08 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/05/2016 09:35:10 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1828356fc59cbunknown0.0.0.000000000c0000005d8680c6aaa401d1a65d6f89d808C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownd6d9e50e-1250-11e6-85f4-00266ccbbc7e

CodeIntegrity Errors:
===================================
  Date: 2015-07-21 09:49:28.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 09:49:28.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 09:47:28.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-21 09:47:28.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-03 07:51:05.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-03 07:51:05.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-03 07:51:05.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-28 08:49:21.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-28 08:49:21.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-28 08:49:21.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\{07953AD5-7789-494F-8460-C3C5433FD5DA}) (Version: 15.0.6201 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{BDE623DE-FF03-4D60-9C42-3D34990C9F8C}) (Version: 15.0.4598 - AVG Technologies) Hidden
AVG CloudCare (HKLM-x32\...\AVG CloudCare) (Version: 3.4.1 - AVG Technologies)
Bejeweled 2 Deluxe (HKLM-x32\...\WT088682) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT088703) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT088696) (Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.53 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
FATE (HKLM-x32\...\WT088739) (Version: 2.2.0.95 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jewel Quest - Heritage (HKLM-x32\...\WT088750) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Plants vs. Zombies (HKLM-x32\...\WT088702) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WT088759) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.0.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT088760) (Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wheel of Fortune 2 (HKLM-x32\...\WT088761) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.8.7 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.911 - Zemana Ltd.)
Zuma's Revenge (HKLM-x32\...\WT088710) (Version: 2.2.0.95 - WildTangent) Hidden

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 4043.86 MB
Available physical RAM: 2033.82 MB
Total Virtual: 8085.9 MB
Available Virtual: 6201.4 MB

========================= Partitions: =====================================

1 Drive c: (S3A8973D004) (Fixed) (Total:287.36 GB) (Free:212.6 GB) NTFS

========================= Users: ========================================

User accounts for \\ROBYN-PC

Administrator            Guest                    Robyn                   

**** End of log ****

 

Security Check Scan

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 10.06.2016 09:30:13
Path starting: C:\Users\Robyn\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Robyn
VersionXML: 3.04is-08.06.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 19.09.2011 23:49:09
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
SystemDrive: C: FS: [NTFS] Capacity: [287.4 Gb] Used: [74.8 Gb] Free: [212.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18314
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2016-05-27 00:15:46
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Account guest is enabled. Not require a password.
---------------------------- [ Antivirus_WMI ] ----------------------------
AVG CloudCare AntiVirus 2015 (disabled and out of date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
AVG CloudCare AntiVirus 2015 (disabled and out of date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.20.911
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.41212.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.0 v.7.0.102 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 91 v.8.0.910.14 Warning! Download Update
Uninstall old version and install new one.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 21 ActiveX v.21.0.0.242
Adobe Flash Player 21 NPAPI v.21.0.0.242
Adobe Shockwave Player 11.5 v.11.5.9.620 Warning! Download Update
Adobe Acrobat Reader DC v.15.016.20045
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Internet Explorer\iexplore.exe v.11.0.9600.18315
C:\Program Files (x86)\Internet Explorer\iexplore.exe v.11.0.9600.18315
------------------ [ AntivirusFirewallProcessServices ] -------------------
AVGIDSAgent (AVGIDSAgent) - The service has stopped
AVG WatchDog (avgwd) - The service is running
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe v.15.0.0.6201
C:\Program Files (x86)\AVG\AVG2015\avgui.exe v.15.0.0.6201
MBAMScheduler (MBAMScheduler) - The service has stopped
MBAMService (MBAMService) - The service has stopped
Windows Defender (WinDefend) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
FATE v.2.2.0.95 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by Xplode). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------


Edited by Accordia, 09 June 2016 - 06:46 PM.


#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 09 June 2016 - 09:03 PM

I would remove these from the machine with D-Uninstaller.

 

 

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.0.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
 



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 09 June 2016 - 09:10 PM

Run chkdsk /f /r from elevated command prompt.

 

 



#11 Accordia

Accordia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 10 June 2016 - 06:28 AM

Hope I did that dUninstaller correctly, I just ticked off all instances of the programs you listed from the first tab (installed apps[not in defs]) of dUninstaller and uninstalled?

chkdsk report volume is clean



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 10 June 2016 - 01:38 PM

Any issues to speak of??



#13 Accordia

Accordia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 10 June 2016 - 03:43 PM

Hard to say just yet, remember from my 1st post this only seemed to be an issue at the customers house. I will run it back over there today, reset her router just in case and ask her to update me after 24 hrs. Thanks for the help I'll get back to you

 

Edit: shall I uninstall/delete some of the tools used so far?


Edited by Accordia, 10 June 2016 - 03:44 PM.


#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 10 June 2016 - 04:09 PM

I suggest the following in place of adblock.

Alternate DNS Server. Ad Blocking DNS.

Ublock Origin.

Anti Ad Block Killer.

 

Also, keep your browsing private with these tools:

 

Self Destructing Cookies.

Self Destructing Cookies Chrome.

 

 

Some items to keep you safe on the internet.

 

VooDoo Shield. control of what is running on your machine

Qualys BrowserCheck To update plugins.

Web Of Trust  To Avoid  Shady Websites.

Unchecky To Avoid Bundled Software.

Privazer To Clean up your mahcine.

 

 

 

 

Now Lets Clean up the tools we used and remove old restore points.

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 AM

Posted 10 June 2016 - 04:13 PM

Just as a side note.... AVG is fairly terrible, I would suggest to your customer an AV change. :) 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users